barnewa
2015-05-02, 05:03
Hi,
I've used S&D for a long time. Recently discovered the Barowwsoe2Save malware. S&D removes all but one instance...get a msg that there is an instance in memory and asks permission to scan on startup...grant permission...restart PC...scan runs...still can't remove malware. I am running it 'as Administrator'.
Here is my FRST log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Andy (administrator) on NEWDELL on 01-05-2015 22:50:54
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available profiles: Andy & Tricia & Emily)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1380919190\ee\aolsoftware.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1380919190\ee\aolupdates.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1380919190\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\...\Run: [Zoom] => [X]
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2011-11-25]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-02-22]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbc_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0CtD0CtC0CtDyC0AyEtD0D0FyCyEtA0AtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0B0FzzyCyCtGtA0C0D0AtG0BtByCzytGtA0Fzy0BtGyEyB0CtAtAzz0F0CzzzztA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0C0D0DyC0E0CzytGtDzytA0AtGyE0EyE0BtGzyyBtBtAtG0B0F0CyD0FtCtAyCzyyDyByB2Q&cr=915928996&ir=
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbc_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0CtD0CtC0CtDyC0AyEtD0D0FyCyEtA0AtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0B0FzzyCyCtGtA0C0D0AtG0BtByCzytGtA0Fzy0BtGyEyB0CtAtAzz0F0CzzzztA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0C0D0DyC0E0CzytGtDzytA0AtGyE0EyE0BtGzyyBtBtAtG0B0F0CyD0FtCtAyCzyyDyByB2Q&cr=915928996&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000 -> DefaultScope {6A90D3FA-5A70-4B5F-8AFF-3218BF21B08B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000 -> {6A90D3FA-5A70-4B5F-8AFF-3218BF21B08B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: RoyAlShoppierApup -> {1cf55e21-88e5-4833-a1c3-2f8397df8b7b} -> C:\Program Files (x86)\RoyAlShoppierApup\roo65abjfCECNR.x64.dll [2015-04-14] ()
BHO: ROYalCOupon -> {30ec5594-67bd-4fc8-b92f-8cedbbb92b42} -> C:\Program Files (x86)\ROYalCOupon\QdiT3opUZuKmEn.x64.dll [2015-04-13] ()
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: SohhoppearMasuterr -> {4bd3e472-ad13-4a33-8c85-f9e3326edb2c} -> C:\Program Files (x86)\SohhoppearMasuterr\8JJ6j4u16wTX1N.x64.dll [2015-04-14] ()
BHO: TTicTaCooupoN -> {69980c52-bb70-4e88-b3d0-66e9532e6762} -> C:\Program Files (x86)\TTicTaCooupoN\GbMSGNclzX6ziN.x64.dll [2015-04-03] ()
BHO: saaviinesHop -> {69a5d6a7-4bb0-4e01-b321-72eae3ea254f} -> C:\Program Files (x86)\saaviinesHop\lnmOseOoOwoY4G.x64.dll [2015-04-02] ()
BHO: SShopperMasutErr -> {71f65125-020c-43ca-b0c2-65e0b01504b4} -> C:\Program Files (x86)\SShopperMasutErr\BBI7U76iifBrR8.x64.dll [2015-04-14] ()
BHO: ROeyaLaCouPOn -> {77ba55ff-e910-4803-a704-f9ddf17e29e6} -> C:\Program Files (x86)\ROeyaLaCouPOn\343NVbpQlGjKGe.x64.dll [2015-04-14] ()
BHO: ShhouppEaRMaasstEr -> {82eb8bfc-f1d1-42f2-bca1-9502fbc0abf0} -> C:\Program Files (x86)\ShhouppEaRMaasstEr\h7TgIl5yN7rDR6.x64.dll [2015-04-14] ()
BHO: SualesMagnet -> {8c346591-b9e1-4827-bb7a-ad4063f96d5f} -> C:\Program Files (x86)\SualesMagnet\lusJK4Hxcj3IcX.x64.dll [2015-04-13] ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: PriinceeCoupon -> {930ecbf5-9923-419c-8121-102edd66f059} -> C:\Program Files (x86)\PriinceeCoupon\t5CAhDAElV1twr.x64.dll [2015-04-03] ()
BHO: LuckkyaShopoper -> {adc8e0dc-3fee-44bd-b517-3a1082cf41da} -> C:\Program Files (x86)\LuckkyaShopoper\H7oYSotTzos5BF.x64.dll [2015-04-14] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: CCooupScanner -> {b7604091-8a8e-40c3-92a9-3327f4d31096} -> C:\Program Files (x86)\CCooupScanner\rX1rL5BkaD9E2a.x64.dll [2015-04-02] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: FFlashCouppon -> {e657b9c1-fe8e-45db-af59-8a233c3d020b} -> C:\Program Files (x86)\FFlashCouppon\3doS7zdAqm1SWV.x64.dll [2015-04-14] ()
BHO: SAlesChecker -> {ea98f952-edf1-4fb1-8177-35b1bd7a200a} -> C:\Program Files (x86)\SAlesChecker\ZIdcENHOId3t8A.x64.dll [2015-04-14] ()
BHO-x32: RoyAlShoppierApup -> {1cf55e21-88e5-4833-a1c3-2f8397df8b7b} -> C:\Program Files (x86)\RoyAlShoppierApup\roo65abjfCECNR.dll [2015-04-14] ()
BHO-x32: ROYalCOupon -> {30ec5594-67bd-4fc8-b92f-8cedbbb92b42} -> C:\Program Files (x86)\ROYalCOupon\QdiT3opUZuKmEn.dll [2015-04-13] ()
BHO-x32: SohhoppearMasuterr -> {4bd3e472-ad13-4a33-8c85-f9e3326edb2c} -> C:\Program Files (x86)\SohhoppearMasuterr\8JJ6j4u16wTX1N.dll [2015-04-14] ()
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: TTicTaCooupoN -> {69980c52-bb70-4e88-b3d0-66e9532e6762} -> C:\Program Files (x86)\TTicTaCooupoN\GbMSGNclzX6ziN.dll [2015-04-03] ()
BHO-x32: saaviinesHop -> {69a5d6a7-4bb0-4e01-b321-72eae3ea254f} -> C:\Program Files (x86)\saaviinesHop\lnmOseOoOwoY4G.dll [2015-04-02] ()
BHO-x32: SShopperMasutErr -> {71f65125-020c-43ca-b0c2-65e0b01504b4} -> C:\Program Files (x86)\SShopperMasutErr\BBI7U76iifBrR8.dll [2015-04-14] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: ROeyaLaCouPOn -> {77ba55ff-e910-4803-a704-f9ddf17e29e6} -> C:\Program Files (x86)\ROeyaLaCouPOn\343NVbpQlGjKGe.dll [2015-04-14] ()
BHO-x32: ShhouppEaRMaasstEr -> {82eb8bfc-f1d1-42f2-bca1-9502fbc0abf0} -> C:\Program Files (x86)\ShhouppEaRMaasstEr\h7TgIl5yN7rDR6.dll [2015-04-14] ()
BHO-x32: SualesMagnet -> {8c346591-b9e1-4827-bb7a-ad4063f96d5f} -> C:\Program Files (x86)\SualesMagnet\lusJK4Hxcj3IcX.dll [2015-04-13] ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: PriinceeCoupon -> {930ecbf5-9923-419c-8121-102edd66f059} -> C:\Program Files (x86)\PriinceeCoupon\t5CAhDAElV1twr.dll [2015-04-03] ()
BHO-x32: LuckkyaShopoper -> {adc8e0dc-3fee-44bd-b517-3a1082cf41da} -> C:\Program Files (x86)\LuckkyaShopoper\H7oYSotTzos5BF.dll [2015-04-14] ()
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: CCooupScanner -> {b7604091-8a8e-40c3-92a9-3327f4d31096} -> C:\Program Files (x86)\CCooupScanner\rX1rL5BkaD9E2a.dll [2015-04-02] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: FFlashCouppon -> {e657b9c1-fe8e-45db-af59-8a233c3d020b} -> C:\Program Files (x86)\FFlashCouppon\3doS7zdAqm1SWV.dll [2015-04-14] ()
BHO-x32: SAlesChecker -> {ea98f952-edf1-4fb1-8177-35b1bd7a200a} -> C:\Program Files (x86)\SAlesChecker\ZIdcENHOId3t8A.dll [2015-04-14] ()
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000}
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://join-test.webex.com/client/WBXclient-T29L10NSP10EP1-10115/webex/ieatgpc1.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 167.206.10.178 167.206.10.179
FireFox:
========
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\jgud7t4x.default
FF DefaultSearchEngine: Vosteran
FF SelectedSearchEngine: Vosteran
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @ara.com/x-GoPlatformDemo-plugin -> C:\Program Files\Go Platform Demo\Binaries\PIB\NP64\np-GoPlatformDemo.dll [2015-01-19] (ARA, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @ara.com/x-GoPlatformDemo-plugin -> C:\Program Files\Go Platform Demo\Binaries\PIB\NP\np-GoPlatformDemo.dll [2015-01-19] (ARA, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-23] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2590271414-3081139895-2094561154-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Andy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-2590271414-3081139895-2094561154-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Andy\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-03-17] (Zoom Video Communications, Inc.)
FF user.js: detected! => C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\jgud7t4x.default\user.js [2014-11-23]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2014-11-23] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Andy\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-11-23] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\jgud7t4x.default\searchplugins\Vosteran.xml [2014-11-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-26]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Grand Theft Auto GTA 2013) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\acdgodjffnfkeciofehiiehjmmafanng [2015-04-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-02]
CHR Extension: (Outlook365 Notifier) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfemhokeipigjjdopkanibcilnbbjpf [2015-04-14]
CHR Extension: (Speech recognition for Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffnepgjlfiinpkplhjmehkdhnaaongdk [2015-04-14]
CHR Extension: (Instair New Tab) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdepldelkjiaidnlfgbffbnbljjddfh [2015-04-14]
CHR Extension: (960 Grid System Overlay Unofficial) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjlbgclilhfnikffpemggmnmgpkdeocf [2015-04-13]
CHR Extension: (Blipshot one click screenshots) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (MultiHighlighter) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifbglmlbpgpbflnkfpclkmckoollbn [2015-04-03]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-02]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3113040 2014-11-23] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 EZ Software Updater; C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe [221696 2015-02-17] () [File not signed] <==== ATTENTION
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 NTG43XX; C:\Windows\System32\DRIVERS\WN311B64.sys [3058168 2010-04-03] (Broadcom Corporation)
S3 RT2500USB; C:\Windows\System32\DRIVERS\rt2500usb.sys [245248 2006-11-08] (Ralink Technology Inc.)
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
U3 aswMBR; \??\C:\Users\Andy\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Andy\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-01 22:50 - 2015-05-01 22:51 - 00024252 _____ () C:\Users\Andy\Desktop\FRST.txt
2015-05-01 22:50 - 2015-05-01 20:50 - 02101248 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2015-05-01 20:59 - 2015-05-01 21:00 - 05198336 _____ (AVAST Software) C:\Users\Andy\Downloads\aswMBR.exe
2015-05-01 20:57 - 2015-05-01 20:58 - 00041635 _____ () C:\Users\Andy\Downloads\Addition.txt
2015-05-01 20:56 - 2015-05-01 22:44 - 00059514 _____ () C:\Users\Andy\Downloads\FRST.txt
2015-05-01 20:54 - 2015-05-01 20:54 - 02101248 _____ (Farbar) C:\Users\Andy\Downloads\FRST64 (1).exe
2015-05-01 20:54 - 2015-05-01 20:54 - 00465500 _____ ( ) C:\Users\Andy\Downloads\setup (1).exe
2015-05-01 20:53 - 2015-05-01 20:54 - 00000000 ____D () C:\Program Files (x86)\Media Downloader
2015-05-01 20:53 - 2015-05-01 20:53 - 00001236 _____ () C:\Users\Public\Desktop\Media Downloader.lnk
2015-05-01 20:53 - 2015-05-01 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Downloader
2015-05-01 20:53 - 2015-05-01 20:53 - 00000000 ____D () C:\Program Files (x86)\EZ Software Updater
2015-05-01 20:52 - 2015-05-01 20:52 - 00368136 _____ () C:\Users\Andy\Downloads\Setup.exe
2015-05-01 20:51 - 2015-05-01 22:50 - 00000000 ____D () C:\FRST
2015-05-01 20:50 - 2015-05-01 20:50 - 02101248 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2015-05-01 20:45 - 2015-05-01 20:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NEWDELL-Windows-7-Home-Premium-(64-bit).dat
2015-05-01 20:44 - 2015-05-01 20:44 - 00000000 ____D () C:\RegBackup
2015-05-01 20:43 - 2015-05-01 20:43 - 04804736 _____ () C:\Users\Andy\Downloads\tweaking.com_registry_backup_setup.exe
2015-05-01 20:43 - 2015-05-01 20:43 - 00002241 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-05-01 20:43 - 2015-05-01 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-05-01 20:43 - 2015-05-01 20:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-04-20 03:13 - 2015-04-20 03:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-19 21:19 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-19 21:19 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-19 21:19 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-19 21:19 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-19 21:19 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-19 21:19 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-19 21:19 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-19 21:19 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-19 21:19 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-19 21:18 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-19 21:18 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-19 21:18 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-19 21:18 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-19 21:18 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-19 21:18 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-19 21:18 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-19 21:18 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-19 21:18 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-19 21:18 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-19 21:18 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-19 21:18 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-19 21:18 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-19 21:18 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-19 21:18 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-19 21:18 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-19 21:18 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-19 21:18 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-19 21:18 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-19 21:18 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-19 21:18 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-19 21:18 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-19 21:18 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-19 21:18 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-19 21:18 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-19 21:18 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-19 21:18 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-19 21:18 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-19 21:18 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-19 21:18 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-19 21:18 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-19 21:18 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-19 21:18 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 21:18 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-19 21:18 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-19 21:18 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-19 21:18 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-19 21:18 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-19 21:17 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-19 21:17 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-19 21:17 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-19 21:17 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-19 21:17 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-19 21:17 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-19 21:17 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-19 21:17 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-19 21:17 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-19 21:17 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-19 21:17 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-19 21:17 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-19 21:17 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-19 21:17 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-19 21:17 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-19 21:17 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-19 21:17 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-19 21:17 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-19 21:17 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-19 21:17 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-19 21:17 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-19 21:17 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-19 21:17 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-19 21:17 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-19 21:17 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-19 21:17 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-19 21:17 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-19 21:17 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-19 21:17 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-19 21:17 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-19 21:17 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-19 21:17 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-19 21:17 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-19 21:17 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-19 21:17 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-19 21:17 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-19 21:17 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-19 21:17 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-19 21:17 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-19 21:17 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-19 21:17 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-19 21:17 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-19 21:17 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-19 21:17 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-19 21:17 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-19 21:17 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-19 21:17 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-19 21:17 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-19 21:17 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-19 21:17 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-19 21:17 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-19 21:17 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-19 21:17 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-19 21:17 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-19 21:17 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-19 21:17 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-19 21:16 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-19 21:16 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-19 21:16 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-19 21:16 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-19 21:16 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-19 21:16 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-19 21:16 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-19 21:16 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-19 21:16 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-19 21:16 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-19 21:16 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-19 21:16 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-19 21:16 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-19 21:16 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-19 21:16 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-19 21:10 - 2015-04-19 21:10 - 04450304 _____ () C:\Users\Tricia\Downloads\16 - Chapter 15 - Therapy.ppt
2015-04-14 12:38 - 2015-04-14 12:38 - 00000020 _____ () C:\Users\Emily\AppData\Roaming\appdataFr3.bin
2015-04-14 12:16 - 2015-04-14 12:16 - 01339719 _____ () C:\Users\Andy\Downloads\rootalyz-0.3.4.47.zip
2015-04-14 12:04 - 2015-04-14 12:04 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Safer Networking
2015-04-14 12:03 - 2015-04-14 12:03 - 01752632 _____ (Safer-Networking Ltd. ) C:\Users\Andy\Downloads\regalyz-1.6.2.16.exe
2015-04-14 12:03 - 2015-04-14 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
2015-04-14 12:03 - 2015-04-14 12:03 - 00000000 ____D () C:\Program Files (x86)\Safer Networking
2015-04-14 11:47 - 2015-05-01 20:28 - 00000020 _____ () C:\Users\Andy\AppData\Roaming\appdataFr3.bin
2015-04-14 05:25 - 2015-04-14 05:25 - 00000000 ____D () C:\Program Files (x86)\Speech recognition for Gmail
2015-04-14 05:25 - 2015-04-14 05:25 - 00000000 ____D () C:\Program Files (x86)\ShhouppEaRMaasstEr
2015-04-14 05:25 - 2015-04-14 05:25 - 00000000 ____D () C:\Program Files (x86)\SAlesChecker
2015-04-14 05:25 - 2015-04-14 05:25 - 00000000 ____D () C:\Program Files (x86)\ExtrrASShopper
2015-04-14 05:05 - 2015-04-14 05:05 - 00000000 ____D () C:\Program Files (x86)\SShopperMasutErr
2015-04-14 05:05 - 2015-04-14 05:05 - 00000000 ____D () C:\Program Files (x86)\PorionceCoupon
2015-04-14 05:05 - 2015-04-14 05:05 - 00000000 ____D () C:\Program Files (x86)\Outlook365 Notifier
2015-04-14 05:05 - 2015-04-14 05:05 - 00000000 ____D () C:\Program Files (x86)\LuckkyaShopoper
2015-04-14 01:05 - 2015-04-14 01:05 - 00000000 ____D () C:\Program Files (x86)\RoyAlShoppierApup
2015-04-14 01:05 - 2015-04-14 01:05 - 00000000 ____D () C:\Program Files (x86)\RoyalShoPperoApp
2015-04-14 01:05 - 2015-04-14 01:05 - 00000000 ____D () C:\Program Files (x86)\Instair New Tab
2015-04-14 01:05 - 2015-04-14 01:05 - 00000000 ____D () C:\Program Files (x86)\FFlashCouppon
2015-04-14 00:45 - 2015-04-14 00:45 - 00000000 ____D () C:\Program Files (x86)\SohhoppearMasuterr
2015-04-14 00:45 - 2015-04-14 00:45 - 00000000 ____D () C:\Program Files (x86)\ROeyaLaCouPOn
2015-04-14 00:45 - 2015-04-14 00:45 - 00000000 ____D () C:\Program Files (x86)\LUUcKyCoupon
2015-04-14 00:45 - 2015-04-14 00:45 - 00000000 ____D () C:\Program Files (x86)\Grand Theft Auto GTA 2013
2015-04-13 21:45 - 2015-04-13 21:45 - 00000000 ____D () C:\Program Files (x86)\SualesMagnet
2015-04-13 21:45 - 2015-04-13 21:45 - 00000000 ____D () C:\Program Files (x86)\ROYalCOupon
2015-04-13 21:45 - 2015-04-13 21:45 - 00000000 ____D () C:\Program Files (x86)\KiNgCoUponn
2015-04-13 21:45 - 2015-04-13 21:45 - 00000000 ____D () C:\Program Files (x86)\960 Grid System Overlay Unofficial
2015-04-06 18:02 - 2015-04-29 22:11 - 00000020 _____ () C:\Users\Tricia\AppData\Roaming\appdataFr3.bin
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 16:14 - 2015-04-03 16:15 - 00000000 ____D () C:\Program Files (x86)\TTicTaCooupoN
2015-04-03 16:14 - 2015-04-03 16:15 - 00000000 ____D () C:\Program Files (x86)\BeetterrPoriceaCheC
2015-04-03 16:14 - 2015-04-03 16:14 - 00000000 ____D () C:\Program Files (x86)\PriinceeCoupon
2015-04-03 16:14 - 2015-04-03 16:14 - 00000000 ____D () C:\Program Files (x86)\MultiHighlighter
2015-04-03 11:53 - 2015-04-03 11:54 - 00000000 ____D () C:\Program Files (x86)\Blipshot one click screenshots
2015-04-03 03:13 - 2015-04-03 03:14 - 00000000 ____D () C:\Program Files (x86)\WWoeWCouuuponn
2015-04-02 22:54 - 2015-04-02 22:54 - 00000000 ____D () C:\Program Files (x86)\saaviinesHop
2015-04-02 22:53 - 2015-04-14 05:26 - 00000000 ____D () C:\ProgramData\900639632021982854
2015-04-02 22:53 - 2015-04-02 22:54 - 00000000 ____D () C:\Program Files (x86)\CCooupScanner
2015-04-02 18:33 - 2015-04-02 18:33 - 00000000 ____D () C:\ProgramData\WildWestCoupon
2015-04-02 15:49 - 2015-04-14 12:41 - 00000000 ____D () C:\Users\Andy\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-01 22:50 - 2014-11-23 16:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-01 22:12 - 2014-06-21 13:13 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2590271414-3081139895-2094561154-1000.job
2015-05-01 21:54 - 2012-04-22 21:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-01 20:55 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-01 20:55 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 19:12 - 2009-07-14 01:13 - 00782994 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-01 19:10 - 2011-08-09 19:12 - 01801433 _____ () C:\Windows\WindowsUpdate.log
2015-05-01 19:08 - 2014-11-23 16:45 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 19:07 - 2011-08-29 19:32 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-05-01 19:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-01 19:07 - 2009-07-14 00:51 - 00074272 _____ () C:\Windows\setupact.log
2015-05-01 19:05 - 2012-04-22 21:05 - 00001294 _____ () C:\Users\Andy\Desktop\Spybot - Search & Destroy.lnk
2015-05-01 06:45 - 2011-08-28 11:39 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{22A11CDE-74D0-4586-9751-93191F1FF858}
2015-04-29 22:01 - 2013-10-01 22:58 - 00000000 ____D () C:\Users\Tricia\Documents\10th GRADE
2015-04-21 19:56 - 2011-08-09 19:41 - 00000000 ____D () C:\ProgramData\Sonic
2015-04-20 23:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-20 04:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-20 03:32 - 2014-12-10 04:24 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-20 03:32 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-20 03:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-20 03:17 - 2011-08-18 21:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-20 03:16 - 2011-02-10 12:10 - 00775116 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-20 03:13 - 2013-08-05 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-20 03:13 - 2011-08-09 19:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-20 03:13 - 2011-08-09 19:28 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 03:04 - 2011-08-20 21:48 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 12:54 - 2012-04-22 21:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 12:54 - 2012-04-22 21:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 12:54 - 2011-08-09 19:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 21:03 - 2009-07-13 22:34 - 00450776 ____R () C:\Windows\system32\Drivers\etc\hosts.20150501-114438.backup
2015-04-04 14:23 - 2014-06-21 13:13 - 00003578 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2590271414-3081139895-2094561154-1000
==================== Files in the root of some directories =======
2015-04-14 11:47 - 2015-05-01 20:28 - 0000020 _____ () C:\Users\Andy\AppData\Roaming\appdataFr3.bin
2014-11-23 17:24 - 2014-11-26 15:24 - 0000140 _____ () C:\Users\Andy\AppData\Roaming\WB.CFG
2011-08-29 19:30 - 2011-08-29 19:30 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 00:29
==================== End Of Log ============================
Here is my Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Andy at 2015-05-01 22:51:18
Running from C:\Users\Andy\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2590271414-3081139895-2094561154-500 - Administrator - Disabled)
Andy (S-1-5-21-2590271414-3081139895-2094561154-1000 - Administrator - Enabled) => C:\Users\Andy
Emily (S-1-5-21-2590271414-3081139895-2094561154-1004 - Limited - Enabled) => C:\Users\Emily
Guest (S-1-5-21-2590271414-3081139895-2094561154-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2590271414-3081139895-2094561154-1002 - Limited - Enabled)
Tricia (S-1-5-21-2590271414-3081139895-2094561154-1003 - Limited - Enabled) => C:\Users\Tricia
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
960 Grid System Overlay Unofficial (HKLM-x32\...\{3119AFD3-545C-0955-573A-494F62E61990}) (Version: - "") <==== ATTENTION
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.1 - ArcSoft)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ExtrrASShopper (HKLM-x32\...\{7BCAC0EB-3993-2416-0531-848C39DF8B65}) (Version: - "") <==== ATTENTION
EZ Software Updater version 1.2.0.4 (HKLM-x32\...\EZ Software Updater_is1) (Version: 1.2.0.4 - www.ezupdater.com)
Firefox Packages (HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\...\Firefox Packages) (Version: - ) <==== ATTENTION
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
GeoVision ADPCM (HKLM-x32\...\GeoADPCM) (Version: - )
GeoVision H264 (HKLM-x32\...\Codec_264) (Version: - )
GeoVision JPEG (HKLM-x32\...\Codec_jpeg) (Version: - )
GeoVision MPEG2 (HKLM-x32\...\Codec_mp2) (Version: - )
GeoVision MPEG4 (HKLM-x32\...\GEOXCodec) (Version: - )
GeoVision MPEG4 ASP (HKLM-x32\...\Codec_amp4) (Version: - )
GeoVision MPEG4 AVC (HKLM-x32\...\Codec_AVC) (Version: - )
Go Platform Demo (HKLM\...\{E673C6EF-C5E2-404B-89BC-69AF1EEEE719}) (Version: 1.0.60.29585 - Virtual Heroes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
GoToMeeting 7.1.7.2539 (HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\...\GoToMeeting) (Version: 7.1.7.2539 - CitrixOnline)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
KiNgCoUponn (HKLM-x32\...\{5C28578D-D0F1-699F-01B0-CC0653A28C11}) (Version: - "") <==== ATTENTION
LuckkyaShopoper (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version: - "") <==== ATTENTION
LUUcKyCoupon (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version: - "") <==== ATTENTION
Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Outlook365 Notifier (HKLM-x32\...\{8B114619-78B7-1CFF-55EF-74266954F883}) (Version: - "")
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
RangeMax(tm) NEXT Wireless Adapter WN311B (HKLM-x32\...\{1047106F-3AED-4661-B919-6D377BF641CF}) (Version: - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
RegAlyzer (HKLM-x32\...\{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1) (Version: 1.6.2.16 - Safer-Networking Ltd.)
ROeyaLaCouPOn (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version: - "") <==== ATTENTION
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
RoyAlShoppierApup (HKLM-x32\...\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}) (Version: - "") <==== ATTENTION
SAlesChecker (HKLM-x32\...\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}) (Version: - "") <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
ShhouppEaRMaasstEr (HKLM-x32\...\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}) (Version: - "") <==== ATTENTION
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Speech recognition for Gmail (HKLM-x32\...\{D86C82B0-1F02-816A-5F3D-6466F6A67566}) (Version: - "")
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
WildWestCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - WildWestCoupon) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zoom (HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
==================== Restore Points =========================
10-04-2015 22:40:51 Windows Update
18-04-2015 00:00:02 Scheduled Checkpoint
19-04-2015 21:19:03 Windows Update
20-04-2015 03:00:32 Windows Update
23-04-2015 03:45:14 Windows Update
27-04-2015 03:44:45 Windows Update
01-05-2015 03:44:41 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2015-05-01 11:44 - 00450776 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02F365B8-7F30-488F-B9A8-743FF387A23A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {0CF24F3A-BB2C-4081-8A97-E35FE0F471C1} - System32\Tasks\{8A167F01-22B8-4DEE-94C9-A0719F6486B6} => C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe [2007-09-21] (NetGear)
Task: {1998F808-B78B-4733-888B-262B949C7E3B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {21E00507-6612-4DEE-BBB3-3A513292AD9D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {30BA8067-C76F-4651-B92E-1E93960AFD48} - System32\Tasks\{29B23F9C-0A1E-46FC-ACA8-4534DB008FE4} => C:\Linksys Driver\WUSB54GS_20050428\Setup.exe
Task: {49128882-1329-49BE-85BB-20770D5CFC80} - System32\Tasks\G2MUpdateTask-S-1-5-21-2590271414-3081139895-2094561154-1000 => C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\2539\g2mupdate.exe [2015-04-04] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4C489DB0-3898-4815-89BC-2A1CFAD626FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {50ACEA54-4031-4012-9DCD-83549373108E} - System32\Tasks\{76FBCD91-8344-4123-BC9E-38222B9D4358} => I:\WN311B_setup_V7.1_230-10342-09.exe
Task: {62EF97E7-C33A-4451-B242-FA9A036CF015} - System32\Tasks\{EB214409-05DD-44A2-AD06-97615022C0ED} => I:\WUSB54G-v2_dr.exe
Task: {681E0E12-7174-47BE-939C-B83A959144B7} - System32\Tasks\{A7572C41-0141-4576-9045-8DC3C40AE0D2} => pcalua.exe -a "C:\Linksys Driver\WUSB54Gv2_20040507\Setup.exe" -d "C:\Linksys Driver\WUSB54Gv2_20040507"
Task: {69DAAA6B-012B-43A4-8941-E42D8F5D16B1} - System32\Tasks\{5B2F9BAB-4555-46C9-9C36-786FF9DBC27D} => C:\Linksys Driver\WUSB54Gv2_20040507\Setup.exe
Task: {6F37FB83-4CEF-4C01-BE0B-262305872BA2} - System32\Tasks\{73C36F93-CB6B-4613-ACEC-1F85A80CEEBB} => C:\Linksys Driver\WUSB54Gv2_20040507\Setup.exe
Task: {83FAA88F-2851-453F-BAB7-6945C819C56E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {87A0D40E-55AC-412C-B9F4-804E82CF3882} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {AE5E45BC-FB27-46E1-B4FB-8962BF150386} - System32\Tasks\{525F6367-374A-4AC2-959D-F23D0D007607} => I:\WN311B_setup_V7.1_230-10342-09.exe
Task: {BE018750-5CE8-4111-86E4-7052E414DE91} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {CB6A82ED-BA88-4C86-AEE6-5D68926A4F67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CBC36ED0-F07D-48A8-BDED-4AEA42BA2DEC} - System32\Tasks\{716D8E36-91CA-455D-A89E-E77750C89A31} => C:\Linksys Driver\WUSB54Gv2_20040507\Setup.exe
Task: {CD42AC58-9001-41DC-B345-B46A647B97F4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E032E943-483F-478F-B32B-6A3D6E20D90D} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {ED1BC6AE-991B-4DFD-A70D-6CB4A5883BF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {EF4AB7BE-7C8E-434A-A0D6-4A9265D564DF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FEEA6425-2188-4AA0-AC31-30AEEE7BFC78} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2590271414-3081139895-2094561154-1000.job => C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\2539\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-12-20 13:59 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-11-17 11:35 - 2010-11-17 11:35 - 01440240 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
2015-03-17 18:20 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-11-10 23:53 - 2010-11-10 23:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2015-05-01 20:53 - 2015-02-17 17:02 - 00221696 _____ () C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe
2014-11-23 16:24 - 2014-11-23 16:24 - 03113040 ____N () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-16 03:40 - 2014-10-16 03:40 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-08-09 19:19 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-10-28 13:22 - 2014-10-28 13:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00657904 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll
2014-11-26 15:39 - 2014-11-26 15:40 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7868 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 167.206.10.178 - 167.206.10.179
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C61DC01B-E8B8-4E00-8DA1-4B9DDE437AC7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{871C7BA8-8D1E-45E9-AA63-A54B9E217E07}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{B5C1D1DA-E4A5-4D6C-9AE5-C1423EC0D760}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C7BD8C28-C0FD-4071-8FF1-AA82FBA85BC2}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{2C9E8EC7-9A40-4147-B34E-C5FF47A0E6EB}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{CB17148F-6721-461A-A4CD-EC6FBF5F5A23}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{9ADCC1C2-5124-4E92-BD76-957DE175BFFB}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{48B7CAD1-EF94-4D44-941A-ADE4AB8659D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{6C4D2F0E-D307-45D2-B9CB-B4677FB86BBA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{2445C70D-92AC-4F8C-9A67-6E2DA76725E9}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [TCP Query User{98260AFE-4E74-494E-9B02-98C4BA4BC216}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Allow) C:\program files (x86)\dell\stage remote\stageremoteservice.exe
FirewallRules: [UDP Query User{3B0D25A8-C21F-4B20-80A7-401C930E3116}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Allow) C:\program files (x86)\dell\stage remote\stageremoteservice.exe
FirewallRules: [{8DB26727-F428-479D-9E08-7A86465FAA76}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{5A496270-B30F-4E76-8D29-B3230236240D}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{045DD896-476E-45BC-A19D-BFDDB43C688F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{9AAC04E9-FC68-40C2-9642-4558B13D2360}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5415750B-7B4A-4F2D-9383-7287E3963B8C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF0304B9-17E3-4B98-A6A4-ECD491F7EC7B}] => (Allow) LPort=2869
FirewallRules: [{98C6ACF4-FC58-42CA-8681-527A28E2AEA8}] => (Allow) LPort=1900
FirewallRules: [{1D857BB7-6247-4079-9BF3-10C45FF02ACC}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{DCE1813A-44AB-457B-828F-EB353B976AF5}] => (Allow) %ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe
FirewallRules: [{C9648DE9-4F44-4F9A-B04B-32565A836D14}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8FD43F6A-4429-432F-A532-36C797742479}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB33A97F-D9A9-4EBA-9BF6-B35E37E6BADD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E4530532-D18D-4EF3-90D6-87405C95301D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8E9C21C0-FE18-4682-8E44-414591D70489}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{3B58B757-BB1F-4868-92DE-CF4832CD3F3B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{82BD82FB-37AB-4428-A9AD-2988176887AB}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{E7AA6E1D-C394-436C-878D-851AAE80F1D0}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{BC403D50-65D6-4B75-B8FC-3D227D06A5F5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1380919190\ee\aolsoftware.exe
FirewallRules: [{ED190195-B88A-4F17-86E5-0F1C821039C3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1380919190\ee\aolsoftware.exe
FirewallRules: [{E602DBC2-473D-4653-93EC-6F3BCA8A419A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{885FB96C-1582-40F2-A21A-1C9721972A1C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{9C8B0F01-7649-4C5D-A475-CF0BB1B62C3C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{C202947D-7D01-405C-B411-547C09673388}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{F29391D7-8F32-4E69-9233-A224B7E82B3A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{E68FEA2C-2AEA-4040-A11B-873144265B8B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{98BD0E67-D260-4C7E-AC81-45C7D7010C53}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{C3FC9304-8E14-4C84-8A12-91BE49B201B3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{0AB7510C-0AC5-4C4D-A7C8-176A7C2D02D6}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{15CA4014-685E-4C30-B07D-0273E4CA2A5D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{741102E2-0052-4BD3-B1AB-5C8A74863E3B}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4445E800-8A76-4793-85A5-FC97EA380D47}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2B92C543-BE34-4546-AA89-B8346C913D82}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{701A3BCC-59CF-4061-B6DA-6B72EE0BBBCD}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [UDP Query User{16A3591E-5981-4BF6-9C84-59489A642846}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [{5685BA94-569D-451C-B1E9-70376FC7BF8C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{450CCFE1-EB45-4A91-B115-5D53B61BE81C}] => (Allow) C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/01/2015 08:49:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 8d4
Start Time: 01d08463b2e32137
Termination Time: 19
Application Path: C:\Windows\Explorer.EXE
Report Id: 12fc2f8b-f065-11e4-9aa9-00038a000015
Error: (05/01/2015 07:07:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 02:54:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 00:42:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 11:43:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpybotSD.exe version 1.6.2.46 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1ca0
Start Time: 01d084253c5ff460
Termination Time: 18
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Report Id:
Error: (05/01/2015 00:38:26 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (04/30/2015 01:09:35 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (04/29/2015 01:08:03 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (04/28/2015 00:27:30 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (04/27/2015 01:14:26 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
System errors:
=============
Error: (04/27/2015 03:46:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.703.0).
Error: (04/27/2015 03:46:12 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.197.668.0
Update Source: %NT AUTHORITY59
Update Stage: 4.7.0205.00
Source Path: 4.7.0205.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (04/27/2015 03:46:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.699.0).
Error: (04/22/2015 03:44:01 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5
Error: (04/22/2015 03:43:56 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (04/21/2015 03:43:58 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5
Error: (04/21/2015 03:43:56 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (04/20/2015 03:44:01 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5
Error: (04/20/2015 03:43:56 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (04/19/2015 04:48:39 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 114.3.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.7.0205.00
Source Path: 4.7.0205.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Microsoft Office Sessions:
=========================
Error: (05/01/2015 08:49:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175678d401d08463b2e3213719C:\Windows\Explorer.EXE12fc2f8b-f065-11e4-9aa9-00038a000015
Error: (05/01/2015 07:07:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 02:54:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 00:42:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 11:43:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpybotSD.exe1.6.2.461ca001d084253c5ff46018C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Error: (05/01/2015 00:38:26 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (04/30/2015 01:09:35 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (04/29/2015 01:08:03 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (04/28/2015 00:27:30 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (04/27/2015 01:14:26 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 45%
Total physical RAM: 4060.98 MB
Available physical RAM: 2210.13 MB
Total Pagefile: 8120.16 MB
Available Pagefile: 5827.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:379.12 GB) NTFS
Drive d: (Hochron) (CDROM) (Total:4.06 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F4BF2C56)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Here is the aswMBR log:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-05-01 21:20:31
-----------------------------
21:20:31.165 OS Version: Windows x64 6.1.7601 Service Pack 1
21:20:31.165 Number of processors: 2 586 0x170A
21:20:31.165 ComputerName: NEWDELL UserName: Andy
21:20:31.696 Initialize success
21:20:31.727 VM: initialized successfully
21:20:31.727 VM: Intel CPU BiosDisabled
21:20:58.824 AVAST engine defs: 15050101
21:21:04.518 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:21:04.518 Disk 0 Vendor: WDC_WD50 17.0 Size: 476940MB BusType: 3
21:21:04.612 Disk 0 MBR read successfully
21:21:04.627 Disk 0 MBR scan
21:21:04.659 Disk 0 Windows VISTA default MBR code
21:21:04.659 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
21:21:04.690 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920
21:21:04.705 Disk 0 Boot: NTFS code=1
21:21:04.737 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461733 MB offset 31141888
21:21:04.908 Disk 0 scanning C:\Windows\system32\drivers
21:21:17.763 Service scanning
21:21:43.721 Modules scanning
21:21:43.721 Disk 0 trace - called modules:
21:21:43.737 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:21:43.752 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800492c060]
21:21:43.752 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004433050]
21:21:44.985 AVAST engine scan C:\Windows
21:21:47.808 AVAST engine scan C:\Windows\system32
21:25:09.939 AVAST engine scan C:\Windows\system32\drivers
21:25:23.807 AVAST engine scan C:\Users\Andy
21:34:51.867 File: C:\Users\Andy\Downloads\Setup.exe **INFECTED** Win32:Malware-gen
21:34:54.877 AVAST engine scan C:\ProgramData
21:41:00.655 Disk 0 statistics 4436833/0/0 @ 3.47 MB/s
21:41:00.655 Scan finished successfully
21:54:11.577 Disk 0 MBR has been saved successfully to "C:\FRST\Logs\MBR.dat"
21:54:11.608 The log file has been saved successfully to "C:\FRST\Logs\aswMBR.txt"
Appreciate any suggestions you can give me on how to get rid of this irritating malware.
Thanks,
Andy
I've used S&D for a long time. Recently discovered the Barowwsoe2Save malware. S&D removes all but one instance...get a msg that there is an instance in memory and asks permission to scan on startup...grant permission...restart PC...scan runs...still can't remove malware. I am running it 'as Administrator'.
Here is my FRST log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Andy (administrator) on NEWDELL on 01-05-2015 22:50:54
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available profiles: Andy & Tricia & Emily)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1380919190\ee\aolsoftware.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1380919190\ee\aolupdates.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1380919190\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\...\Run: [Zoom] => [X]
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2011-11-25]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Tricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-02-22]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbc_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0CtD0CtC0CtDyC0AyEtD0D0FyCyEtA0AtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0B0FzzyCyCtGtA0C0D0AtG0BtByCzytGtA0Fzy0BtGyEyB0CtAtAzz0F0CzzzztA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0C0D0DyC0E0CzytGtDzytA0AtGyE0EyE0BtGzyyBtBtAtG0B0F0CyD0FtCtAyCzyyDyByB2Q&cr=915928996&ir=
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbc_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0CtD0CtC0CtDyC0AyEtD0D0FyCyEtA0AtN0D0Tzu0StCtDyDyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0DyC0B0FzzyCyCtGtA0C0D0AtG0BtByCzytGtA0Fzy0BtGyEyB0CtAtAzz0F0CzzzztA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0C0D0DyC0E0CzytGtDzytA0AtGyE0EyE0BtGzyyBtBtAtG0B0F0CyD0FtCtAyCzyyDyByB2Q&cr=915928996&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000 -> DefaultScope {6A90D3FA-5A70-4B5F-8AFF-3218BF21B08B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000 -> {6A90D3FA-5A70-4B5F-8AFF-3218BF21B08B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: RoyAlShoppierApup -> {1cf55e21-88e5-4833-a1c3-2f8397df8b7b} -> C:\Program Files (x86)\RoyAlShoppierApup\roo65abjfCECNR.x64.dll [2015-04-14] ()
BHO: ROYalCOupon -> {30ec5594-67bd-4fc8-b92f-8cedbbb92b42} -> C:\Program Files (x86)\ROYalCOupon\QdiT3opUZuKmEn.x64.dll [2015-04-13] ()
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: SohhoppearMasuterr -> {4bd3e472-ad13-4a33-8c85-f9e3326edb2c} -> C:\Program Files (x86)\SohhoppearMasuterr\8JJ6j4u16wTX1N.x64.dll [2015-04-14] ()
BHO: TTicTaCooupoN -> {69980c52-bb70-4e88-b3d0-66e9532e6762} -> C:\Program Files (x86)\TTicTaCooupoN\GbMSGNclzX6ziN.x64.dll [2015-04-03] ()
BHO: saaviinesHop -> {69a5d6a7-4bb0-4e01-b321-72eae3ea254f} -> C:\Program Files (x86)\saaviinesHop\lnmOseOoOwoY4G.x64.dll [2015-04-02] ()
BHO: SShopperMasutErr -> {71f65125-020c-43ca-b0c2-65e0b01504b4} -> C:\Program Files (x86)\SShopperMasutErr\BBI7U76iifBrR8.x64.dll [2015-04-14] ()
BHO: ROeyaLaCouPOn -> {77ba55ff-e910-4803-a704-f9ddf17e29e6} -> C:\Program Files (x86)\ROeyaLaCouPOn\343NVbpQlGjKGe.x64.dll [2015-04-14] ()
BHO: ShhouppEaRMaasstEr -> {82eb8bfc-f1d1-42f2-bca1-9502fbc0abf0} -> C:\Program Files (x86)\ShhouppEaRMaasstEr\h7TgIl5yN7rDR6.x64.dll [2015-04-14] ()
BHO: SualesMagnet -> {8c346591-b9e1-4827-bb7a-ad4063f96d5f} -> C:\Program Files (x86)\SualesMagnet\lusJK4Hxcj3IcX.x64.dll [2015-04-13] ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: PriinceeCoupon -> {930ecbf5-9923-419c-8121-102edd66f059} -> C:\Program Files (x86)\PriinceeCoupon\t5CAhDAElV1twr.x64.dll [2015-04-03] ()
BHO: LuckkyaShopoper -> {adc8e0dc-3fee-44bd-b517-3a1082cf41da} -> C:\Program Files (x86)\LuckkyaShopoper\H7oYSotTzos5BF.x64.dll [2015-04-14] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: CCooupScanner -> {b7604091-8a8e-40c3-92a9-3327f4d31096} -> C:\Program Files (x86)\CCooupScanner\rX1rL5BkaD9E2a.x64.dll [2015-04-02] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: FFlashCouppon -> {e657b9c1-fe8e-45db-af59-8a233c3d020b} -> C:\Program Files (x86)\FFlashCouppon\3doS7zdAqm1SWV.x64.dll [2015-04-14] ()
BHO: SAlesChecker -> {ea98f952-edf1-4fb1-8177-35b1bd7a200a} -> C:\Program Files (x86)\SAlesChecker\ZIdcENHOId3t8A.x64.dll [2015-04-14] ()
BHO-x32: RoyAlShoppierApup -> {1cf55e21-88e5-4833-a1c3-2f8397df8b7b} -> C:\Program Files (x86)\RoyAlShoppierApup\roo65abjfCECNR.dll [2015-04-14] ()
BHO-x32: ROYalCOupon -> {30ec5594-67bd-4fc8-b92f-8cedbbb92b42} -> C:\Program Files (x86)\ROYalCOupon\QdiT3opUZuKmEn.dll [2015-04-13] ()
BHO-x32: SohhoppearMasuterr -> {4bd3e472-ad13-4a33-8c85-f9e3326edb2c} -> C:\Program Files (x86)\SohhoppearMasuterr\8JJ6j4u16wTX1N.dll [2015-04-14] ()
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: TTicTaCooupoN -> {69980c52-bb70-4e88-b3d0-66e9532e6762} -> C:\Program Files (x86)\TTicTaCooupoN\GbMSGNclzX6ziN.dll [2015-04-03] ()
BHO-x32: saaviinesHop -> {69a5d6a7-4bb0-4e01-b321-72eae3ea254f} -> C:\Program Files (x86)\saaviinesHop\lnmOseOoOwoY4G.dll [2015-04-02] ()
BHO-x32: SShopperMasutErr -> {71f65125-020c-43ca-b0c2-65e0b01504b4} -> C:\Program Files (x86)\SShopperMasutErr\BBI7U76iifBrR8.dll [2015-04-14] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: ROeyaLaCouPOn -> {77ba55ff-e910-4803-a704-f9ddf17e29e6} -> C:\Program Files (x86)\ROeyaLaCouPOn\343NVbpQlGjKGe.dll [2015-04-14] ()
BHO-x32: ShhouppEaRMaasstEr -> {82eb8bfc-f1d1-42f2-bca1-9502fbc0abf0} -> C:\Program Files (x86)\ShhouppEaRMaasstEr\h7TgIl5yN7rDR6.dll [2015-04-14] ()
BHO-x32: SualesMagnet -> {8c346591-b9e1-4827-bb7a-ad4063f96d5f} -> C:\Program Files (x86)\SualesMagnet\lusJK4Hxcj3IcX.dll [2015-04-13] ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: PriinceeCoupon -> {930ecbf5-9923-419c-8121-102edd66f059} -> C:\Program Files (x86)\PriinceeCoupon\t5CAhDAElV1twr.dll [2015-04-03] ()
BHO-x32: LuckkyaShopoper -> {adc8e0dc-3fee-44bd-b517-3a1082cf41da} -> C:\Program Files (x86)\LuckkyaShopoper\H7oYSotTzos5BF.dll [2015-04-14] ()
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: CCooupScanner -> {b7604091-8a8e-40c3-92a9-3327f4d31096} -> C:\Program Files (x86)\CCooupScanner\rX1rL5BkaD9E2a.dll [2015-04-02] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: FFlashCouppon -> {e657b9c1-fe8e-45db-af59-8a233c3d020b} -> C:\Program Files (x86)\FFlashCouppon\3doS7zdAqm1SWV.dll [2015-04-14] ()
BHO-x32: SAlesChecker -> {ea98f952-edf1-4fb1-8177-35b1bd7a200a} -> C:\Program Files (x86)\SAlesChecker\ZIdcENHOId3t8A.dll [2015-04-14] ()
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000}
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://join-test.webex.com/client/WBXclient-T29L10NSP10EP1-10115/webex/ieatgpc1.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=972
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 167.206.10.178 167.206.10.179
FireFox:
========
FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\jgud7t4x.default
FF DefaultSearchEngine: Vosteran
FF SelectedSearchEngine: Vosteran
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @ara.com/x-GoPlatformDemo-plugin -> C:\Program Files\Go Platform Demo\Binaries\PIB\NP64\np-GoPlatformDemo.dll [2015-01-19] (ARA, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @ara.com/x-GoPlatformDemo-plugin -> C:\Program Files\Go Platform Demo\Binaries\PIB\NP\np-GoPlatformDemo.dll [2015-01-19] (ARA, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-23] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2590271414-3081139895-2094561154-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Andy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-2590271414-3081139895-2094561154-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Andy\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-03-17] (Zoom Video Communications, Inc.)
FF user.js: detected! => C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\jgud7t4x.default\user.js [2014-11-23]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2014-11-23] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Andy\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-11-23] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\jgud7t4x.default\searchplugins\Vosteran.xml [2014-11-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-26]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-26]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Grand Theft Auto GTA 2013) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\acdgodjffnfkeciofehiiehjmmafanng [2015-04-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-02]
CHR Extension: (Outlook365 Notifier) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfemhokeipigjjdopkanibcilnbbjpf [2015-04-14]
CHR Extension: (Speech recognition for Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffnepgjlfiinpkplhjmehkdhnaaongdk [2015-04-14]
CHR Extension: (Instair New Tab) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfdepldelkjiaidnlfgbffbnbljjddfh [2015-04-14]
CHR Extension: (960 Grid System Overlay Unofficial) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjlbgclilhfnikffpemggmnmgpkdeocf [2015-04-13]
CHR Extension: (Blipshot one click screenshots) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaboflcmhejfihjcbmdiebgfchigjcf [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (MultiHighlighter) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifbglmlbpgpbflnkfpclkmckoollbn [2015-04-03]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-02]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3113040 2014-11-23] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 EZ Software Updater; C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe [221696 2015-02-17] () [File not signed] <==== ATTENTION
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 NTG43XX; C:\Windows\System32\DRIVERS\WN311B64.sys [3058168 2010-04-03] (Broadcom Corporation)
S3 RT2500USB; C:\Windows\System32\DRIVERS\rt2500usb.sys [245248 2006-11-08] (Ralink Technology Inc.)
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
U3 aswMBR; \??\C:\Users\Andy\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Andy\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-01 22:50 - 2015-05-01 22:51 - 00024252 _____ () C:\Users\Andy\Desktop\FRST.txt
2015-05-01 22:50 - 2015-05-01 20:50 - 02101248 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2015-05-01 20:59 - 2015-05-01 21:00 - 05198336 _____ (AVAST Software) C:\Users\Andy\Downloads\aswMBR.exe
2015-05-01 20:57 - 2015-05-01 20:58 - 00041635 _____ () C:\Users\Andy\Downloads\Addition.txt
2015-05-01 20:56 - 2015-05-01 22:44 - 00059514 _____ () C:\Users\Andy\Downloads\FRST.txt
2015-05-01 20:54 - 2015-05-01 20:54 - 02101248 _____ (Farbar) C:\Users\Andy\Downloads\FRST64 (1).exe
2015-05-01 20:54 - 2015-05-01 20:54 - 00465500 _____ ( ) C:\Users\Andy\Downloads\setup (1).exe
2015-05-01 20:53 - 2015-05-01 20:54 - 00000000 ____D () C:\Program Files (x86)\Media Downloader
2015-05-01 20:53 - 2015-05-01 20:53 - 00001236 _____ () C:\Users\Public\Desktop\Media Downloader.lnk
2015-05-01 20:53 - 2015-05-01 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Downloader
2015-05-01 20:53 - 2015-05-01 20:53 - 00000000 ____D () C:\Program Files (x86)\EZ Software Updater
2015-05-01 20:52 - 2015-05-01 20:52 - 00368136 _____ () C:\Users\Andy\Downloads\Setup.exe
2015-05-01 20:51 - 2015-05-01 22:50 - 00000000 ____D () C:\FRST
2015-05-01 20:50 - 2015-05-01 20:50 - 02101248 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2015-05-01 20:45 - 2015-05-01 20:45 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NEWDELL-Windows-7-Home-Premium-(64-bit).dat
2015-05-01 20:44 - 2015-05-01 20:44 - 00000000 ____D () C:\RegBackup
2015-05-01 20:43 - 2015-05-01 20:43 - 04804736 _____ () C:\Users\Andy\Downloads\tweaking.com_registry_backup_setup.exe
2015-05-01 20:43 - 2015-05-01 20:43 - 00002241 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-05-01 20:43 - 2015-05-01 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-05-01 20:43 - 2015-05-01 20:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-04-20 03:13 - 2015-04-20 03:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-19 21:19 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-19 21:19 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-19 21:19 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-19 21:19 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-19 21:19 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-19 21:19 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-19 21:19 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-19 21:19 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-19 21:19 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-19 21:19 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-19 21:18 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-19 21:18 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-19 21:18 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-19 21:18 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-19 21:18 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-19 21:18 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-19 21:18 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-19 21:18 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-19 21:18 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-19 21:18 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-19 21:18 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-19 21:18 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-19 21:18 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-19 21:18 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-19 21:18 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-19 21:18 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-19 21:18 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-19 21:18 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-19 21:18 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-19 21:18 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-19 21:18 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-19 21:18 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-19 21:18 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-19 21:18 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-19 21:18 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-19 21:18 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-19 21:18 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-19 21:18 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-19 21:18 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-19 21:18 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-19 21:18 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-19 21:18 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-19 21:18 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-19 21:18 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-19 21:18 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 21:18 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-19 21:18 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-19 21:18 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-19 21:18 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-19 21:18 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-19 21:17 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-19 21:17 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-19 21:17 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-19 21:17 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-19 21:17 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-19 21:17 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-19 21:17 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-19 21:17 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-19 21:17 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-19 21:17 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-19 21:17 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-19 21:17 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-19 21:17 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-19 21:17 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-19 21:17 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-19 21:17 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-19 21:17 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-19 21:17 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-19 21:17 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-19 21:17 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-19 21:17 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-19 21:17 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-19 21:17 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-19 21:17 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-19 21:17 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-19 21:17 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-19 21:17 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-19 21:17 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-19 21:17 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-19 21:17 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-19 21:17 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-19 21:17 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-19 21:17 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-19 21:17 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-19 21:17 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-19 21:17 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-19 21:17 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-19 21:17 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-19 21:17 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-19 21:17 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-19 21:17 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-19 21:17 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-19 21:17 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-19 21:17 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-19 21:17 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-19 21:17 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-19 21:17 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-19 21:17 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-19 21:17 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-19 21:17 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-19 21:17 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-19 21:17 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-19 21:17 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-19 21:17 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-19 21:17 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-19 21:17 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-19 21:17 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-19 21:16 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-19 21:16 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-19 21:16 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-19 21:16 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-19 21:16 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-19 21:16 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-19 21:16 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-19 21:16 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-19 21:16 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-19 21:16 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-19 21:16 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-19 21:16 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-19 21:16 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-19 21:16 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-19 21:16 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-19 21:10 - 2015-04-19 21:10 - 04450304 _____ () C:\Users\Tricia\Downloads\16 - Chapter 15 - Therapy.ppt
2015-04-14 12:38 - 2015-04-14 12:38 - 00000020 _____ () C:\Users\Emily\AppData\Roaming\appdataFr3.bin
2015-04-14 12:16 - 2015-04-14 12:16 - 01339719 _____ () C:\Users\Andy\Downloads\rootalyz-0.3.4.47.zip
2015-04-14 12:04 - 2015-04-14 12:04 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Safer Networking
2015-04-14 12:03 - 2015-04-14 12:03 - 01752632 _____ (Safer-Networking Ltd. ) C:\Users\Andy\Downloads\regalyz-1.6.2.16.exe
2015-04-14 12:03 - 2015-04-14 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
2015-04-14 12:03 - 2015-04-14 12:03 - 00000000 ____D () C:\Program Files (x86)\Safer Networking
2015-04-14 11:47 - 2015-05-01 20:28 - 00000020 _____ () C:\Users\Andy\AppData\Roaming\appdataFr3.bin
2015-04-14 05:25 - 2015-04-14 05:25 - 00000000 ____D () C:\Program Files (x86)\Speech recognition for Gmail
2015-04-14 05:25 - 2015-04-14 05:25 - 00000000 ____D () C:\Program Files (x86)\ShhouppEaRMaasstEr
2015-04-14 05:25 - 2015-04-14 05:25 - 00000000 ____D () C:\Program Files (x86)\SAlesChecker
2015-04-14 05:25 - 2015-04-14 05:25 - 00000000 ____D () C:\Program Files (x86)\ExtrrASShopper
2015-04-14 05:05 - 2015-04-14 05:05 - 00000000 ____D () C:\Program Files (x86)\SShopperMasutErr
2015-04-14 05:05 - 2015-04-14 05:05 - 00000000 ____D () C:\Program Files (x86)\PorionceCoupon
2015-04-14 05:05 - 2015-04-14 05:05 - 00000000 ____D () C:\Program Files (x86)\Outlook365 Notifier
2015-04-14 05:05 - 2015-04-14 05:05 - 00000000 ____D () C:\Program Files (x86)\LuckkyaShopoper
2015-04-14 01:05 - 2015-04-14 01:05 - 00000000 ____D () C:\Program Files (x86)\RoyAlShoppierApup
2015-04-14 01:05 - 2015-04-14 01:05 - 00000000 ____D () C:\Program Files (x86)\RoyalShoPperoApp
2015-04-14 01:05 - 2015-04-14 01:05 - 00000000 ____D () C:\Program Files (x86)\Instair New Tab
2015-04-14 01:05 - 2015-04-14 01:05 - 00000000 ____D () C:\Program Files (x86)\FFlashCouppon
2015-04-14 00:45 - 2015-04-14 00:45 - 00000000 ____D () C:\Program Files (x86)\SohhoppearMasuterr
2015-04-14 00:45 - 2015-04-14 00:45 - 00000000 ____D () C:\Program Files (x86)\ROeyaLaCouPOn
2015-04-14 00:45 - 2015-04-14 00:45 - 00000000 ____D () C:\Program Files (x86)\LUUcKyCoupon
2015-04-14 00:45 - 2015-04-14 00:45 - 00000000 ____D () C:\Program Files (x86)\Grand Theft Auto GTA 2013
2015-04-13 21:45 - 2015-04-13 21:45 - 00000000 ____D () C:\Program Files (x86)\SualesMagnet
2015-04-13 21:45 - 2015-04-13 21:45 - 00000000 ____D () C:\Program Files (x86)\ROYalCOupon
2015-04-13 21:45 - 2015-04-13 21:45 - 00000000 ____D () C:\Program Files (x86)\KiNgCoUponn
2015-04-13 21:45 - 2015-04-13 21:45 - 00000000 ____D () C:\Program Files (x86)\960 Grid System Overlay Unofficial
2015-04-06 18:02 - 2015-04-29 22:11 - 00000020 _____ () C:\Users\Tricia\AppData\Roaming\appdataFr3.bin
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 16:14 - 2015-04-03 16:15 - 00000000 ____D () C:\Program Files (x86)\TTicTaCooupoN
2015-04-03 16:14 - 2015-04-03 16:15 - 00000000 ____D () C:\Program Files (x86)\BeetterrPoriceaCheC
2015-04-03 16:14 - 2015-04-03 16:14 - 00000000 ____D () C:\Program Files (x86)\PriinceeCoupon
2015-04-03 16:14 - 2015-04-03 16:14 - 00000000 ____D () C:\Program Files (x86)\MultiHighlighter
2015-04-03 11:53 - 2015-04-03 11:54 - 00000000 ____D () C:\Program Files (x86)\Blipshot one click screenshots
2015-04-03 03:13 - 2015-04-03 03:14 - 00000000 ____D () C:\Program Files (x86)\WWoeWCouuuponn
2015-04-02 22:54 - 2015-04-02 22:54 - 00000000 ____D () C:\Program Files (x86)\saaviinesHop
2015-04-02 22:53 - 2015-04-14 05:26 - 00000000 ____D () C:\ProgramData\900639632021982854
2015-04-02 22:53 - 2015-04-02 22:54 - 00000000 ____D () C:\Program Files (x86)\CCooupScanner
2015-04-02 18:33 - 2015-04-02 18:33 - 00000000 ____D () C:\ProgramData\WildWestCoupon
2015-04-02 15:49 - 2015-04-14 12:41 - 00000000 ____D () C:\Users\Andy\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-01 22:50 - 2014-11-23 16:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-01 22:12 - 2014-06-21 13:13 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2590271414-3081139895-2094561154-1000.job
2015-05-01 21:54 - 2012-04-22 21:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-01 20:55 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-01 20:55 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-01 19:12 - 2009-07-14 01:13 - 00782994 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-01 19:10 - 2011-08-09 19:12 - 01801433 _____ () C:\Windows\WindowsUpdate.log
2015-05-01 19:08 - 2014-11-23 16:45 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 19:07 - 2011-08-29 19:32 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-05-01 19:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-01 19:07 - 2009-07-14 00:51 - 00074272 _____ () C:\Windows\setupact.log
2015-05-01 19:05 - 2012-04-22 21:05 - 00001294 _____ () C:\Users\Andy\Desktop\Spybot - Search & Destroy.lnk
2015-05-01 06:45 - 2011-08-28 11:39 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{22A11CDE-74D0-4586-9751-93191F1FF858}
2015-04-29 22:01 - 2013-10-01 22:58 - 00000000 ____D () C:\Users\Tricia\Documents\10th GRADE
2015-04-21 19:56 - 2011-08-09 19:41 - 00000000 ____D () C:\ProgramData\Sonic
2015-04-20 23:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-20 04:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-20 03:32 - 2014-12-10 04:24 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-20 03:32 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-20 03:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-20 03:17 - 2011-08-18 21:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-20 03:16 - 2011-02-10 12:10 - 00775116 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-20 03:13 - 2013-08-05 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-20 03:13 - 2011-08-09 19:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-20 03:13 - 2011-08-09 19:28 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 03:04 - 2011-08-20 21:48 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 12:54 - 2012-04-22 21:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 12:54 - 2012-04-22 21:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 12:54 - 2011-08-09 19:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 21:03 - 2009-07-13 22:34 - 00450776 ____R () C:\Windows\system32\Drivers\etc\hosts.20150501-114438.backup
2015-04-04 14:23 - 2014-06-21 13:13 - 00003578 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2590271414-3081139895-2094561154-1000
==================== Files in the root of some directories =======
2015-04-14 11:47 - 2015-05-01 20:28 - 0000020 _____ () C:\Users\Andy\AppData\Roaming\appdataFr3.bin
2014-11-23 17:24 - 2014-11-26 15:24 - 0000140 _____ () C:\Users\Andy\AppData\Roaming\WB.CFG
2011-08-29 19:30 - 2011-08-29 19:30 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 00:29
==================== End Of Log ============================
Here is my Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Andy at 2015-05-01 22:51:18
Running from C:\Users\Andy\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2590271414-3081139895-2094561154-500 - Administrator - Disabled)
Andy (S-1-5-21-2590271414-3081139895-2094561154-1000 - Administrator - Enabled) => C:\Users\Andy
Emily (S-1-5-21-2590271414-3081139895-2094561154-1004 - Limited - Enabled) => C:\Users\Emily
Guest (S-1-5-21-2590271414-3081139895-2094561154-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2590271414-3081139895-2094561154-1002 - Limited - Enabled)
Tricia (S-1-5-21-2590271414-3081139895-2094561154-1003 - Limited - Enabled) => C:\Users\Tricia
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
960 Grid System Overlay Unofficial (HKLM-x32\...\{3119AFD3-545C-0955-573A-494F62E61990}) (Version: - "") <==== ATTENTION
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.1 - ArcSoft)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ExtrrASShopper (HKLM-x32\...\{7BCAC0EB-3993-2416-0531-848C39DF8B65}) (Version: - "") <==== ATTENTION
EZ Software Updater version 1.2.0.4 (HKLM-x32\...\EZ Software Updater_is1) (Version: 1.2.0.4 - www.ezupdater.com)
Firefox Packages (HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\...\Firefox Packages) (Version: - ) <==== ATTENTION
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
GeoVision ADPCM (HKLM-x32\...\GeoADPCM) (Version: - )
GeoVision H264 (HKLM-x32\...\Codec_264) (Version: - )
GeoVision JPEG (HKLM-x32\...\Codec_jpeg) (Version: - )
GeoVision MPEG2 (HKLM-x32\...\Codec_mp2) (Version: - )
GeoVision MPEG4 (HKLM-x32\...\GEOXCodec) (Version: - )
GeoVision MPEG4 ASP (HKLM-x32\...\Codec_amp4) (Version: - )
GeoVision MPEG4 AVC (HKLM-x32\...\Codec_AVC) (Version: - )
Go Platform Demo (HKLM\...\{E673C6EF-C5E2-404B-89BC-69AF1EEEE719}) (Version: 1.0.60.29585 - Virtual Heroes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
GoToMeeting 7.1.7.2539 (HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\...\GoToMeeting) (Version: 7.1.7.2539 - CitrixOnline)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
KiNgCoUponn (HKLM-x32\...\{5C28578D-D0F1-699F-01B0-CC0653A28C11}) (Version: - "") <==== ATTENTION
LuckkyaShopoper (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version: - "") <==== ATTENTION
LUUcKyCoupon (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version: - "") <==== ATTENTION
Media Downloader version 1.5 (HKLM-x32\...\Media Downloader_is1) (Version: 1.5 - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Outlook365 Notifier (HKLM-x32\...\{8B114619-78B7-1CFF-55EF-74266954F883}) (Version: - "")
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
RangeMax(tm) NEXT Wireless Adapter WN311B (HKLM-x32\...\{1047106F-3AED-4661-B919-6D377BF641CF}) (Version: - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
RegAlyzer (HKLM-x32\...\{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1) (Version: 1.6.2.16 - Safer-Networking Ltd.)
ROeyaLaCouPOn (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version: - "") <==== ATTENTION
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
RoyAlShoppierApup (HKLM-x32\...\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}) (Version: - "") <==== ATTENTION
SAlesChecker (HKLM-x32\...\{CC17A332-9555-AD95-3985-0BDD9BF0EC71}) (Version: - "") <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
ShhouppEaRMaasstEr (HKLM-x32\...\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}) (Version: - "") <==== ATTENTION
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Speech recognition for Gmail (HKLM-x32\...\{D86C82B0-1F02-816A-5F3D-6466F6A67566}) (Version: - "")
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
WildWestCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - WildWestCoupon) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zoom (HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2590271414-3081139895-2094561154-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
==================== Restore Points =========================
10-04-2015 22:40:51 Windows Update
18-04-2015 00:00:02 Scheduled Checkpoint
19-04-2015 21:19:03 Windows Update
20-04-2015 03:00:32 Windows Update
23-04-2015 03:45:14 Windows Update
27-04-2015 03:44:45 Windows Update
01-05-2015 03:44:41 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2015-05-01 11:44 - 00450776 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02F365B8-7F30-488F-B9A8-743FF387A23A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {0CF24F3A-BB2C-4081-8A97-E35FE0F471C1} - System32\Tasks\{8A167F01-22B8-4DEE-94C9-A0719F6486B6} => C:\Program Files\NETGEAR\WN311B\Utility\WN311B.exe [2007-09-21] (NetGear)
Task: {1998F808-B78B-4733-888B-262B949C7E3B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {21E00507-6612-4DEE-BBB3-3A513292AD9D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {30BA8067-C76F-4651-B92E-1E93960AFD48} - System32\Tasks\{29B23F9C-0A1E-46FC-ACA8-4534DB008FE4} => C:\Linksys Driver\WUSB54GS_20050428\Setup.exe
Task: {49128882-1329-49BE-85BB-20770D5CFC80} - System32\Tasks\G2MUpdateTask-S-1-5-21-2590271414-3081139895-2094561154-1000 => C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\2539\g2mupdate.exe [2015-04-04] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4C489DB0-3898-4815-89BC-2A1CFAD626FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-23] (Google Inc.)
Task: {50ACEA54-4031-4012-9DCD-83549373108E} - System32\Tasks\{76FBCD91-8344-4123-BC9E-38222B9D4358} => I:\WN311B_setup_V7.1_230-10342-09.exe
Task: {62EF97E7-C33A-4451-B242-FA9A036CF015} - System32\Tasks\{EB214409-05DD-44A2-AD06-97615022C0ED} => I:\WUSB54G-v2_dr.exe
Task: {681E0E12-7174-47BE-939C-B83A959144B7} - System32\Tasks\{A7572C41-0141-4576-9045-8DC3C40AE0D2} => pcalua.exe -a "C:\Linksys Driver\WUSB54Gv2_20040507\Setup.exe" -d "C:\Linksys Driver\WUSB54Gv2_20040507"
Task: {69DAAA6B-012B-43A4-8941-E42D8F5D16B1} - System32\Tasks\{5B2F9BAB-4555-46C9-9C36-786FF9DBC27D} => C:\Linksys Driver\WUSB54Gv2_20040507\Setup.exe
Task: {6F37FB83-4CEF-4C01-BE0B-262305872BA2} - System32\Tasks\{73C36F93-CB6B-4613-ACEC-1F85A80CEEBB} => C:\Linksys Driver\WUSB54Gv2_20040507\Setup.exe
Task: {83FAA88F-2851-453F-BAB7-6945C819C56E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {87A0D40E-55AC-412C-B9F4-804E82CF3882} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {AE5E45BC-FB27-46E1-B4FB-8962BF150386} - System32\Tasks\{525F6367-374A-4AC2-959D-F23D0D007607} => I:\WN311B_setup_V7.1_230-10342-09.exe
Task: {BE018750-5CE8-4111-86E4-7052E414DE91} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {CB6A82ED-BA88-4C86-AEE6-5D68926A4F67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CBC36ED0-F07D-48A8-BDED-4AEA42BA2DEC} - System32\Tasks\{716D8E36-91CA-455D-A89E-E77750C89A31} => C:\Linksys Driver\WUSB54Gv2_20040507\Setup.exe
Task: {CD42AC58-9001-41DC-B345-B46A647B97F4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E032E943-483F-478F-B32B-6A3D6E20D90D} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {ED1BC6AE-991B-4DFD-A70D-6CB4A5883BF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {EF4AB7BE-7C8E-434A-A0D6-4A9265D564DF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FEEA6425-2188-4AA0-AC31-30AEEE7BFC78} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2590271414-3081139895-2094561154-1000.job => C:\Users\Andy\AppData\Local\Citrix\GoToMeeting\2539\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-12-20 13:59 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-11-17 11:35 - 2010-11-17 11:35 - 01440240 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
2015-03-17 18:20 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-11-10 23:53 - 2010-11-10 23:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2015-05-01 20:53 - 2015-02-17 17:02 - 00221696 _____ () C:\Program Files (x86)\EZ Software Updater\EZ Software Updater.exe
2014-11-23 16:24 - 2014-11-23 16:24 - 03113040 ____N () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-16 03:40 - 2014-10-16 03:40 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2011-08-09 19:19 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-10-28 13:22 - 2014-10-28 13:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00657904 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll
2014-11-26 15:39 - 2014-11-26 15:40 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7868 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2590271414-3081139895-2094561154-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 167.206.10.178 - 167.206.10.179
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C61DC01B-E8B8-4E00-8DA1-4B9DDE437AC7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{871C7BA8-8D1E-45E9-AA63-A54B9E217E07}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{B5C1D1DA-E4A5-4D6C-9AE5-C1423EC0D760}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C7BD8C28-C0FD-4071-8FF1-AA82FBA85BC2}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{2C9E8EC7-9A40-4147-B34E-C5FF47A0E6EB}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{CB17148F-6721-461A-A4CD-EC6FBF5F5A23}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{9ADCC1C2-5124-4E92-BD76-957DE175BFFB}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{48B7CAD1-EF94-4D44-941A-ADE4AB8659D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{6C4D2F0E-D307-45D2-B9CB-B4677FB86BBA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{2445C70D-92AC-4F8C-9A67-6E2DA76725E9}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [TCP Query User{98260AFE-4E74-494E-9B02-98C4BA4BC216}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Allow) C:\program files (x86)\dell\stage remote\stageremoteservice.exe
FirewallRules: [UDP Query User{3B0D25A8-C21F-4B20-80A7-401C930E3116}C:\program files (x86)\dell\stage remote\stageremoteservice.exe] => (Allow) C:\program files (x86)\dell\stage remote\stageremoteservice.exe
FirewallRules: [{8DB26727-F428-479D-9E08-7A86465FAA76}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{5A496270-B30F-4E76-8D29-B3230236240D}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{045DD896-476E-45BC-A19D-BFDDB43C688F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{9AAC04E9-FC68-40C2-9642-4558B13D2360}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5415750B-7B4A-4F2D-9383-7287E3963B8C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AF0304B9-17E3-4B98-A6A4-ECD491F7EC7B}] => (Allow) LPort=2869
FirewallRules: [{98C6ACF4-FC58-42CA-8681-527A28E2AEA8}] => (Allow) LPort=1900
FirewallRules: [{1D857BB7-6247-4079-9BF3-10C45FF02ACC}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{DCE1813A-44AB-457B-828F-EB353B976AF5}] => (Allow) %ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe
FirewallRules: [{C9648DE9-4F44-4F9A-B04B-32565A836D14}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8FD43F6A-4429-432F-A532-36C797742479}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB33A97F-D9A9-4EBA-9BF6-B35E37E6BADD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E4530532-D18D-4EF3-90D6-87405C95301D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8E9C21C0-FE18-4682-8E44-414591D70489}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{3B58B757-BB1F-4868-92DE-CF4832CD3F3B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{82BD82FB-37AB-4428-A9AD-2988176887AB}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{E7AA6E1D-C394-436C-878D-851AAE80F1D0}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{BC403D50-65D6-4B75-B8FC-3D227D06A5F5}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1380919190\ee\aolsoftware.exe
FirewallRules: [{ED190195-B88A-4F17-86E5-0F1C821039C3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1380919190\ee\aolsoftware.exe
FirewallRules: [{E602DBC2-473D-4653-93EC-6F3BCA8A419A}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{885FB96C-1582-40F2-A21A-1C9721972A1C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{9C8B0F01-7649-4C5D-A475-CF0BB1B62C3C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{C202947D-7D01-405C-B411-547C09673388}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{F29391D7-8F32-4E69-9233-A224B7E82B3A}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{E68FEA2C-2AEA-4040-A11B-873144265B8B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{98BD0E67-D260-4C7E-AC81-45C7D7010C53}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{C3FC9304-8E14-4C84-8A12-91BE49B201B3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{0AB7510C-0AC5-4C4D-A7C8-176A7C2D02D6}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{15CA4014-685E-4C30-B07D-0273E4CA2A5D}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{741102E2-0052-4BD3-B1AB-5C8A74863E3B}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4445E800-8A76-4793-85A5-FC97EA380D47}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2B92C543-BE34-4546-AA89-B8346C913D82}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{701A3BCC-59CF-4061-B6DA-6B72EE0BBBCD}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [UDP Query User{16A3591E-5981-4BF6-9C84-59489A642846}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [{5685BA94-569D-451C-B1E9-70376FC7BF8C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{450CCFE1-EB45-4A91-B115-5D53B61BE81C}] => (Allow) C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/01/2015 08:49:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 8d4
Start Time: 01d08463b2e32137
Termination Time: 19
Application Path: C:\Windows\Explorer.EXE
Report Id: 12fc2f8b-f065-11e4-9aa9-00038a000015
Error: (05/01/2015 07:07:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 02:54:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 00:42:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 11:43:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpybotSD.exe version 1.6.2.46 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1ca0
Start Time: 01d084253c5ff460
Termination Time: 18
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Report Id:
Error: (05/01/2015 00:38:26 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (04/30/2015 01:09:35 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (04/29/2015 01:08:03 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (04/28/2015 00:27:30 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (04/27/2015 01:14:26 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
System errors:
=============
Error: (04/27/2015 03:46:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.703.0).
Error: (04/27/2015 03:46:12 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.197.668.0
Update Source: %NT AUTHORITY59
Update Stage: 4.7.0205.00
Source Path: 4.7.0205.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (04/27/2015 03:46:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.699.0).
Error: (04/22/2015 03:44:01 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5
Error: (04/22/2015 03:43:56 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (04/21/2015 03:43:58 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5
Error: (04/21/2015 03:43:56 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (04/20/2015 03:44:01 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5
Error: (04/20/2015 03:43:56 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (04/19/2015 04:48:39 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 114.3.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.7.0205.00
Source Path: 4.7.0205.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Microsoft Office Sessions:
=========================
Error: (05/01/2015 08:49:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175678d401d08463b2e3213719C:\Windows\Explorer.EXE12fc2f8b-f065-11e4-9aa9-00038a000015
Error: (05/01/2015 07:07:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 02:54:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 00:42:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 11:43:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpybotSD.exe1.6.2.461ca001d084253c5ff46018C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Error: (05/01/2015 00:38:26 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (04/30/2015 01:09:35 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (04/29/2015 01:08:03 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (04/28/2015 00:27:30 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (04/27/2015 01:14:26 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 45%
Total physical RAM: 4060.98 MB
Available physical RAM: 2210.13 MB
Total Pagefile: 8120.16 MB
Available Pagefile: 5827.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:379.12 GB) NTFS
Drive d: (Hochron) (CDROM) (Total:4.06 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F4BF2C56)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Here is the aswMBR log:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-05-01 21:20:31
-----------------------------
21:20:31.165 OS Version: Windows x64 6.1.7601 Service Pack 1
21:20:31.165 Number of processors: 2 586 0x170A
21:20:31.165 ComputerName: NEWDELL UserName: Andy
21:20:31.696 Initialize success
21:20:31.727 VM: initialized successfully
21:20:31.727 VM: Intel CPU BiosDisabled
21:20:58.824 AVAST engine defs: 15050101
21:21:04.518 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:21:04.518 Disk 0 Vendor: WDC_WD50 17.0 Size: 476940MB BusType: 3
21:21:04.612 Disk 0 MBR read successfully
21:21:04.627 Disk 0 MBR scan
21:21:04.659 Disk 0 Windows VISTA default MBR code
21:21:04.659 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
21:21:04.690 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920
21:21:04.705 Disk 0 Boot: NTFS code=1
21:21:04.737 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461733 MB offset 31141888
21:21:04.908 Disk 0 scanning C:\Windows\system32\drivers
21:21:17.763 Service scanning
21:21:43.721 Modules scanning
21:21:43.721 Disk 0 trace - called modules:
21:21:43.737 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:21:43.752 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800492c060]
21:21:43.752 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004433050]
21:21:44.985 AVAST engine scan C:\Windows
21:21:47.808 AVAST engine scan C:\Windows\system32
21:25:09.939 AVAST engine scan C:\Windows\system32\drivers
21:25:23.807 AVAST engine scan C:\Users\Andy
21:34:51.867 File: C:\Users\Andy\Downloads\Setup.exe **INFECTED** Win32:Malware-gen
21:34:54.877 AVAST engine scan C:\ProgramData
21:41:00.655 Disk 0 statistics 4436833/0/0 @ 3.47 MB/s
21:41:00.655 Scan finished successfully
21:54:11.577 Disk 0 MBR has been saved successfully to "C:\FRST\Logs\MBR.dat"
21:54:11.608 The log file has been saved successfully to "C:\FRST\Logs\aswMBR.txt"
Appreciate any suggestions you can give me on how to get rid of this irritating malware.
Thanks,
Andy