Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

extremely slow computer [Solved]

Started by bbj , Aug 09 2015 01:49 PM

This topic is locked

#1
bbj

Posted 09 August 2015 - 01:49 PM

Member

Member
64 posts

My friends are having trouble with a slow computer. Currently Avast is installed but I'm going to switch it over to BitDefender Free after the cleanup.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by the Hoff (administrator) on THEHOFF-PC (09-08-2015 12:38:07)
Running from C:\Users\the Hoff\Desktop
Loaded Profiles: the Hoff (Available Profiles: the Hoff)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Stardock Corporation) C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe
(Actual Tools) C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Actual Tools) C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
(AVAST Software) C:\Program Files\[]TOOLS[]\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Actual Tools) C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\[]TOOLS[]\Avast\AvastUI.exe [6109776 2015-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [CursorFX] => C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe [417280 2010-03-23] (Stardock Corporation)
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Actual Multiple Monitors] => C:\Program Files (x86)\[]TOOLS[]\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [1782576 2013-09-19] (Actual Tools)
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5404296 2015-03-13] (Plex, Inc.)
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Run: [Dropbox Update] => C:\Users\the Hoff\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
Startup: C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\[]TOOLS[]\Avast\ashShA64.dll [2015-07-31] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://nmd.msn.com
HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
SearchScopes: HKLM -> {5807584B-75B6-465D-88B0-3C4AC684276C} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {B01640CD-4AE7-4121-9097-F4E61054E570} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3472861432-3466800176-631802751-1001 -> {B01640CD-4AE7-4121-9097-F4E61054E570} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE64.dll [2015-07-31] (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\[]TOOLS[]\Avast\aswWebRepIE.dll [2015-07-31] (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B0B045C6-0DBA-4926-8B56-159FF565315A}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: chrome://fastdial/content/fastdial.html
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\npPDFXCviewNPPlugin.dll [2011-02-15] (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\Win32\npPDFXCviewNPPlugin.dll [2011-02-15] (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.7 -> C:\Program Files (x86)\[]TOOLS[]\VLC\npvlc.dll [2011-01-30] (the VideoLAN Team)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3472861432-3466800176-631802751-1001: @citrixonline.com/appdetectorplugin -> C:\Users\the Hoff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-3472861432-3466800176-631802751-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\searchplugins\imdb.xml [2015-01-31]
FF SearchPlugin: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\searchplugins\mycroft-project.xml [2013-09-26]
FF SearchPlugin: C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\searchplugins\youtube.xml [2014-12-12]
FF Extension: Fast Dial - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2015-05-29]
FF Extension: LastPass - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2015-07-17]
FF Extension: Flashblock - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-05-29]
FF Extension: FEBE - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-05-29]
FF Extension: Aquatint Slate - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{526fd696-27a0-11dc-8314-0800200c9a66} [2011-03-03]
FF Extension: Aquatint Black - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} [2011-03-03]
FF Extension: Noia 2.0 (eXtreme) - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2011-03-09]
FF Extension: Gradient iBlu - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{bf70ba50-e70d-11dd-ba2f-0800200c9a66} [2011-03-03]
FF Extension: Gradient iCool - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2011-03-03]
FF Extension: YouTube Video and Audio Downloader - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2015-01-21]
FF Extension: Gmail Manager NG - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2015-04-20]
FF Extension: Webmail Ad Blocker - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2011-06-26]
FF Extension: Google Image Help - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2015-01-21]
FF Extension: Weather Forecast - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2015-01-21]
FF Extension: Menu Icons Plus - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2015-01-21]
FF Extension: Restartless Restart - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2013-09-19]
FF Extension: Download Manager (S3) - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2015-01-21]
FF Extension: Super Drag - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2015-01-21]
FF Extension: Thumbnail Zoom Plus - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2013-09-19]
FF Extension: Undo Closed Tabs Button - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected] [2011-06-26]
FF Extension: Session Manager - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-03]
FF Extension: Image Zoom - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-04-15]
FF Extension: Nuke Anything Enhanced - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2014-10-19]
FF Extension: Integrated Inbox for Gmail & Google Apps - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi [2011-06-26]
FF Extension: Unhide Passwords - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2012-06-07]
FF Extension: Text Link - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2012-12-29]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-05-24]
FF Extension: Google Image Search - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2015-01-21]
FF Extension: Video DownloadHelper - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-16]
FF Extension: Show my Password - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2015-04-20]
FF Extension: Adblock Plus - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-01]
FF Extension: MileWideBack - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{dc0fa13c-3dae-73eb-e852-912722c852f9}.xpi [2011-10-16]
FF Extension: DownThemAll! - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2011-06-26]
FF Extension: Greasemonkey - C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\[]TOOLS[]\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\[]TOOLS[]\Avast\WebRep\FF [2011-03-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-12]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\[]TOOLS[]\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\[]TOOLS[]\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-26]
CHR Extension: (Avast Online Security) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\the Hoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THEHOF~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-10]
CHR HKU\S-1-5-21-3472861432-3466800176-631802751-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\[]TOOLS[]\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\[]TOOLS[]\Avast\AvastSvc.exe [146600 2015-07-31] (AVAST Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\[]TOOLS[]\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-31] (AVAST Software)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-09 12:38 - 2015-08-09 12:38 - 00030843 _____ C:\Users\the Hoff\Desktop\FRST.txt
2015-08-09 12:35 - 2015-08-09 12:38 - 00000000 ____D C:\FRST
2015-08-09 12:35 - 2015-08-09 12:35 - 00000000 ____D C:\Users\the Hoff\Desktop\FRST-OlderVersion
2015-08-09 12:32 - 2015-08-09 12:33 - 00000000 ____D C:\Users\the Hoff\Desktop\clutter2
2015-08-09 12:31 - 2015-08-09 12:35 - 02171392 _____ (Farbar) C:\Users\the Hoff\Desktop\FRST64.exe
2015-07-31 19:22 - 2015-07-31 19:22 - 00378880 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-07-31 19:22 - 2015-07-31 19:22 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-07-29 21:02 - 2015-07-29 21:02 - 00000000 ____D C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-28 19:12 - 2015-07-25 11:07 - 00017856 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-07-28 19:12 - 2015-07-25 11:04 - 00765440 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-07-28 19:12 - 2015-07-25 11:04 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-07-28 19:12 - 2015-07-25 11:03 - 01085440 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-07-28 19:12 - 2015-07-25 11:03 - 00433664 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-07-28 19:12 - 2015-07-25 11:03 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-07-28 19:12 - 2015-07-25 11:03 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-07-28 19:12 - 2015-07-25 10:55 - 01145856 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-07-23 10:36 - 2015-07-23 10:36 - 00001715 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-23 10:34 - 2015-07-23 10:36 - 00000000 ____D C:\Program Files\iTunes
2015-07-23 10:34 - 2015-07-23 10:34 - 00000000 ____D C:\Program Files\iPod
2015-07-22 20:51 - 2015-08-03 14:16 - 00000000 ____D C:\Users\the Hoff\Desktop\ringtone
2015-07-22 20:44 - 2015-08-03 21:21 - 00000000 ____D C:\Users\the Hoff\Desktop\NORWEX
2015-07-21 18:34 - 2015-07-21 18:34 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-20 22:48 - 2015-07-14 20:19 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-07-20 22:48 - 2015-07-14 20:19 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-07-20 22:48 - 2015-07-14 20:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-07-20 22:48 - 2015-07-14 20:19 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-07-20 22:48 - 2015-07-14 19:55 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-07-20 22:48 - 2015-07-14 19:55 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-07-20 22:48 - 2015-07-14 19:55 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-07-20 22:48 - 2015-07-14 19:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-07-20 22:48 - 2015-07-14 18:59 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-07-20 22:48 - 2015-07-14 18:52 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-07-14 14:59 - 2015-07-09 10:58 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-07-14 14:59 - 2015-07-09 10:58 - 02603008 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-07-14 14:59 - 2015-07-09 10:58 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-07-14 14:59 - 2015-07-09 10:58 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-07-14 14:59 - 2015-07-09 10:58 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-07-14 14:59 - 2015-07-09 10:58 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-07-14 14:59 - 2015-07-09 10:58 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-07-14 14:59 - 2015-07-09 10:58 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-07-14 14:59 - 2015-07-09 10:58 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-07-14 14:59 - 2015-07-09 10:58 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-07-14 14:59 - 2015-07-09 10:58 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-07-14 14:59 - 2015-07-09 10:43 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-07-14 14:59 - 2015-07-09 10:43 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-07-14 14:59 - 2015-07-09 10:43 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-07-14 14:59 - 2015-07-09 10:43 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-07-14 14:59 - 2015-07-09 10:42 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-07-14 14:59 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2015-07-14 14:59 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2015-07-14 14:58 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-07-14 14:58 - 2015-07-02 14:08 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-07-14 14:58 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-07-14 14:58 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-07-14 14:58 - 2015-07-02 13:46 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-07-14 14:58 - 2015-07-02 13:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-07-14 14:58 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-07-14 14:58 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-07-14 14:58 - 2015-07-02 13:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-07-14 14:58 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-07-14 14:58 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-07-14 14:58 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-07-14 14:58 - 2015-06-26 19:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-07-14 14:58 - 2015-06-26 19:43 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-07-14 14:58 - 2015-06-26 18:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-07-14 14:58 - 2015-06-26 18:39 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-07-14 14:58 - 2015-06-25 01:57 - 03207168 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-07-14 14:58 - 2015-06-17 10:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-07-14 14:58 - 2015-06-17 10:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-07-14 14:58 - 2015-06-09 11:03 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-07-14 14:58 - 2015-06-09 11:03 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-14 14:55 - 2015-06-25 11:09 - 00389832 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-07-14 14:55 - 2015-06-25 10:43 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-07-14 14:55 - 2015-06-20 13:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-07-14 14:55 - 2015-06-20 12:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-07-14 14:55 - 2015-06-20 12:49 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-07-14 14:55 - 2015-06-20 12:49 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-07-14 14:55 - 2015-06-20 12:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-07-14 14:55 - 2015-06-20 12:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-07-14 14:55 - 2015-06-20 12:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-07-14 14:55 - 2015-06-20 12:34 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-07-14 14:55 - 2015-06-20 12:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-07-14 14:55 - 2015-06-20 12:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-07-14 14:55 - 2015-06-20 12:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-07-14 14:55 - 2015-06-20 12:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-07-14 14:55 - 2015-06-20 12:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 14:55 - 2015-06-20 12:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-07-14 14:55 - 2015-06-20 12:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-07-14 14:55 - 2015-06-20 11:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-07-14 14:55 - 2015-06-20 11:48 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-07-14 14:55 - 2015-06-20 11:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-07-14 14:55 - 2015-06-20 11:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-07-14 14:55 - 2015-06-20 11:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-07-14 14:55 - 2015-06-20 11:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-07-14 14:55 - 2015-06-19 11:25 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-07-14 14:55 - 2015-06-19 11:25 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-07-14 14:55 - 2015-06-19 11:24 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-07-14 14:55 - 2015-06-19 11:24 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-07-14 14:55 - 2015-06-19 11:23 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-07-14 14:55 - 2015-06-19 11:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-07-14 14:55 - 2015-06-19 11:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-07-14 14:55 - 2015-06-19 11:13 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-07-14 14:55 - 2015-06-19 11:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-07-14 14:55 - 2015-06-19 11:03 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-07-14 14:55 - 2015-06-19 10:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 14:55 - 2015-06-19 10:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-07-14 14:55 - 2015-06-19 10:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-07-14 14:55 - 2015-06-19 10:51 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-07-14 14:55 - 2015-06-19 10:40 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-07-14 14:55 - 2015-06-19 10:40 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-07-14 14:55 - 2015-06-19 10:39 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-07-14 14:55 - 2015-06-19 10:15 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-07-14 14:55 - 2015-06-19 10:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-07-14 14:54 - 2015-06-20 12:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-07-14 14:54 - 2015-06-20 12:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-07-14 14:50 - 2015-07-04 11:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-07-14 14:50 - 2015-07-04 10:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-07-14 14:50 - 2015-07-01 13:56 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-07-14 14:50 - 2015-07-01 13:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-07-14 14:50 - 2015-07-01 13:49 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-07-14 14:50 - 2015-07-01 13:49 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-07-14 14:50 - 2015-07-01 13:49 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-07-14 14:50 - 2015-07-01 13:49 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-07-14 14:50 - 2015-07-01 13:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-07-14 14:50 - 2015-07-01 13:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-07-14 14:50 - 2015-07-01 13:49 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-07-14 14:50 - 2015-07-01 13:49 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-07-14 14:50 - 2015-07-01 13:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-07-14 14:50 - 2015-07-01 13:49 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-07-14 14:50 - 2015-07-01 13:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-07-14 14:50 - 2015-07-01 13:48 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-07-14 14:50 - 2015-07-01 13:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-07-14 14:50 - 2015-07-01 13:47 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-07-14 14:50 - 2015-07-01 13:47 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-07-14 14:50 - 2015-07-01 13:43 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-07-14 14:50 - 2015-07-01 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-07-14 14:50 - 2015-07-01 13:39 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-07-14 14:50 - 2015-07-01 13:30 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-07-14 14:50 - 2015-07-01 13:30 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-07-14 14:50 - 2015-07-01 13:30 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-07-14 14:50 - 2015-07-01 13:30 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-07-14 14:50 - 2015-07-01 13:30 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-07-14 14:50 - 2015-07-01 13:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-07-14 14:50 - 2015-07-01 13:30 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-07-14 14:50 - 2015-07-01 13:30 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-07-14 14:50 - 2015-07-01 13:30 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-07-14 14:50 - 2015-07-01 13:29 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-07-14 14:50 - 2015-07-01 13:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-07-14 14:50 - 2015-07-01 13:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-07-14 14:50 - 2015-07-01 13:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-07-14 14:50 - 2015-07-01 13:26 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-07-14 14:50 - 2015-07-01 13:24 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-07-14 14:50 - 2015-07-01 12:27 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-07-14 14:50 - 2015-07-01 12:26 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-07-14 14:50 - 2015-07-01 12:26 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-07-14 14:50 - 2015-06-15 14:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-07-14 14:50 - 2015-06-15 14:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-07-14 14:50 - 2015-06-15 14:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-07-14 14:50 - 2015-06-15 14:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-07-14 14:50 - 2015-06-15 14:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-07-14 14:50 - 2015-06-15 14:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-07-14 14:50 - 2015-06-15 14:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-07-14 14:50 - 2015-06-15 14:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-07-14 14:50 - 2015-06-15 14:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-07-14 14:50 - 2015-06-15 14:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-07-14 14:50 - 2015-06-15 14:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2015-07-14 14:50 - 2015-06-15 14:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2015-07-14 14:50 - 2015-04-27 12:23 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-07-14 14:50 - 2015-04-27 12:23 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-07-14 14:50 - 2015-04-27 12:23 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-07-14 14:50 - 2015-04-27 12:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-07-14 14:50 - 2015-04-27 12:05 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-07-14 14:50 - 2015-04-27 12:04 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-07-14 14:50 - 2015-04-27 12:04 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-07-14 14:50 - 2015-04-27 12:04 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-09 12:35 - 2009-07-13 21:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-09 12:35 - 2009-07-13 21:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-09 12:33 - 2011-06-30 21:11 - 00000000 ____D C:\Users\the Hoff\AppData\Local\Adobe
2015-08-09 12:33 - 2011-03-03 17:00 - 00000000 ____D C:\Users\the Hoff\AppData\Roaming\TeraCopy
2015-08-09 12:23 - 2013-10-01 13:45 - 01160963 _____ C:\windows\WindowsUpdate.log
2015-08-09 12:21 - 2011-03-04 11:14 - 00000000 ___RD C:\Users\the Hoff\Dropbox
2015-08-09 12:20 - 2012-05-13 17:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-09 12:20 - 2011-03-04 11:11 - 00000000 ____D C:\Users\the Hoff\AppData\Roaming\Dropbox
2015-08-09 12:20 - 2011-03-03 13:38 - 00000000 ____D C:\Program Files (x86)\[]TOOLS[]
2015-08-09 12:17 - 2013-02-06 21:37 - 00000000 ___RD C:\Users\the Hoff\Google Drive
2015-08-09 12:17 - 2012-02-20 15:35 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 12:15 - 2015-06-30 11:02 - 00020464 _____ C:\windows\setupact.log
2015-08-09 12:15 - 2015-03-01 23:20 - 00000248 _____ C:\windows\Tasks\AutoKMS.job
2015-08-09 12:15 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-09 12:14 - 2015-07-04 14:35 - 00084586 _____ C:\windows\PFRO.log
2015-08-08 23:15 - 2012-02-20 15:35 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-08 23:10 - 2015-02-01 00:02 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-08 22:49 - 2014-12-15 12:10 - 00000544 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001.job
2015-08-08 22:46 - 2015-06-16 20:35 - 00000930 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001UA.job
2015-08-08 22:20 - 2015-03-01 23:20 - 00000248 _____ C:\windows\Tasks\AutoKMSDaily.job
2015-08-08 21:35 - 2015-05-31 07:45 - 00000640 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-3472861432-3466800176-631802751-1001.job
2015-08-07 23:46 - 2015-06-16 20:35 - 00000878 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001Core.job
2015-08-05 09:28 - 2015-05-31 07:45 - 00003680 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-3472861432-3466800176-631802751-1001
2015-08-05 09:28 - 2014-12-15 12:10 - 00003584 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001
2015-08-04 16:49 - 2011-03-04 13:47 - 00000000 ____D C:\Users\the Hoff\AppData\Local\CrashDumps
2015-08-03 21:21 - 2014-08-24 12:34 - 00000000 ____D C:\Users\the Hoff\Desktop\Norwex stuff
2015-07-31 19:23 - 2012-07-05 06:19 - 00003914 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-07-31 19:22 - 2014-04-22 12:38 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-07-31 19:22 - 2013-12-25 21:06 - 00150672 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-07-31 19:22 - 2013-03-05 09:44 - 00274808 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-07-31 19:22 - 2013-03-05 09:44 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-07-31 19:22 - 2012-02-24 06:42 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-07-31 19:22 - 2011-03-03 15:29 - 01048856 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-07-31 19:22 - 2011-03-03 15:29 - 00447944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-07-31 19:22 - 2011-03-03 15:29 - 00090968 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-07-29 21:21 - 2009-07-13 22:13 - 00786578 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-29 03:00 - 2014-05-07 03:01 - 00000000 ___SD C:\windows\system32\CompatTel
2015-07-25 18:01 - 2015-04-04 22:45 - 00000000 ____D C:\Users\the Hoff\dwhelper
2015-07-25 17:28 - 2015-04-04 22:55 - 00000000 ___SD C:\windows\system32\GWX
2015-07-23 10:36 - 2013-09-10 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-23 10:34 - 2015-02-19 20:12 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-23 10:34 - 2014-09-16 18:57 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-23 10:34 - 2011-03-04 07:57 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-22 20:50 - 2015-05-24 10:37 - 00000000 ____D C:\Users\the Hoff\Desktop\Pictures off Mandy's Camera 5-24-15
2015-07-21 03:22 - 2009-07-13 21:45 - 00421160 _____ C:\windows\system32\FNTCACHE.DAT
2015-07-17 23:41 - 2015-06-16 20:35 - 00003910 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001UA
2015-07-17 23:41 - 2015-06-16 20:35 - 00003514 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001Core
2015-07-17 13:28 - 2014-04-17 22:05 - 00000000 ____D C:\Users\the Hoff\Documents\Calibre Library
2015-07-17 13:19 - 2013-02-06 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-16 03:04 - 2015-04-04 22:55 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-15 22:35 - 2011-04-01 22:28 - 00000000 ____D C:\Users\the Hoff\AppData\Roaming\vlc
2015-07-15 20:10 - 2012-02-20 15:35 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 20:10 - 2012-02-20 15:35 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 13:02 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2015-07-15 10:30 - 2013-01-09 23:23 - 00000000 ____D C:\Users\the Hoff\Documents\Makenna Fall 2012
2015-07-15 10:01 - 2014-12-10 04:51 - 00000000 ____D C:\windows\system32\appraiser
2015-07-15 10:01 - 2009-07-13 20:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-07-14 21:54 - 2011-03-04 10:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-14 21:41 - 2013-08-14 03:03 - 00000000 ____D C:\windows\system32\MRT
2015-07-14 14:11 - 2015-02-01 00:02 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 14:11 - 2015-02-01 00:02 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 14:11 - 2015-02-01 00:02 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2011-08-12 21:20 - 2013-07-30 19:41 - 0007680 _____ () C:\Users\the Hoff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\the Hoff\AppData\Local\Temp\ammemb.dll
C:\Users\the Hoff\AppData\Local\Temp\ammemb64.dll
C:\Users\the Hoff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu8dxh0.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-02 00:23

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by the Hoff (2015-08-09 12:38:53)
Running from C:\Users\the Hoff\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3472861432-3466800176-631802751-500 - Administrator - Disabled)
Guest (S-1-5-21-3472861432-3466800176-631802751-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3472861432-3466800176-631802751-1006 - Limited - Enabled)
the Hoff (S-1-5-21-3472861432-3466800176-631802751-1001 - Administrator - Enabled) => C:\Users\the Hoff

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Actual Multiple Monitors 8.0 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 8.0 - Actual Tools)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Aleks 3.14 (HKLM-x32\...\Aleks 3.14) (Version: - )
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.1 - Auslogics Software Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{09076BCB-56D7-483C-969E-1723E9FC3F4E}) (Version: 1.32.0 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module V2.00 (HKLM\...\CANONIJINBOXADDON200) (Version: - )
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
Canon MX300 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: - Elaborate Bytes)
CursorFX (HKLM-x32\...\CursorFX) (Version: - Stardock Corporation)
CursorFX (x32 Version: 2.00 - Stardock Corporation) Hidden
dBpoweramp [Calculate Audio CRC] Codec (HKLM-x32\...\dBpoweramp [Calculate Audio CRC] Codec) (Version: - )
dBpoweramp [Multi Encoder] Codec (HKLM-x32\...\dBpoweramp [Multi Encoder] Codec) (Version: Release 2 - Illustrate)
dBpoweramp [ReplayGain] Codec (HKLM-x32\...\dBpoweramp [ReplayGain] Codec) (Version: - )
dBpoweramp AAC Encoder (HKLM-x32\...\dBpoweramp AAC Encoder) (Version: - )
dBpoweramp CLI Encoder (HKLM-x32\...\dBpoweramp CLI Encoder) (Version: - )
dBpoweramp Dalet Codec (HKLM-x32\...\dBpoweramp Dalet Codec) (Version: - )
dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version: - )
dBpoweramp m4a Codec (HKLM-x32\...\dBpoweramp m4a Codec) (Version: Release 7 - Illustrate)
dBpoweramp m4a Utilities (HKLM-x32\...\dBpoweramp m4a Utilities) (Version: - )
dBpoweramp Monkeys Audio Codec (HKLM-x32\...\dBpoweramp Monkeys Audio Codec) (Version: - )
dBpoweramp Mp2 and BwfMp2 codec (HKLM-x32\...\dBpoweramp Mp2 and BwfMp2 codec) (Version: - )
dBpoweramp mp3 (Fraunhofer IIS) Codec (HKLM-x32\...\dBpoweramp mp3 (Fraunhofer IIS) Codec) (Version: Release 2 (v4.0.3) - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13.1 - Illustrate)
dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version: - )
dBpoweramp Real Audio (Helix) Encoder (HKLM-x32\...\dBpoweramp Real Audio (Helix) Encoder) (Version: - )
dBPoweramp tooLame MP2 codec (HKLM-x32\...\dBPoweramp tooLame MP2 codec) (Version: - )
dBpoweramp Wave64 Codec (HKLM-x32\...\dBpoweramp Wave64 Codec) (Version: - )
dBpoweramp WavPack Codec (HKLM-x32\...\dBpoweramp WavPack Codec) (Version: - )
dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 5 - Illustrate)
Dropbox (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
DVDFab 8.0.6.1 (18/12/2010) (HKLM-x32\...\DVDFab 8_is1) (Version: - Fengtao Software Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
GetDiz 4.5 (HKLM-x32\...\GetDiz 4.5) (Version: 4.5 - Outertech)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GoToMeeting 7.2.4.3164 (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\GoToMeeting) (Version: 7.2.4.3164 - CitrixOnline)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
JumpStart Languages (HKLM-x32\...\JumpStart Languages) (Version: - )
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.19.2900 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
PDF-XChange Viewer (HKLM\...\{EE18FF09-2F2A-4A88-85B3-B845EFD5C5FE}) (Version: 2.5.193.0 - Tracker Software Products Ltd.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{52d63919-7661-4c1c-a688-cb684f374881}) (Version: 0.9.1116 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1116 - Plex, Inc.) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Quicken WillMaker Plus 2014 (HKLM-x32\...\{44160FDE-C190-45C1-B8E1-23F00228E572}) (Version: 1.0.0.0 - Nolo)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
Revo Uninstaller 1.91 (HKLM-x32\...\Revo Uninstaller) (Version: 1.91 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Spotify (HKU\S-1-5-21-3472861432-3466800176-631802751-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version: - Code Sector Inc.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.7 - Tweaking.com)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 Logon Background Changer (HKLM-x32\...\{2E6044C5-3495-485F-91BC-46D1B6430E51}) (Version: 1.5.2 - Julien MANICI)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3472861432-3466800176-631802751-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

25-03-2015 03:00:13 Windows Update
31-03-2015 02:08:34 Windows Update
03-04-2015 12:41:55 Windows Update
04-04-2015 22:55:17 Windows Update
10-04-2015 02:32:29 Windows Update
14-04-2015 03:21:05 Windows Update
15-04-2015 03:00:30 Windows Update
20-04-2015 15:54:26 Windows Update
24-04-2015 00:50:33 Windows Update
24-04-2015 22:42:37 avast! antivirus system restore point
26-04-2015 12:25:46 Plex Media Server
26-04-2015 12:30:58 Plex Media Server
28-04-2015 04:05:21 Windows Update
01-05-2015 12:56:09 Windows Update
05-05-2015 16:58:08 Windows Update
12-05-2015 04:47:22 Windows Update
12-05-2015 23:07:54 Windows Update
13-05-2015 11:19:26 Windows Update
19-05-2015 04:44:28 Windows Update
19-05-2015 19:13:03 Installed Quicken WillMaker Plus 2014
20-05-2015 03:00:13 Windows Update
26-05-2015 11:31:02 Windows Update
29-05-2015 21:22:23 Removed WTS3_iLGs
02-06-2015 05:25:46 Windows Update
09-06-2015 12:21:11 Scheduled Checkpoint
09-06-2015 18:16:05 Windows Update
10-06-2015 03:01:07 Windows Update
13-06-2015 14:10:45 Windows Update
19-06-2015 02:38:59 Windows Update
23-06-2015 10:24:35 Windows Update
26-06-2015 14:50:36 Windows Update
30-06-2015 02:32:28 Windows Update
04-07-2015 14:58:21 Windows Update
10-07-2015 04:19:54 Windows Update
14-07-2015 14:45:30 Windows Update
14-07-2015 21:40:43 Windows Update
16-07-2015 03:03:17 Windows Update
20-07-2015 13:23:38 avast! antivirus system restore point
20-07-2015 22:44:33 Windows Update
21-07-2015 03:00:10 Windows Update
23-07-2015 10:31:42 Installed iTunes
24-07-2015 05:08:10 Windows Update
28-07-2015 19:13:09 Windows Update
29-07-2015 03:00:11 Windows Update
31-07-2015 19:21:35 avast! antivirus system restore point
04-08-2015 03:16:17 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2013-09-25 13:25 - 00000098 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12A83DF3-8D6F-40A3-AFA4-6E482BCE9251} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {1678C4F8-485F-493A-A5B5-C07709444E6F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {184FC201-EE9F-4ACB-A34E-F93250F8FD28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {3069410F-04F7-46F2-B21A-594F8EF36BB8} - System32\Tasks\avast! Emergency Update => C:\Program Files\[]TOOLS[]\Avast\AvastEmUpdate.exe [2015-07-31] (AVAST Software)
Task: {37C24772-6096-4852-9F2F-9BD112FA9BEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {3E75F997-9576-46F1-9FD6-B72B45C280DB} - System32\Tasks\AdobeAAMUpdater-1.0-theHoff-PC-the Hoff => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {61D5FAE9-2E2B-44D5-9798-B660CA7647A1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {6CA54804-74C3-4865-AE4C-E14A575CAE65} - System32\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\3164\g2mupdate.exe [2015-08-05] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6CC22947-C959-4F4A-9C1A-4694BE0AB57C} - System32\Tasks\{745A26DB-0E8C-449F-925B-FF4D22A4369A} => pcalua.exe -a C:\Windows\UnJSLang.exe -d C:\windows
Task: {6E4F472F-CA1B-4975-B1E2-425CE3DCBE7A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {7220FC43-43BD-4A4D-9C9E-03D115747650} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {81759849-BAC2-4560-B379-F29B7FEF9FF4} - System32\Tasks\G2MUploadTask-S-1-5-21-3472861432-3466800176-631802751-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\3164\g2mupload.exe [2015-08-05] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {99BF1AB0-AF5C-47C5-9E0D-217DE75D449E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {A942DC52-D8BA-424C-A4D6-090C17D4E6EF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AA84109C-B609-49BC-BA4A-0EB05A8A999F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001UA => C:\Users\the Hoff\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {ABDE922D-66AF-4C31-88EF-89D9D4DCFB97} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe
Task: {B527F042-33F2-4252-8A9B-3D7149FAAE8A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {C07B0ED4-21B5-4B66-9E4C-E9583ECC7ED0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D7DB9198-81B0-429C-BF2C-8FDA5FE6E823} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001Core => C:\Users\the Hoff\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {FEEBFBA3-7517-48F0-9623-3922637009F1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001Core.job => C:\Users\the Hoff\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3472861432-3466800176-631802751-1001UA.job => C:\Users\the Hoff\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3472861432-3466800176-631802751-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\3164\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-3472861432-3466800176-631802751-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\3164\g2mupload.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-03-03 16:36 - 2009-06-21 08:52 - 00318976 _____ () C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopyExt64.dll
2011-03-03 16:36 - 2009-06-22 04:27 - 00126464 _____ () C:\Program Files\[]TOOLS[]\TeraCopy\TeraCopy64.dll
2013-04-30 00:25 - 2013-04-30 00:25 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 17:03 - 2012-03-05 17:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 15:53 - 2012-02-16 15:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-31 19:22 - 2015-07-31 19:22 - 00102864 _____ () C:\Program Files\[]TOOLS[]\Avast\log.dll
2015-07-31 19:22 - 2015-07-31 19:22 - 00123976 _____ () C:\Program Files\[]TOOLS[]\Avast\JsonRpcServer.dll
2015-08-08 12:15 - 2015-08-08 12:15 - 02960384 _____ () C:\Program Files\[]TOOLS[]\Avast\defs\15080801\algo.dll
2015-08-09 12:28 - 2015-08-09 12:28 - 02960384 _____ () C:\Program Files\[]TOOLS[]\Avast\defs\15080900\algo.dll
2010-03-23 07:17 - 2010-03-23 07:17 - 00059904 _____ () C:\Program Files (x86)\[]TOOLS[]\CursorFX\zlib1.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 01883784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2015-08-09 12:17 - 2015-08-09 12:17 - 00071168 _____ () c:\Users\the Hoff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu8dxh0.dll
2015-03-04 14:45 - 2015-07-16 17:31 - 00012800 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 14:45 - 2015-07-16 17:31 - 00779776 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-29 21:02 - 2015-07-16 17:31 - 00056320 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 14:45 - 2015-07-16 17:31 - 00012288 _____ () C:\Users\the Hoff\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-03-17 03:33 - 2015-03-17 03:33 - 40540672 _____ () C:\Program Files\[]TOOLS[]\Avast\libcef.dll
2015-08-09 12:16 - 2015-08-09 12:16 - 00098816 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32api.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00110080 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\pywintypes27.dll
2015-08-09 12:16 - 2015-08-09 12:16 - 00364544 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\pythoncom27.dll
2015-08-09 12:16 - 2015-08-09 12:16 - 00045568 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\_socket.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 01161216 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\_ssl.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00320512 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32com.shell.shell.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00713216 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\_hashlib.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 01175040 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\wx._core_.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00805888 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\wx._gdi_.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00811008 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\wx._windows_.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 01062400 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\wx._controls_.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00735232 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\wx._misc_.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00682496 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\pysqlite2._sqlite.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00087552 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\_ctypes.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00119808 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32file.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00108544 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32security.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00007168 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\hashobjs_ext.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00068096 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\usb_ext.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00167936 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32gui.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00018432 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32event.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00128512 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\_elementtree.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00127488 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\pyexpat.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00013824 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\common.time34.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00036864 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\_psutil_windows.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00038912 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32inet.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00011264 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32crypt.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00070656 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\wx._html2.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00027136 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\_multiprocessing.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00020480 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\_yappi.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00035840 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32process.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00686080 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\unicodedata.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00122368 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\wx._wizard.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00024064 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32pipe.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00010240 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\select.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00025600 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32pdh.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00525640 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\windows._lib_cacheinvalidation.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00017408 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32profile.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00022528 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\win32ts.pyd
2015-08-09 12:16 - 2015-08-09 12:16 - 00078336 _____ () C:\Users\the Hoff\AppData\Local\Temp\_MEI5162\wx._animate.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2015-03-13 12:52 - 2015-03-13 12:52 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2015-03-13 12:52 - 2015-03-13 12:52 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2015-07-16 14:11 - 2015-07-16 14:11 - 01020928 _____ () C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3472861432-3466800176-631802751-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\the Hoff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^the Hoff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: PhotoshopElements8SyncAgent => C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\[]TOOLS[]\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\the Hoff\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\the Hoff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VMM Mode Selection => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0D153C91-2B50-40D6-B962-3FDD5FE33C54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1C771021-44CE-45D1-B4CC-6E5A66610E25}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48F16599-8208-489A-BF7F-63DADD51B6B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BA3B7216-5D48-4947-AD18-0A4E4BD1E1B6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{951FE704-D88D-4A9D-AD18-AE2C1AB6DB6D}] => (Allow) C:\Users\the Hoff\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{C3F83AE7-548F-4762-88F9-6ECC9884A5F5}] => (Allow) C:\Users\the Hoff\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{1470F669-E299-4C1D-A5ED-48E3F02F1038}] => (Allow) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
FirewallRules: [{8B3C2074-FD8A-4DF9-B48A-C760CCCA6080}] => (Allow) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{4E7329C7-7A4D-48DB-B025-4AD6E04D5007}C:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3B090D51-B296-424F-89EE-FC14DDE7059A}C:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{249AFFA7-84D5-448E-BBE0-88D2E38DCB46}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{D49392A9-7C28-4BD8-BC08-A09B806A478A}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{2973ECCA-14E4-4CDB-9E9A-2F73A7229390}C:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{5D83CA6B-8187-47AE-B691-D9FD4585CF25}C:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\the hoff\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{52387D6F-B9C7-4185-A9A2-5451B261364D}C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6DA4A43E-E3D6-4230-832C-C1D807852B4F}C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe
FirewallRules: [{C00CFFAC-68C7-4A5D-9706-AD45FF3B0F3B}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{05A2B2EE-B540-4BBC-B330-5C6A1756C93C}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{DB68EB0D-5FF6-46F1-9997-FFFDD60B414C}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{9F68EA6B-2534-46EB-9868-0A0E2742B814}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{ABD83C8D-900A-413F-B401-7981E9AF4A62}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2015 11:24:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x517f39a1
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x77c
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (08/04/2015 04:49:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 39.0.0.5659, time stamp: 0x55933a80
Faulting module name: ammemb.dll, version: 8.0.0.0, time stamp: 0x520d8f13
Exception code: 0xc0000005
Fault offset: 0x00001c3e
Faulting process id: 0x1b08
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (07/29/2015 09:35:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x517f39a1
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x798
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (07/27/2015 09:52:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000

Error: (07/27/2015 09:52:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10000

Error: (07/27/2015 09:52:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/27/2015 09:52:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9001

Error: (07/27/2015 09:52:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9001

Error: (07/27/2015 09:52:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/27/2015 09:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

System errors:
=============
Error: (08/08/2015 11:24:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2015 11:03:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}

Error: (07/29/2015 09:35:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/27/2015 08:36:35 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MYBOOKLIVE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0B045C6-0DBA-4926-8B56-159FF565315A}.
The master browser is stopping or an election is being forced.

Error: (07/27/2015 01:00:16 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.2 with the system
having network hardware address 00-88-65-26-1B-D4. Network operations on this system may
be disrupted as a result.

Error: (07/26/2015 05:36:37 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MYBOOKLIVE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0B045C6-0DBA-4926-8B56-159FF565315A}.
The master browser is stopping or an election is being forced.

Error: (07/26/2015 05:14:03 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.2.
The computer with the IP address 192.168.0.12 did not allow the name to be claimed by
this computer.

Error: (07/26/2015 04:56:50 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.2.
The computer with the IP address 192.168.0.12 did not allow the name to be claimed by
this computer.

Error: (07/26/2015 04:38:45 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MYBOOKLIVE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0B045C6-0DBA-4926-8B56-159FF565315A}.
The master browser is stopping or an election is being forced.

Error: (07/26/2015 04:20:38 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MYBOOKLIVE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B0B045C6-0DBA-4926-8B56-159FF565315A}.
The master browser is stopping or an election is being forced.

Microsoft Office:
=========================
Error: (08/08/2015 11:24:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c177c01d0caf15fc811f4C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll53a2cec3-3e5f-11e5-b791-bcaec54f1b9f

Error: (08/04/2015 04:49:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe39.0.0.565955933a80ammemb.dll8.0.0.0520d8f13c000000500001c3e1b0801d0ce1e9ca2813bC:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exeC:\Users\THEHOF~1\AppData\Local\Temp\ammemb.dll6240dc63-3b03-11e5-b791-bcaec54f1b9f

Error: (07/29/2015 09:35:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.0517f39a1Device.dll4.1.0.04f55e10bc000000500000000000033c179801d0c7d4fcb29640C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll6c360a61-3674-11e5-8de9-bcaec54f1b9f

Error: (07/27/2015 09:52:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000

Error: (07/27/2015 09:52:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10000

Error: (07/27/2015 09:52:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/27/2015 09:52:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9001

Error: (07/27/2015 09:52:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9001

Error: (07/27/2015 09:52:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/27/2015 09:52:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

CodeIntegrity:
===================================
Date: 2015-07-24 16:09:02.343
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-24 16:09:02.246
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-24 16:08:51.890
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-24 16:08:51.792
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 33%
Total physical RAM: 7934.18 MB
Available physical RAM: 5248.38 MB
Total Virtual: 15866.56 MB
Available Virtual: 13068.96 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1862.92 GB) (Free:318.84 GB) NTFS
Drive z: (Storage) (Fixed) (Total:3725.9 GB) (Free:2803.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 3726 GB) (Disk ID: 075A0ECB)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End of log ============================

#2
Nevan

Posted 10 August 2015 - 12:32 AM

Trusted Helper

Malware Removal
1,765 posts

Hello, bbj. My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:

Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

I'll check the log provided and be back with appropriate instructions once they are approved by my teacher.

In the meantime, please do the following:

CKScanner

Download CKScanner and save it to your Desktop.
Right click CKScanner.exe and select Run as administrator.
Give permission if necessary, and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program only once.
Double-click the CKFiles.txt on your desktop and copy/paste the content in your next reply.

#3
bbj

Posted 10 August 2015 - 12:59 AM

Member

Topic Starter
Member
64 posts

Thanks for your help!

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\serviceinfo.plist
c:\program files (x86)\plex\plex media server\resources\plug-ins\services.bundle\contents\service sets\com.plexapp.plugins.crackle\url\crackle\servicecode.pys
c:\users\public\pictures\my pictures\getta\recipes\ranch dressing soda crackers.docx
c:\users\the hoff\music\christmas\in the nutcracker mood\desktop.ini
c:\users\the hoff\music\christmas\in the nutcracker mood\thumbs.db
c:\users\the hoff\music\christmas\the nutcracker suite\desktop.ini
c:\users\the hoff\music\hootie & the blowfish\cracked rear view\desktop.ini
c:\users\the hoff\music\hootie & the blowfish\cracked rear view\thumbs.db
c:\users\the hoff\music\itunes\itunes media\mobile applications\trivia crack 2.0.1.ipa
c:\users\the hoff\music\itunes\itunes music\neil diamond\the greatest hits (1966-1992) disc 1\14 cracklin' rosie.m4a
c:\users\the hoff\music\itunes\itunes music\the carpenters\christmas portrait\18 selections from _nutcracker__ ove.m4a
c:\users\the hoff\music\neil diamond\hot august night (disc 2) [live]\2-05 cracklin' rosie.m4a
c:\users\the hoff\music\poison\crack a smile...and more!\desktop.ini
c:\users\the hoff\music\poison\crack a smile...and more!\thumbs.db
c:\windows\kmsemulator.exe
c:\windows\system32\driverstore\filerepository\oemsetup.inf_amd64_neutral_54fd64bcde912154\kmstmnet.exe
c:\windows\system32\driverstore\filerepository\oemsetup.inf_amd64_neutral_54fd64bcde912154\kmstmnw.exe
c:\windows\system32\driverstore\filerepository\oemsetup.inf_amd64_neutral_54fd64bcde912154\kmstmvm.exe
scanner sequence 3.KG.11.GPNATZ
----- EOF -----

#4
Nevan

Posted 10 August 2015 - 04:49 AM

Trusted Helper

Malware Removal
1,765 posts

Hello again, bbj.

Could you tell me what are the situations in which this computer slows down? It looks like memory and RAM use are pretty low, so I'm surprised that such thing happens.

I don't see any infections in the log but we'll do a small cleaning. Please perform the instructions below.

Step #1

FRST Fix

Download attached fixlist.txt file to your desktop.
fixlist.txt 1.4KB 200 downloads
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Right click FRST64.exe on your desktop and click Run as administrator.
Press the Fix button just once and wait.
NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Step #2

Junkware Removal Tool

Download Junkware Removal Tool to your Desktop
Close any open windows
Disable your Antivirus program (click here if you don't know how to do this)
Double click JRT.exe on your desktop to run it
Click any button to start the scan
Wait for Junkware Removal Tool to finish the scan
When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Step #3

AdwCleaner

Download AdwCleaner to your Desktop.
Close any open windows
Double click AdwCleaner.exe on your desktop to run it
Click the button
Wait for AdwCleaner to finish the scan
When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click button.
When the cleaning is finished, the program will ask you to reboot the system. Please do so.
Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Remember to enable your Antivirus program once you're done!

Things that should appear in your next post:

Fixlog.txt log content
JRT.txt log content
AdwCleaner[S0].txt log content
Answer to my question from the beginning of this post

#5
bbj

Posted 10 August 2015 - 04:19 PM

Member

Topic Starter
Member
64 posts

The computer isn't as 'snappy' as it used to be and the startup is taking a really long time. Maybe it's just general clutter, background programs and fragmentation rather than any infection. I will reply with the other logs.

ï»¿Fix result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by the Hoff (2015-08-10 14:43:20) Run:1
Running from C:\Users\the Hoff\Desktop
Loaded Profiles: the Hoff (Available Profiles: the Hoff)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
2015-08-09 12:15 - 2015-03-01 23:20 - 00000248 _____ C:\windows\Tasks\AutoKMS.job
2015-08-08 22:20 - 2015-03-01 23:20 - 00000248 _____ C:\windows\Tasks\AutoKMSDaily.job
Task: {6E4F472F-CA1B-4975-B1E2-425CE3DCBE7A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {ABDE922D-66AF-4C31-88EF-89D9D4DCFB97} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
FirewallRules: [TCP Query User{249AFFA7-84D5-448E-BBE0-88D2E38DCB46}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{D49392A9-7C28-4BD8-BC08-A09B806A478A}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
Task: {6CC22947-C959-4F4A-9C1A-4694BE0AB57C} - System32\Tasks\{745A26DB-0E8C-449F-925B-FF4D22A4369A} => pcalua.exe -a C:\Windows\UnJSLang.exe -d C:\windows
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
*****************

Processes closed successfully.
Restore point was successfully created.
C:\windows\Tasks\AutoKMS.job => moved successfully.
C:\windows\Tasks\AutoKMSDaily.job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6E4F472F-CA1B-4975-B1E2-425CE3DCBE7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E4F472F-CA1B-4975-B1E2-425CE3DCBE7A}" => key removed successfully
C:\windows\System32\Tasks\AutoKMS => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABDE922D-66AF-4C31-88EF-89D9D4DCFB97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABDE922D-66AF-4C31-88EF-89D9D4DCFB97}" => key removed successfully
C:\windows\System32\Tasks\AutoKMSDaily => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSDaily" => key removed successfully
C:\windows\Tasks\AutoKMS.job not found.
C:\windows\Tasks\AutoKMSDaily.job not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{249AFFA7-84D5-448E-BBE0-88D2E38DCB46}C:\windows\kmsemulator.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D49392A9-7C28-4BD8-BC08-A09B806A478A}C:\windows\kmsemulator.exe => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CC22947-C959-4F4A-9C1A-4694BE0AB57C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CC22947-C959-4F4A-9C1A-4694BE0AB57C}" => key removed successfully
C:\windows\System32\Tasks\{745A26DB-0E8C-449F-925B-FF4D22A4369A} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{745A26DB-0E8C-449F-925B-FF4D22A4369A}" => key removed successfully

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

========= End of Reg: =========

EmptyTemp: => 808.9 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 14:47:38 ====

#6
Nevan

Posted 10 August 2015 - 11:37 PM

Trusted Helper

Malware Removal
1,765 posts

Yep, it probably just needs a little bit cleaning

I'll be waiting for the rest of the logs.

#7
bbj

Posted 11 August 2015 - 04:07 AM

Member

Topic Starter
Member
64 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Home Premium x64
Ran by the Hoff on Mon 08/10/2015 at 15:28:47.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Chrome

[C:\Users\the Hoff\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\the Hoff\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\the Hoff\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\the Hoff\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/10/2015 at 15:34:06.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#8
bbj

Posted 11 August 2015 - 04:24 AM

Member

Topic Starter
Member
64 posts

The startup is really slow and Firefox just gave me a "slow to start" message. It really seems like it's infected but there are no 'weird' things happening.

# AdwCleaner v4.208 - Logfile created 11/08/2015 at 03:10:57
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : the Hoff - THEHOFF-PC
# Running from : C:\Users\the Hoff\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Users\the Hoff\AppData\Roaming\Mozilla\Firefox\Profiles\7fhx2nxa.default\Extensions\[email protected]

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909

-\\ Mozilla Firefox v39.0.3 (x86 en-US)

-\\ Google Chrome v44.0.2403.130

*************************

AdwCleaner[R1].txt - [1037 bytes] - [11/08/2015 03:10:05]
AdwCleaner[S1].txt - [968 bytes] - [11/08/2015 03:10:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1026 bytes] ##########

#9
Nevan

Posted 11 August 2015 - 05:43 AM

Trusted Helper

Malware Removal
1,765 posts

Hello again, bbj.

It really seems like it's infected but there are no 'weird' things happening.

So far there are no signs of infection. We'll do two more checks and then we'll check if something else can be done to help with your computer's speed.

Step #1

Malwarebytes Anti-Malware

I can see that you currently have Malwarebytes Anti-Malware installed on your computer. We'll use it.

Launch Malwarebytes Anti-Malware
In Database version section, click Update Now
Once the update is done, click Settings>Detection and Protection
Make sure that all three boxes under Detection Options are checked
Go back to Dashboard and click the big, green Scan Now button.
Wait for Malwarebytes Anti-Malware to finish the scan
If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
Click Export, then click Copy to Clipboard.
Paste (CTRL+V) the log into your next reply.

Step #2

ESET Online Scanner

Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox

Disable your Antivirus program (click here if you don't know how to do this).
Visit ESET site
Click
When using:
- Internet Explorer:
  - Accept the Terms of Use and click Start
  - Allow the running of add-on
- Other browsers:
  - Download esetsmartinstaller_enu.exe that you'll be given link to
  - Double click esetsmartinstaller_enu.exe
  - Allow the Terms of Use and click Start
Make sure that the options are set as the example below:
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan
When the scan is done, click Finish
A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Remember to enable your Antivirus program once you're done!

Things that should appear in your next post:

Malwarebytes Anti-Malware log content
ESET Online Scanner log content

#10
bbj

Posted 11 August 2015 - 07:26 AM

Member

Topic Starter
Member
64 posts

40 minutes to complete the scan seems excessive but I've used a SSD for a long time so I don't know what's normal for a spinner.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/11/2015
Scan Time: 5:31 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.08.03
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: the Hoff

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411008
Time Elapsed: 39 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Edited by bbj, 11 August 2015 - 07:28 AM.

#11
Nevan

Posted 11 August 2015 - 10:32 AM

Trusted Helper

Malware Removal
1,765 posts

Still no infections so far. We still need ESET log though

#12
bbj

Posted 11 August 2015 - 03:41 PM

Member

Topic Starter
Member
64 posts

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f7b5a4b53faead49a2bd125b2259399f
# end=init
# utc_time=2015-08-11 01:31:55
# local_time=2015-08-11 06:31:55 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25226
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f7b5a4b53faead49a2bd125b2259399f
# end=updated
# utc_time=2015-08-11 01:47:25
# local_time=2015-08-11 06:47:25 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f7b5a4b53faead49a2bd125b2259399f
# engine=25226
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-11 04:22:30
# local_time=2015-08-11 09:22:30 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 190853600 0 0
# scanned=519535
# found=5
# cleaned=0
# scan_time=9305
sh=D6BBDD54B5DFF632280B47B98FE98FC9AFC58AEE ft=1 fh=c164052a184e1962 vn="a variant of MSIL/Packed.FishNet.A suspicious application" ac=I fn="C:\Program Files (x86)\[]TOOLS[]\DVDFab 8\Patch.exe"
sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\the Hoff\Desktop\ccsetup508.exe"
sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\the Hoff\Desktop\clutter2\ccsetup508.exe"
sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\the Hoff\dwhelper\Download CCleaner 5.08.5308 - Download - FileHippo.com.mp4"
sh=2AA967AACCAB9A353FC818B2831B5532D7F47378 ft=1 fh=4b1c20670b9db072 vn="Win32/HackKMS.A potentially unsafe application" ac=I fn="C:\Windows\KMSEmulator.exe"

#13
Nevan

Posted 12 August 2015 - 12:57 PM

Trusted Helper

Malware Removal
1,765 posts

Hello again, bbj.

Clearly there are not any infections on this system. We'll see now what uses the most of resources on this system and if turning off unnecessary programs helps with the problem.

Step #1

FRST Fix

Download attached fixlist.txt file to your desktop.
fixlist.txt 258bytes 214 downloads
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Right click FRST64.exe on your desktop and click Run as administrator.
Press the Fix button just once and wait.
NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Step #2
Task Manager Screenshot

I'd like you to show me a screenshot of your Task Manager.
To do that, press Ctrl+Shift+Esc combination on your keyboard, then in Task Manager window select Processes tab, then press Alt+Print Screen combination on your keyboard. Once done, open Paint, press Ctrl+V combination and Ctrl+S to save the file. Please, use .JPG format. Add that file as an attachment to your post. If impossible, use a hosting site like imgur and provide me the link that it'll give you.

Step #3
Clean Boot

Please follow these instructions to perform a clean boot.

Click Start, type Msconfig in the Search box and select the programme that appears at the top.
In the System Configuration Utility dialog box, click Selective Startup in the General tab.
Untick the Load Startup Items check box.
Click the Services tab.
Tick the Hide All Microsoft Services check box.
Click Disable All, and then click OK.
When you are prompted, click Restart.

Once done, please check how the system's working in this case.

After you're done with checking, undo the clean boot settings by doing these steps:

Click Start, type msconfig.exe in the Search box, and then press Enter.
Note: If you are prompted for an administrator password or for confirmation, you should type the password or click Continue.
On the General tab, click the Normal Startup option, and then click OK.
When you are prompted to restart the computer, click Restart.

When you're back in the normal boot mode, tell me if you had any problems when using the system in clean boot.

Things that should appear in your next post:

Fixlog.txt log content
Screenshot of Task Manager
Please tell me if your computer was running better during clean boot

#14
bbj

Posted 13 August 2015 - 05:30 AM

Member

Topic Starter
Member
64 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:12-08-2015
Ran by the Hoff (2015-08-13 04:28:24) Run:2
Running from C:\Users\the Hoff\Desktop
Loaded Profiles: the Hoff (Available Profiles: the Hoff)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\[]TOOLS[]\DVDFab 8\Patch.exe
C:\Users\the Hoff\Desktop\ccsetup508.exe
C:\Users\the Hoff\Desktop\clutter2\ccsetup508.ex
C:\Users\the Hoff\dwhelper\Download CCleaner 5.08.5308 - Download - FileHippo.com.mp4
C:\Windows\KMSEmulator.exe
*****************

C:\Program Files (x86)\[]TOOLS[]\DVDFab 8\Patch.exe => moved successfully.
C:\Users\the Hoff\Desktop\ccsetup508.exe => moved successfully.
"C:\Users\the Hoff\Desktop\clutter2\ccsetup508.ex" => File/Folder not found.
C:\Users\the Hoff\dwhelper\Download CCleaner 5.08.5308 - Download - FileHippo.com.mp4 => moved successfully.
C:\Windows\KMSEmulator.exe => moved successfully.

==== End of Fixlog 04:28:24 ====

#15
bbj

Posted 13 August 2015 - 05:38 AM

Member

Topic Starter
Member
64 posts

http://i.imgur.com/J90z1zo.jpg

I can't believe that a computer can run this slowly without background programs, and not be absolutely swamped with malware. I just got an alert from Avast about the computer running sluggishly. Now that we know that there is no infection, I am going to run Auslogics disk defrag. I'm not sure what else to try.

Edited by bbj, 13 August 2015 - 06:00 AM.