Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with my Dell Latitude e6540 Process hijack?


  • Please log in to reply

#1
67mopar

67mopar

    Member

  • Member
  • PipPipPip
  • 199 posts

So i am fine in safe mode,  but in regular mode its so bogged down, It was running great after a recent overhaul with Zep, I dont really download anything, my AV is up to date, so Im not really sure how this got bugged, I dont even go to many web sites other than Outlook mail, and Craigslist ebay and Facebook, and Im very selective of any links I open, should i be looking for another AV besides avast and are all my setiing correct?   anyway here is the frst Log  and the addition log,  thanks for the help.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
Ran by dean (administrator) on DEAN-LP07 (22-11-2016 20:21:03)
Running from C:\Users\dean\Desktop
Loaded Profiles: dean (Available Profiles: admin & dean & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-02-08] (Intel® Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [115968 2013-07-23] (Waves Audio Ltd.)
HKLM\...\Run: [iTunesHelper] => "C:\Program Files\iTunes\iTunesHelper.exe"
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-09-05] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-26] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3212AFFC-AC31-48CE-975D-C8AC7008FE22}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> URL hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\PlusIEContextMenu.dll [2012-07-19] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {C7DA0384-42AA-428c-B832-88AC343DE1A8} -> C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-16] (Oracle Corporation)
Toolbar: HKLM-x32 - Nuance PDF - {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\PDF Professional 8\Bin\GZeonIEFavClient.dll [2012-07-27] (Zeon Corporation)

FireFox:
========
FF DefaultProfile: araz5wr1.default
FF ProfilePath: C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default [2016-11-22]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\araz5wr1.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\araz5wr1.default -> hxxp://www.google.com/
FF Extension: (ADB Helper) - C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default\Extensions\[email protected] [2016-11-04]
FF Extension: (Valence) - C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default\Extensions\[email protected] [2016-05-27]
FF Extension: (Adblock Plus) - C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28]
FF Extension: (BetterPrivacy) - C:\Users\dean\AppData\Roaming\Mozilla\Firefox\Profiles\araz5wr1.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-11-03]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-13] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 8\bin\nppdf.dll [2012-07-31] (Zeon Corporation)

Chrome:
=======
CHR Profile: C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default [2016-11-15]
CHR Extension: (Google Slides) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-12]
CHR Extension: (Google Docs) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-12]
CHR Extension: (Google Drive) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-12]
CHR Extension: (YouTube) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-12]
CHR Extension: (Avast SafePrice) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-12]
CHR Extension: (Google Sheets) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-12]
CHR Extension: (Google Docs Offline) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-13]
CHR Extension: (Avast Online Security) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-12]
CHR Extension: (Gmail) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-12]
CHR Extension: (Chrome Media Router) - C:\Users\dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-12]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-26] (AVAST Software)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
S2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 8\PDFProFiltSrv.exe [135056 2012-09-10] (Nuance Communications, Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254232 2016-11-15] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-30] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
S4 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{4B92F172-D79F-4E4A-8F94-4079344BA589}
S4 Intel® PROSet Monitoring Service; no ImagePath

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-26] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-26] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-26] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-26] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
S3 CVPNDRVA; C:\Windows\System32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 DVDHelp; C:\Windows\System32\drivers\DVDHelp.sys [28696 2014-12-29] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-25] (Intel Corporation)
S3 GSVDRIVE; C:\Windows\System32\DRIVERS\GSVDRIVE.sys [28568 2014-12-29] (GiliSoft International LLC.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-28] (Intel Corporation)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-05] (STMicroelectronics)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-11-22] ()
S3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [48024 2013-01-28] (Windows ® Win 7 DDK provider)
S3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [194456 2013-01-28] (Windows ® Win 7 DDK provider)
S1 ZAM; no ImagePath
S1 ZAM_Guard; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-22 20:11 - 2016-11-22 20:21 - 00000000 ____D C:\FRST
2016-11-22 20:11 - 2016-11-22 20:21 - 00000000 _____ C:\Users\dean\Desktop\FRST.txt
2016-11-22 20:08 - 2016-11-22 20:08 - 02412544 _____ (Farbar) C:\Users\dean\Desktop\FRST64.exe
2016-11-22 17:11 - 2016-11-22 17:13 - 00000000 ____D C:\AdwCleaner
2016-11-22 17:10 - 2016-11-22 17:10 - 03910208 _____ C:\Users\dean\Desktop\AdwCleaner.exe
2016-11-22 16:21 - 2016-11-22 16:21 - 00000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-22 16:20 - 2016-11-22 16:20 - 34158856 _____ (Adlice Software ) C:\Users\dean\Desktop\setup(1).exe
2016-11-22 15:31 - 2016-11-22 15:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\dean\Desktop\HijackThis.exe
2016-11-22 04:00 - 2016-11-22 04:00 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-11-21 19:55 - 2016-11-21 19:56 - 00001648 _____ C:\DelFix.txt
2016-11-20 12:27 - 2016-11-20 12:30 - 00000000 ____D C:\Users\dean\Desktop\ammo
2016-11-20 10:12 - 2016-11-20 10:12 - 00264176 _____ C:\Users\dean\Desktop\2016 Fantasy Football Rankings & Projections - Free Fantasy Football - ESPN.html
2016-11-20 10:12 - 2016-11-20 10:12 - 00000000 ____D C:\Users\dean\Desktop\2016 Fantasy Football Rankings & Projections - Free Fantasy Football - ESPN_files
2016-11-19 15:33 - 2016-11-22 03:30 - 00000000 ____D C:\Users\dean\AppData\Local\CrashDumps
2016-11-19 07:06 - 2016-11-19 07:39 - 00000000 ____D C:\Users\dean\Desktop\New Folder (4)
2016-11-18 16:23 - 2016-11-18 16:24 - 00000000 ____D C:\Users\dean\Desktop\stylo2
2016-11-17 19:37 - 2016-11-17 19:37 - 00000000 ____D C:\Users\dean\Desktop\backups
2016-11-16 09:33 - 2016-11-22 20:05 - 00000000 ____D C:\Users\dean\AppData\LocalLow\Mozilla
2016-11-15 20:41 - 2016-11-22 04:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-15 18:40 - 2016-11-15 18:51 - 00009721 _____ C:\Users\dean\Desktop\Hardware Interrupts and DPCs.txt
2016-11-15 18:38 - 2016-11-15 18:38 - 00000000 ____D C:\Users\dean\Documents\ProcessExplorer
2016-11-15 17:07 - 2016-11-15 17:07 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2016-11-15 17:07 - 2016-11-15 17:07 - 00000000 ___HD C:\ProgramData\CanonEPP
2016-11-15 16:34 - 2016-11-15 16:53 - 00003722 _____ C:\runcheck.txt
2016-11-14 20:33 - 2016-11-15 08:31 - 00000000 ____D C:\AVG_Remover
2016-11-14 17:37 - 2016-11-14 17:37 - 00000000 ____D C:\Users\dean\Desktop\GTG
2016-11-13 14:52 - 2016-11-13 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-13 14:51 - 2016-11-22 15:29 - 00030068 _____ C:\Windows\ZAM.krnl.trace
2016-11-13 14:51 - 2016-11-22 15:29 - 00003247 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-13 14:51 - 2016-11-13 17:17 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-13 14:51 - 2016-11-13 14:52 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-11-13 14:51 - 2016-11-13 14:52 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-11-13 14:51 - 2016-11-13 14:52 - 00001078 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-11-13 14:50 - 2016-11-13 14:50 - 05603048 _____ ( ) C:\Users\dean\Desktop\Zemana.AntiMalware.Setup.exe
2016-11-13 14:50 - 2016-11-13 14:50 - 00000000 ____D C:\Users\dean\AppData\Local\Zemana
2016-11-13 11:34 - 2016-11-22 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-13 11:33 - 2016-11-22 16:21 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-13 11:23 - 2016-11-13 11:25 - 34114800 _____ (Adlice Software ) C:\Users\dean\Desktop\setup.exe
2016-11-13 10:36 - 2013-05-23 18:37 - 00000094 ____H C:\DBAR_Ver.txt
2016-11-13 10:18 - 2016-11-22 20:03 - 00713536 _____ C:\Windows\ntbtlog.txt
2016-11-12 20:54 - 2016-11-12 20:54 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-12 20:53 - 2016-11-12 20:54 - 00000000 ____D C:\Program Files\CCleaner
2016-11-12 20:53 - 2016-11-12 20:53 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-12 20:53 - 2016-11-12 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-12 20:51 - 2016-11-12 20:57 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-09 07:16 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 07:16 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-09 07:16 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 07:16 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-09 07:16 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-09 07:16 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-09 07:16 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-09 07:16 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-09 07:16 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-09 07:16 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-09 07:16 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 07:16 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-09 07:16 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-09 07:16 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 07:16 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-09 07:16 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-09 07:16 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-09 07:16 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 07:16 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-09 07:16 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 07:16 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-09 07:16 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-09 07:16 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-09 07:16 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 07:16 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-09 07:16 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-09 07:16 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-09 07:16 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 07:16 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 07:16 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-09 07:16 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 07:16 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 07:16 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-09 07:16 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-09 07:16 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 07:16 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 07:16 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-09 07:16 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 07:16 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 07:16 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 07:16 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 07:16 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-09 07:16 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 07:16 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 07:16 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 07:16 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 07:16 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-09 07:16 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 07:16 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-09 07:16 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-09 07:16 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-09 07:16 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-09 07:16 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-09 07:16 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-09 07:16 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-09 07:16 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-09 07:16 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-09 07:16 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-09 07:16 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-09 07:16 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-09 07:16 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-09 07:16 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-09 07:16 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-09 07:16 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-09 07:16 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-09 07:16 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-09 07:16 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-09 07:16 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-09 07:16 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-09 07:16 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-09 07:16 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-09 07:16 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-09 07:16 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-09 07:16 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-09 07:16 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-09 07:16 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-09 07:16 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-09 07:16 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 07:16 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-09 07:16 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-09 07:16 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-09 07:16 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-09 07:16 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-09 07:16 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 07:16 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-09 07:16 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-09 07:16 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 07:16 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-09 07:16 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-09 07:16 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-09 07:16 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-09 07:16 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-09 07:16 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-09 07:16 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-09 07:16 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-09 07:16 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-09 07:16 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-09 07:16 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-09 07:16 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-09 07:16 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-09 07:16 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-09 07:16 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-09 07:16 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-09 07:16 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-09 07:16 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-09 07:16 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-09 07:16 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-09 07:16 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 07:16 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-09 07:16 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-09 07:16 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-09 07:16 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-09 07:16 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-09 07:16 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-09 07:16 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-09 07:16 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-09 07:16 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-09 07:16 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-09 07:16 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-09 07:16 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-09 07:16 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-09 07:16 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-09 07:16 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-09 07:16 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-09 07:16 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-09 07:16 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-09 07:16 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-09 07:16 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-09 07:16 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 07:16 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-09 07:16 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 07:16 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-09 07:16 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-09 07:16 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-09 07:16 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-09 07:16 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-09 07:16 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-09 07:16 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-09 07:16 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 07:16 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-09 07:16 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 07:16 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-09 07:16 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-09 07:16 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-09 07:16 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-09 07:16 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-09 07:16 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-06 19:36 - 2016-11-06 19:36 - 00208748 _____ C:\Users\dean\Desktop\The+Control+and+Keeping+of+Animals+Regulation+2007-01.pdf
2016-11-04 17:30 - 2016-11-05 10:02 - 00000000 ____D C:\Users\dean\Desktop\stylo picd
2016-10-31 05:58 - 2016-10-31 05:59 - 00000000 ____D C:\Users\dean\Desktop\Jobs File pics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-22 20:07 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-22 20:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-22 20:02 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-22 19:27 - 2014-07-02 09:01 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-128144278-2142202361-184960113-7823.job
2016-11-22 19:14 - 2014-03-30 15:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-22 17:24 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-22 17:24 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-22 17:23 - 2014-03-30 16:02 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-11-22 17:16 - 2014-03-30 15:55 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2016-11-22 16:21 - 2016-03-26 18:49 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-22 15:26 - 2014-08-28 23:09 - 00000000 ____D C:\Users\dean
2016-11-22 12:26 - 2016-03-16 14:02 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-22 04:02 - 2014-06-17 15:44 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-21 19:57 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-11-17 19:39 - 2015-04-16 16:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-15 14:33 - 2015-11-21 17:54 - 00000000 ____D C:\ProgramData\Unchecky
2016-11-15 08:30 - 2015-08-04 14:49 - 00000000 ____D C:\Users\dean\AppData\Local\Avg
2016-11-15 08:12 - 2014-06-04 11:33 - 00000000 ____D C:\Users\mras\AppData\LocalLow\Temp
2016-11-13 17:30 - 2015-04-16 17:35 - 00000000 ____D C:\Windows\pss
2016-11-13 17:16 - 2015-12-15 17:26 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-11-13 12:15 - 2014-03-30 15:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-13 12:14 - 2014-03-30 15:39 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-13 12:14 - 2014-03-30 15:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-13 12:14 - 2014-03-30 15:39 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-13 12:14 - 2014-03-30 15:39 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-13 08:22 - 2014-08-28 23:10 - 00000000 ____D C:\Users\dean\AppData\Local\Google
2016-11-13 08:03 - 2015-04-16 15:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-12 19:45 - 2015-07-10 10:36 - 00000000 ____D C:\Users\dean\AppData\Roaming\Apple Computer
2016-11-10 09:04 - 2016-03-28 19:11 - 00000000 ____D C:\Users\dean\AppData\Roaming\Verizon
2016-11-10 04:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-11-10 03:28 - 2009-07-13 23:45 - 00432328 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-10 03:10 - 2014-05-16 12:50 - 00000000 ____D C:\Windows\system32\MRT
2016-11-10 03:04 - 2014-05-16 12:50 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-30 17:41 - 2015-02-20 13:27 - 00000000 ____D C:\Users\dean\Desktop\Alexis
2016-10-28 14:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-04-16 15:01 - 2015-04-16 15:02 - 0000093 _____ () C:\Users\dean\AppData\Roaming\ARCompanion.log
2015-01-21 13:12 - 2015-04-16 01:12 - 0000063 _____ () C:\Users\dean\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
C:\Users\dean\AppData\Local\Temp\dllnt_dump.dll
C:\Users\dean\AppData\Local\Temp\libeay32.dll
C:\Users\dean\AppData\Local\Temp\msvcr120.dll
C:\Users\dean\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-11 20:04] - [2016-08-29 10:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA

C:\Windows\SysWOW64\explorer.exe
[2016-10-11 20:04] - [2016-08-29 09:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll
[2016-09-13 20:21] - [2016-08-16 12:36] - 1009152 ____A (Microsoft Corporation) 8F4B991E7837E8E0F90C856659456652

C:\Windows\SysWOW64\User32.dll
[2016-09-13 20:21] - [2016-08-15 21:48] - 0833024 ____A (Microsoft Corporation) 0FBC0E335B65EE5A0175631237817510

C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2016-11-06 07:01

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by dean (22-11-2016 20:33:31)
Running from C:\Users\dean\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-05-16 17:27:53)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-3339490808-3639073983-2094825787-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3339490808-3639073983-2094825787-500 - Administrator - Disabled)
dean (S-1-5-21-3339490808-3639073983-2094825787-1002 - Administrator - Enabled) => C:\Users\dean
Guest (S-1-5-21-3339490808-3639073983-2094825787-501 - Limited - Disabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
AML Free Registry Cleaner 4.25 (HKLM-x32\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version:  - AML SOFT, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audio Editor And Recorder Packages (HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\Audio Editor And Recorder Packages) (Version:  - ) <==== ATTENTION
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )
Canon MG3100 series On-screen Manual (HKLM-x32\...\Canon MG3100 series On-screen Manual) (Version:  - )
Canon MG3100 series User Registration (HKLM-x32\...\Canon MG3100 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
ClassicGamesRemade (HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\ClassicGamesRemade) (Version:  - )
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Custom Help (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.1.0 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
idoo DVD Ripper 6.1.0 (HKLM-x32\...\{DC858DB6-0659-165E-CF69-C6B78992F341}}_is1) (Version: 6.1.0 - idoo International LLC.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.5.52.1 (HKLM\...\PROSetDX) (Version: 18.5.52.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3204 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® WiDi (HKLM\...\{62E7C369-64FF-452C-8F46-6BE9B77FF097}) (Version: 4.0.18.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{fae8de85-97ab-4053-a8bb-03bfc86ac533}) (Version: 15.6.1 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Standard 2010 (HKLM-x32\...\Office14.PRJSTDR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mimecast Services for Outlook 32-bit (HKLM-x32\...\{44C3BE40-6688-40F1-9C6F-1550D5E5868C}) (Version: 5.0.853.8820 - Mimecast Ltd)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
Nuance PDF Converter Enterprise 8 (HKLM\...\{E5F6DE36-F554-47E9-B6F6-08788C720F55}) (Version: 8.10.6243 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 8 (HKLM-x32\...\{E5F6DE36-F554-47E9-B6F6-08788C720F55}) (Version: 8.10.6243 - Nuance Communications, Inc.)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{C8B104BE-C895-4976-8295-0B190B53A8B6}) (Version: 3.0.08.18 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.08.18 - O2Micro International LTD.) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
RogueKiller version 12.8.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.2.0 - Adlice Software)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTDR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
Unchecky v1.0.1 (HKLM-x32\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.60.1 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3C66BAE9-BA2E-4D07-9C63-84458A7A43C8} - System32\Tasks\SafeZone scheduled Autoupdate 1459037733 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {418B8689-A491-4CBE-8CB4-B39170B39440} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-26] (AVAST Software)
Task: {4F600FAF-764A-4406-911A-7DCEFBEC9277} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {58397141-DEF4-4A29-99CE-0409EAA6CC05} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {74059F74-38B4-4061-9D05-E100C46A7845} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {9A95B8F3-1550-4F9F-B538-8638721CAC8B} - System32\Tasks\G2MUpdateTask-S-1-5-21-128144278-2142202361-184960113-7823 => C:\Users\mras\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe [2014-07-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {9F2B9428-9007-4A80-98AB-F6FB8E6FCD56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-13] (Adobe Systems Incorporated)
Task: {C2F2775A-22C5-4651-A5F5-0535394AE967} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {C40A7DF2-114D-4B85-A647-05455F0BD956} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {C5943925-DB22-44ED-8D20-4C5B03DC93C6} - System32\Tasks\{F8DD7030-1661-4DFB-A8C6-B9ED1342B2C7} => pcalua.exe -a "C:\Downloads\Crystal reports v9\setup.exe" -d "C:\Downloads\Crystal reports v9"
Task: {E3FEF0D1-7614-4E84-B61B-5E6BDD1CB80A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {F5725E3E-10D3-48FD-9323-3CFF2BB70EC6} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3339490808-3639073983-2094825787-1002

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-128144278-2142202361-184960113-7823.job => C:\Users\mras\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\...\1-se.com -> 1-se.com

There are 10818 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-11-22 17:14 - 00001235 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3339490808-3639073983-2094825787-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\dean\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: iPod Service => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

==================== Restore Points =========================

21-11-2016 19:56:12 End of disinfection
22-11-2016 03:58:35 Removed Apple Software Update
22-11-2016 04:00:44 Removed Google Earth Pro

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2016 04:15:19 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (11/22/2016 04:07:27 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (11/22/2016 12:04:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2016 12:04:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2016 04:26:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2016 04:26:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2016 04:00:23 AM) (Source: MsiInstaller) (EventID: 11721) (User: DEAN-LP07)
Description: Product: Apple Software Update -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: SoftwareUpdate_UnregServer, location: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe, command: /UnregServer

Error: (11/22/2016 03:44:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2016 03:44:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/22/2016 03:30:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.0.0.6152, time stamp: 0x581d7ed2
Faulting module name: mozglue.dll, version: 50.0.0.6152, time stamp: 0x581d788d
Exception code: 0x80000003
Fault offset: 0x0000ed40
Faulting process id: 0xee0
Faulting application start time: 0x01d2442333b68501
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: edfbf195-b08d-11e6-a267-ecf4bb1d91fe


System errors:
=============
Error: (11/22/2016 08:03:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/22/2016 08:03:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/22/2016 08:03:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/22/2016 08:03:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/22/2016 08:03:48 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/22/2016 08:03:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/22/2016 08:03:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/22/2016 08:03:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 21

Error: (11/22/2016 08:03:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswVmm
discache
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (11/22/2016 05:13:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4300M CPU @ 2.60GHz
Percentage of memory in use: 26%
Total physical RAM: 4001.47 MB
Available physical RAM: 2947.23 MB
Total Virtual: 8001.13 MB
Available Virtual: 7009 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:282.87 GB) (Free:172.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 313B336C)
Partition 1: (Not Active) - (Size=40 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

Download and Save the Attached file.

Attached File  spdlr.zip   448bytes   35 downloads

 

 Right click on it an Extract all.  That should give you a spdlr.reg file.  Right click on it and then MERGE.  

 

Open an Elevated Command Prompt:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator

 

Now type:

 

sc start spldr

 

hit Enter.  Do you get an error?  What does it say?  

 

If not error or the error is just that it is already running 

 

then try regular mode again.  Does it work now?

Attached Files


  • 0

#3
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

the file is saved, it opens in my folder, I run it  it tells me the data has been saved in my registry, if I right click it only gives me a dropdown with open copy properties , nothing left or right click give me anything you were looking for in the previous post, im sure im doing something wrong


  • 0

#4
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

command prompt.JPG


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

If you right clicked on it and were able to extract all you should get a folder called spdlr and inside is the file spdlr.reg.  If you right click on spdlr.reg it should give you option to Merge.  Once you do that and bypass the warning it will tell you that the valuses have been added to the registry.  That's all it is supposed to do.  

 

Now open an elevated command prompt:

 

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator  (prompt will be c:\windows\system32>  )
 
Now type:
 
sc  start  SPLDR

and hit Enter.

 

Ideally it should say:

 


C:\Windows\system32>sc  start  SPLDR
[SC] StartService FAILED 1056:
 
An instance of the service is already running.
 
 
C:\Windows\system32>
 

 

 

If you see that then it worked and you should be able to boot into regular mode.


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

There was a typo in the first post.  It should be spldr not spdlr


  • 0

#7
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

same message as screen shot


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

Make sure you have a SPACE berfore and after start


  • 0

#9
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

i do  the specified service does not exist as an installed service


Edited by 67mopar, 23 November 2016 - 09:47 AM.

  • 0

#10
67mopar

67mopar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 199 posts

this is the second time in a month ive had problems,  each time it leads back to my verizon router, its a few yrs old and time to trade it in, I did a optimization at the fios site, and It seems much better, Id like to get my own router, any suggestions?  If the logs I posted dont show anything I think we are good, but I will await your advice ,  thank You again


  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

Your logs show a problem with spdlr.  That's why we were trying to run 

sc start spdlr

The file I had you download should have fixed the registry entry but it appears that it didn't.  If it suddenly started working it may have reverted to a last known good configuration.

 

I don't know much about FIOS modems.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP