Eddygeez
2015-09-23, 13:24
Hi all,
Would appreciate some assistance on this matter. Recently upgraded PC to Windows 10 and unfortunately AVG was not reporting that it was not functioning, my daughter (on her laptop) in downloading something installed an array of malware including system notifier and webshield. After a bit of a fight I managed to install adaware, spybot and ESET, which have all been run and have apparently removed or controlled many of the issues, I subsequently managed to uninstall system notifier and a browser toolbar, and some firefox add ons. But webshield will not install and instead seems to direct you to more malware, the attempt is blocked by eset, which identifies an installcore.adq.gen attack, which also occurs periodically while using the PC and also installmonetizer attacks occur.
I have followed the per-requisites and following is the suggested logs etc.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Ed (administrator) on JEAN-PC (23-09-2015 10:20:35)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed & Nettie & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Dropbox, Inc.) C:\Users\Ed\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Dropbox, Inc.) C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.12711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935912 2015-08-16] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [534664 2011-11-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2015-01-23] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_gb_004010073] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\...\Run: [Dropbox Update] => C:\Users\Ed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1402640 2015-09-06] (Lavasoft)
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-09-17]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-01-14]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Nettie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2014-02-15]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50515;https=127.0.0.1:50515
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-06] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3de1fac4-b916-448f-a747-e5a362d2fc66}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{448ceda5-5113-4e2f-ae13-3c72e43becab}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-296683832-2999118333-2811571079-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D090615-A60FA26CFB78147A880F&form=CONBDF&conlogo=CT3332038&q={searchTerms}
SearchScopes: HKU\S-1-5-21-296683832-2999118333-2811571079-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D090615-A60FA26CFB78147A880F&form=CONBDF&conlogo=CT3332038&q={searchTerms}
SearchScopes: HKU\S-1-5-21-296683832-2999118333-2811571079-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-296683832-2999118333-2811571079-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-296683832-2999118333-2811571079-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.2: Google
FF SelectedSearchEngine: Ixquick HTTPS - UK
FF Homepage: hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-28] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-28] (globalUpdate)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Xmarks - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\foxmarks@kei.com [2015-06-09]
FF Extension: Zotero automatic export - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\zotero-autoexport-bib@rokdd.xpi [2014-06-29]
FF Extension: Zotero - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\zotero@chnm.gmu.edu.xpi [2014-03-17]
FF Extension: Zotero Scholar Citations - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\zoteroscholarcitations@beloglazov.info.xpi [2014-06-29]
FF Extension: ZotFile - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\zotfile@columbia.edu.xpi [2014-06-29]
FF Extension: Download Status Bar - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-07-21]
Chrome:
=======
CHR Profile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-19]
CHR Extension: (Google Search) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-19]
CHR Extension: (avast! WebRep) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-06-24]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-12-18]
CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-19]
CHR HKU\S-1-5-21-296683832-2999118333-2811571079-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Ed\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-09]
CHR HKU\S-1-5-21-296683832-2999118333-2811571079-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Ed\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx [2012-12-01]
CHR HKU\S-1-5-21-296683832-2999118333-2811571079-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Ed\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Ed\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx [2012-12-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-04-15]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-01-23] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-01-23] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [786136 2015-01-23] (BlueStack Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2011-11-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-09-06] (Lavasoft Limited)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-16] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [16656 2015-09-06] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-08-16] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-16] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-07] (AVAST Software)
S4 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-04-07] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-01-23] (BlueStack Systems)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R1 EMP_MIRRUD; C:\Windows\system32\DRIVERS\EMP_MirrUD.sys [5632 2011-11-17] (Windows (R) Codename Longhorn DDK provider)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2011-11-17] (SEIKO EPSON CORPORATION)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-16] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-16] (Synaptics Incorporated)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-23 10:22 - 2015-09-23 10:22 - 05198336 _____ (AVAST Software) C:\Users\Ed\Desktop\aswMBR.exe
2015-09-23 10:20 - 2015-09-23 10:21 - 00027522 _____ C:\Users\Ed\Desktop\FRST.txt
2015-09-23 10:19 - 2015-09-23 10:20 - 00000000 ____D C:\FRST
2015-09-23 10:18 - 2015-09-23 10:19 - 02191360 _____ (Farbar) C:\Users\Ed\Desktop\FRST64.exe
2015-09-23 10:11 - 2015-09-23 10:11 - 00002312 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-09-23 10:11 - 2015-09-23 10:11 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-JEAN-PC-Windows-10-Home-(64-bit).dat
2015-09-23 10:11 - 2015-09-23 10:11 - 00000000 ____D C:\RegBackup
2015-09-23 10:11 - 2015-09-23 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-09-23 10:11 - 2015-09-23 10:11 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-09-23 10:10 - 2015-09-23 10:10 - 04687448 _____ (Tweaking.com) C:\Users\Ed\Desktop\tweaking.com_registry_backup_setup.exe
2015-09-23 09:41 - 2015-09-23 09:41 - 00016148 _____ C:\WINDOWS\system32\JEAN-PC_Ed_HistoryPrediction.bin
2015-09-21 22:03 - 2015-09-21 22:03 - 18819272 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-09-07 14:46 - 2015-09-23 09:43 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-07 11:20 - 2014-02-08 13:05 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150907-112000.backup
2015-09-07 11:05 - 2015-09-07 11:05 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-07 11:05 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-07 10:59 - 2015-09-07 15:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-07 10:59 - 2015-09-07 11:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-07 10:59 - 2015-09-07 10:59 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-07 10:59 - 2015-09-07 10:59 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-09-07 10:59 - 2015-09-07 10:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-09-07 10:59 - 2015-09-07 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-07 10:59 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-09-06 22:11 - 2015-09-06 22:11 - 00000000 ____D C:\Users\Ed\AppData\Local\ESET
2015-09-06 22:08 - 2015-09-07 10:58 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ed\Desktop\spybot-2.4.exe
2015-09-06 21:58 - 2015-09-06 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-09-06 21:58 - 2015-09-06 21:58 - 00000000 ____D C:\ProgramData\ESET
2015-09-06 21:58 - 2015-09-06 21:58 - 00000000 ____D C:\Program Files\ESET
2015-09-06 21:47 - 2015-09-06 21:54 - 01761992 _____ (ESET) C:\Users\Ed\Desktop\eset_nod32_antivirus_live_installer_.exe
2015-09-06 21:38 - 2015-09-06 21:41 - 00851016 _____ (Program soft ) C:\Users\Ed\Desktop\CCleaner_Setup.exe
2015-09-06 21:32 - 2015-09-06 21:32 - 00003306 _____ C:\WINDOWS\System32\Tasks\{03DD0B3B-B6D8-4C90-9D1B-D0DFC7672C24}
2015-09-06 21:31 - 2015-09-07 03:14 - 00002920 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-09-06 21:31 - 2015-09-07 03:14 - 00002920 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-09-06 21:31 - 2015-09-06 22:00 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Lavasoft
2015-09-06 21:31 - 2015-09-06 21:31 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00000000 ____D C:\Users\Ed\AppData\Local\Lavasoft
2015-09-06 21:31 - 2015-09-06 21:31 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-09-06 21:30 - 2015-09-07 03:10 - 00002406 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-09-06 21:30 - 2015-09-06 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-09-06 21:29 - 2015-09-06 21:29 - 00000000 ____D C:\Program Files\Lavasoft
2015-09-06 21:28 - 2015-09-06 21:28 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-09-06 14:17 - 2015-09-06 14:17 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-28 18:36 - 2015-08-20 07:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 18:36 - 2015-08-20 07:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-28 18:36 - 2015-08-20 07:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-28 18:36 - 2015-08-20 06:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-28 18:36 - 2015-08-20 06:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-28 18:36 - 2015-08-20 06:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-28 18:36 - 2015-08-20 06:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 18:36 - 2015-08-20 06:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-28 18:36 - 2015-08-20 06:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 18:36 - 2015-08-20 05:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-28 18:36 - 2015-08-18 08:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 18:36 - 2015-08-18 08:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-28 18:36 - 2015-08-18 08:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-28 18:36 - 2015-08-18 08:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-28 18:36 - 2015-08-18 08:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-28 18:36 - 2015-08-18 08:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-28 18:36 - 2015-08-18 08:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-28 18:36 - 2015-08-18 08:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-28 18:36 - 2015-08-18 08:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-28 18:36 - 2015-08-18 08:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-28 18:36 - 2015-08-18 08:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-28 18:36 - 2015-08-18 07:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-28 18:36 - 2015-08-18 07:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-28 18:36 - 2015-08-18 07:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-28 18:36 - 2015-08-18 07:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-28 18:36 - 2015-08-18 07:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-28 18:36 - 2015-08-18 07:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-28 18:36 - 2015-08-18 07:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-28 18:36 - 2015-08-18 07:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-28 18:36 - 2015-08-18 07:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-28 18:36 - 2015-08-18 07:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-28 18:36 - 2015-08-18 07:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-28 18:36 - 2015-08-18 07:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-28 18:36 - 2015-08-18 07:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-28 18:36 - 2015-08-18 07:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-28 18:36 - 2015-08-18 07:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-28 18:36 - 2015-08-18 07:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-28 18:36 - 2015-08-18 07:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-28 18:36 - 2015-08-18 07:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-28 18:36 - 2015-08-18 07:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-28 18:36 - 2015-08-18 07:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-28 18:36 - 2015-08-18 07:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-28 18:36 - 2015-08-18 07:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 18:36 - 2015-08-18 05:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-28 16:57 - 2015-08-28 16:57 - 00000000 ____D C:\Users\Ed\AppData\Local\Navman_Technology_New_Zea
2015-08-28 16:55 - 2015-08-28 17:48 - 00000000 ____D C:\Users\Ed\Documents\My Maps
2015-08-28 16:55 - 2015-08-28 17:09 - 00002145 _____ C:\Users\Public\Desktop\NavDesk.lnk
2015-08-28 16:55 - 2015-08-28 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navman
2015-08-28 16:55 - 2015-08-28 16:55 - 00000000 ____D C:\Program Files (x86)\Navman
2015-08-28 16:15 - 2015-08-28 16:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-08-28 15:51 - 2015-08-28 15:51 - 00000000 ____D C:\Users\Ed\AppData\Roaming\System Healer
2015-08-28 15:50 - 2015-08-28 15:51 - 00000000 ____D C:\ProgramData\Lnihloasolo
2015-08-28 15:48 - 2015-09-23 09:48 - 00002458 _____ C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5_user.job
2015-08-28 15:48 - 2015-09-23 09:48 - 00002458 _____ C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.job
2015-08-28 15:48 - 2015-09-07 15:48 - 00000994 _____ C:\WINDOWS\Tasks\tQ2EVipPq.job
2015-08-28 15:48 - 2015-08-28 15:48 - 00005574 _____ C:\WINDOWS\System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5
2015-08-28 15:48 - 2015-08-28 15:48 - 00004116 _____ C:\WINDOWS\System32\Tasks\tQ2EVipPq
2015-08-28 15:47 - 2015-09-23 09:52 - 00004506 _____ C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4.job
2015-08-28 15:47 - 2015-09-23 09:47 - 00003484 _____ C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13.job
2015-08-28 15:47 - 2015-09-23 09:47 - 00003150 _____ C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7.job
2015-08-28 15:47 - 2015-09-23 09:47 - 00002456 _____ C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5_user.job
2015-08-28 15:47 - 2015-09-23 09:47 - 00002456 _____ C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.job
2015-08-28 15:47 - 2015-09-23 09:47 - 00002122 _____ C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-10_user.job
2015-08-28 15:47 - 2015-09-07 15:47 - 00001022 _____ C:\WINDOWS\Tasks\SXsqUveBBPPqtSELNqTlIRb.job
2015-08-28 15:47 - 2015-09-06 14:03 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-28 15:47 - 2015-08-28 15:47 - 00007622 _____ C:\WINDOWS\System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4
2015-08-28 15:47 - 2015-08-28 15:47 - 00006660 _____ C:\WINDOWS\System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13
2015-08-28 15:47 - 2015-08-28 15:47 - 00006270 _____ C:\WINDOWS\System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7
2015-08-28 15:47 - 2015-08-28 15:47 - 00005572 _____ C:\WINDOWS\System32\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5
2015-08-28 15:47 - 2015-08-28 15:47 - 00004172 _____ C:\WINDOWS\System32\Tasks\SXsqUveBBPPqtSELNqTlIRb
2015-08-28 15:47 - 2015-08-28 15:47 - 00000000 ____D C:\Users\Ed\AppData\Local\globalUpdate
2015-08-28 15:47 - 2015-08-28 15:47 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-28 15:46 - 2015-09-07 20:15 - 00000000 ____D C:\Program Files (x86)\System NotifierV28.08
2015-08-28 15:46 - 2015-09-06 21:54 - 00000000 ____D C:\Program Files (x86)\Cinema-Plus-4.3cV28.08
2015-08-28 15:46 - 2015-08-28 15:57 - 00000000 ____D C:\Users\Ed\AppData\Local\WebShield
2015-08-28 15:46 - 2015-08-28 15:46 - 00002568 _____ C:\WINDOWS\patsearch.bin
2015-08-28 15:46 - 2015-08-28 15:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-08-28 15:45 - 2015-09-07 20:19 - 00000000 ____D C:\ProgramData\WebShield
2015-08-28 15:45 - 2015-09-06 21:48 - 00000000 ____D C:\ProgramData\pjoeRo
2015-08-28 15:45 - 2015-08-28 15:45 - 00004084 _____ C:\WINDOWS\System32\Tasks\LaunchPreSignup
2015-08-28 15:45 - 2015-08-28 15:45 - 00000282 _____ C:\WINDOWS\Tasks\System Healer StartUp.job
2015-08-28 15:45 - 2015-08-28 15:45 - 00000282 _____ C:\WINDOWS\Tasks\System Healer Period.job
2015-08-28 14:51 - 2015-08-28 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-23 10:02 - 2012-10-01 21:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-23 09:53 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-23 09:43 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-22 19:35 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-21 22:21 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-21 22:03 - 2012-10-01 21:07 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-16 21:17 - 2015-08-16 00:27 - 00000000 ____D C:\Users\Ed\AppData\Local\Packages
2015-09-15 17:12 - 2015-07-10 12:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 17:12 - 2015-07-10 12:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-12 13:04 - 2013-01-14 16:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-12 12:58 - 2013-08-19 15:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-11 20:06 - 2012-08-08 11:01 - 00000932 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004UA.job
2015-09-07 20:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-07 11:16 - 2015-08-16 08:25 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-07 11:16 - 2013-04-28 21:24 - 00000000 ____D C:\Users\Ed\AppData\Local\CrashDumps
2015-09-07 11:06 - 2012-08-08 11:01 - 00000910 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004Core.job
2015-09-07 03:13 - 2014-09-08 10:29 - 00000000 ___RD C:\Users\Ed\Dropbox
2015-09-07 03:13 - 2013-07-18 12:08 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Dropbox
2015-09-07 03:07 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-07 03:07 - 2014-10-21 18:09 - 00000000 ____D C:\ProgramData\AVG2015
2015-09-07 03:07 - 2012-12-22 21:50 - 00000000 ____D C:\ProgramData\MFAData
2015-09-07 03:06 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-07 03:03 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-07 03:03 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-06 22:06 - 2014-06-29 18:07 - 00000000 ____D C:\Program Files (x86)\Freecorder extension
2015-09-06 21:41 - 2014-10-21 16:32 - 00000000 ____D C:\Users\Ed\AppData\Local\Avg2015
2015-09-06 21:38 - 2012-12-22 21:55 - 00000000 ___HD C:\$AVG
2015-09-06 21:33 - 2013-01-22 21:37 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-09-06 21:32 - 2013-12-21 00:48 - 00000000 ____D C:\Users\Ed\AppData\Roaming\LavasoftStatistics
2015-09-06 21:30 - 2013-12-21 00:24 - 00000000 ____D C:\ProgramData\Lavasoft
2015-09-06 21:29 - 2015-08-15 23:32 - 01005662 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-28 16:55 - 2010-08-30 10:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-28 16:25 - 2015-08-15 23:34 - 00000000 ____D C:\Users\Nettie
2015-08-28 16:09 - 2015-08-15 23:34 - 00000000 ____D C:\Users\Ed
2015-08-28 16:06 - 2012-05-14 23:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-28 15:44 - 2013-07-18 12:09 - 00004673 _____ C:\WINDOWS\wininit.ini
2015-08-26 18:37 - 2011-04-10 12:37 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2013-06-29 20:16 - 2014-06-23 12:13 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Ed\AppData\Roaming\SXsqUveBBPPqtSELNqTlIRb
2014-06-19 20:21 - 2014-06-19 20:21 - 0000024 _____ () C:\Users\Ed\AppData\Roaming\temp.ini
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Ed\AppData\Roaming\tQ2EVipPq
2014-05-24 09:40 - 2014-05-24 09:41 - 0004608 _____ () C:\Users\Ed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-15 23:30 - 2015-08-15 23:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-08-30 10:12 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
Some files in TEMP:
====================
C:\Users\Ed\AppData\Local\Temp\8b741567-ebbe-4f84-8a88-2c00c1c2e331.exe
C:\Users\Ed\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ylghf.dll
C:\Users\Ed\AppData\Local\Temp\InstHelper.exe
C:\Users\Ed\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Jean\AppData\Local\Temp\COMAP.EXE
C:\Users\Jean\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Jean\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Jean\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-07 14:56
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Ed (2015-09-23 10:23:15)
Running from C:\Users\Ed\Desktop
Windows 10 Home (X64) (2015-08-15 23:27:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-296683832-2999118333-2811571079-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-296683832-2999118333-2811571079-503 - Limited - Disabled)
Ed (S-1-5-21-296683832-2999118333-2811571079-1003 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-296683832-2999118333-2811571079-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-296683832-2999118333-2811571079-1002 - Limited - Enabled)
Nettie (S-1-5-21-296683832-2999118333-2811571079-1004 - Limited - Enabled) => C:\Users\Nettie
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
BatScan 9 (HKLM-x32\...\{8BF14E17-A1A9-4FF8-8777-773D5C388DB5}) (Version: 9.7 - Visualization Software LLC)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.8.4406 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{02F2570F-4B20-43B5-A3DD-082AF5C0E6DC}) (Version: 0.9.8.4406 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Canon iX6500 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iX6500_series) (Version: - Canon Inc.)
Canon iX6500 series User Registration (HKLM-x32\...\Canon iX6500 series User Registration) (Version: - )
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Cinema-Plus-4.3cV28.08 (HKLM-x32\...\Cinema-Plus-4.3cV28.08) (Version: 1.36.01.22 - Cinema PlusV28.08) <==== ATTENTION
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-296683832-2999118333-2811571079-1003\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.60.000 - SEIKO EPSON CORPORATION)
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FastStone Photo Resizer 3.1 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
IntiProc (HKLM-x32\...\IntiProc 1.01) (Version: 1.01 - MigrateTechnology)
IntiProc (x32 Version: 1.01 - MigrateTechnology) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MigrateTechnology (HKLM-x32\...\{53FC2DAC-AE27-4A1D-A151-2BC19702C672}) (Version: 1.1.0 - Migrate Technology Ltd)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
NavDesk (HKLM-x32\...\{69EEF1DC-DE38-46DB-AA2A-5D1D8D81E850}) (Version: 5.90.405 - Navman Technologies NZ Ltd)
NI EULA Depot (x32 Version: 2.80.301 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2010 SP1 (x32 Version: 10.1.100.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2010 (x32 Version: 10.1.101.0 - National Instruments) Hidden
NI MDF Support (x32 Version: 2.80.301 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 10.0.334.0 - National Instruments) Hidden
NI Trace Engine (x32 Version: 10.0.334.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 2.80.301 - National Instruments) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
OMNI CONTROL USB Audio driver (HKLM\...\USB_AUDIO_DEusb-audio.deNumarkOMNICONTROL) (Version: - )
OmniFormat (HKLM-x32\...\OmniFormat) (Version: - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}) (Version: 3.41.9593 - Apache Software Foundation)
QGIS Chugiak 2.4.0 Chugiak (HKLM\...\QGIS Chugiak) (Version: - QGIS Development Team)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
R for Windows 2.12.1 (HKLM\...\R for Windows 2.12.1_is1) (Version: 2.12.1 - R Development Core Team)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7280 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Companion (HKLM-x32\...\{c6fe325f-c5a1-4848-a283-7343b5ec1ae4}) (Version: 2.1.1095.2272 - Lavasoft)
Web Shield (HKLM-x32\...\WebShield) (Version: 2.7.74 - Irrational Number Applications) <==== ATTENTION
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Restore Points =========================
07-09-2015 17:15:46 Scheduled Checkpoint
11-09-2015 21:16:50 Windows Update
21-09-2015 22:20:16 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-09-07 11:20 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08E9E692-6B70-40D3-94E2-1E1C77736892} - System32\Tasks\{D44A82E6-C95A-405A-B038-45924E048F7B} => A:\SETUP.EXE
Task: {10FAF39E-C39F-457F-B4D7-46CC3C164A81} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004UA => C:\Users\Nettie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {1907E81D-8D46-4105-AC77-C02854827BF4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {19639003-C77D-4B18-A332-8DD151EC2CEE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {1DF50CA9-BF1B-4976-9D04-B5DF1A305B35} - System32\Tasks\{03DD0B3B-B6D8-4C90-9D1B-D0DFC7672C24} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=DOWNLOADMANAGER /UDS=1
Task: {1EF41258-2361-4435-B500-B774E7C9A65B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {1F94E964-A264-4F55-A401-6646BF7EE7DB} - System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5 => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.exe [2015-08-28] (Cinema PlusV28.08) <==== ATTENTION
Task: {21AE865E-E468-4C66-867A-FF05FB272454} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {27C55141-6B01-4DE1-B251-7727913D7275} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {29A07224-C86C-4AFE-9DCD-CDA1B0F8B5C4} - System32\Tasks\{CCC6916A-F6B8-4504-8FE0-A6E8A5911078} => A:\SETUP.EXE
Task: {2B6BE7C8-031C-45F7-AAE9-7F9FC41B44C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {2C6CE008-C8D9-43A4-BE6E-1577ECF7BDEE} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2CD21605-ED43-42A0-A8ED-8F3F98370D2A} - System32\Tasks\{987436CD-815E-4483-8829-C11121FB4FBD} => A:\SETUP.EXE
Task: {3619DDEB-01D8-4AEF-BA75-2F893C3AB41D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {3B438481-7716-48C7-8F26-CDDCB32B72DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3B98583D-60CC-42BD-895C-759A8C4221F2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {3C6CD12F-71EC-4A17-AE4F-618DB69F2FA4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3E5902D5-964E-42F0-8EA7-845169C0993B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3EF71759-59A7-4D75-95E7-2BBED69127D8} - System32\Tasks\{6AAE7280-8443-45FB-9259-B4E5D02B8D7E} => pcalua.exe -a C:\Users\Ed\Desktop\NetFx20SP1_x86.exe -d C:\Users\Ed\Desktop
Task: {40FD9465-E077-4A38-98CB-05A33FD58DD7} - System32\Tasks\{EF10C601-FB37-45EB-9C36-71E9F69E5B90} => A:\SETUP.EXE
Task: {41735738-A886-4FF2-A62B-EA4FAA6193E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {418AB803-5038-44F7-8A58-F4909DF4C825} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4B0CFE87-0E50-478F-8D13-5C245179374D} - System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4 => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4.exe [2015-08-28] (Cinema PlusV28.08) <==== ATTENTION
Task: {4C6EC6CE-E028-4DFD-8031-771B3DDB8138} - System32\Tasks\{84B8B1C5-97D5-42F1-A76E-3EE1AA416395} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=12007
Task: {4D1D12F4-DF43-46B2-8E88-FF08AB89E880} - System32\Tasks\Games\UpdateCheck_S-1-5-21-296683832-2999118333-2811571079-1000
Task: {57331538-E388-41D4-AEB2-0B9A6B2B9B01} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {57610DA1-AD06-46F2-8529-10BBB87A075B} - System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7 => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7.exe [2015-08-28] (Cinema PlusV28.08) <==== ATTENTION
Task: {5EB608A6-11D5-49FB-82D5-8B34A7FC3709} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5F20C597-0BD8-48E1-95E0-0871A15CA3E8} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {66411273-9DF4-47B4-9B75-944299189921} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {74AFB06C-8FFE-4A2A-BFC1-9BF38BA57AC8} - System32\Tasks\{0CEB94B1-97D6-4F0C-9C5B-8EC02694353A} => A:\SETUP.EXE
Task: {757B2DC7-58A5-4F77-A711-5C3493D90F88} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {8439A83D-4409-4868-95C3-BAAC15BE9502} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {868BFDBC-C5C8-4363-B770-658518AA278E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8E0C63C1-54DD-4999-B5E2-DE4142BA4052} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004Core => C:\Users\Nettie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {8F158D86-9AFB-455C-B00B-7E929DD83D81} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {900CF8CD-073E-4EB9-9CC4-5F9686904A33} - System32\Tasks\{81B4A68C-F8D8-413F-BCED-D6186BBEBDAF} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=12007
Task: {9584E8AA-0126-4464-85C7-DE75AC63E825} - System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13 => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13.exe [2015-08-28] (Cinema PlusV28.08) <==== ATTENTION
Task: {9643A9C1-64CC-457E-B68E-4FC1758FB7F5} - System32\Tasks\{BEF409DF-7A35-4605-963C-2D24E9091529} => A:\SETUP.EXE
Task: {97696FC3-36DC-4F2D-B4EC-72E2A847B77D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {99154118-61E9-4833-8799-6A6835265744} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {99D16169-1A2E-453F-BF9C-1415662C4949} - System32\Tasks\tQ2EVipPq => C:\Users\Ed\AppData\Roaming\tQ2EVipPq.exe <==== ATTENTION
Task: {9BC1E227-8A5A-4E68-BABF-AC4C49F39A5D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9BCBC4AE-C460-41FC-A4D6-C72503AE522D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A7ADEE7B-F735-4DE7-8441-A5B85D506EFB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A8C1F049-CDDA-4B6D-BDB1-0EB5E2352142} - System32\Tasks\{83684222-ACAD-4129-899C-27E937CAC39A} => A:\SETUP.EXE
Task: {A8CB5879-61D0-4488-936D-BE917FB72D36} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {ADEE898F-ADDA-4CB3-960A-4C00664DEF67} - \Lnihloasolo -> No File <==== ATTENTION
Task: {B39F3C6B-7B89-4B88-82AA-8CF28455E316} - System32\Tasks\{F0366847-EF86-4A56-97FD-4102133DB83B} => A:\SETUP.EXE
Task: {B3EDC27B-CB94-4A42-9B66-0FAD02EE1399} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B3FC0613-3EB0-44A7-B33F-D2CF847E1726} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {BDB3674C-914F-42BB-9756-091D882D5580} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BF3985AB-389F-4FBC-AC54-98F495BAC556} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C07D9B9A-C923-4C0B-9E05-01EAAA93622A} - System32\Tasks\{921D86F7-1B88-4C08-97A1-92E201878A00} => A:\SETUP.EXE
Task: {C5C574B1-B160-43A4-BB7E-E75E79CF27FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CA788199-8F1F-471B-8CBB-91D7DAE3C2A9} - System32\Tasks\{D7B9DFB3-1BCA-4CBD-93B5-D1CB204227DA} => A:\SETUP.EXE
Task: {CCAD96D2-251F-4553-A833-A77EB8A39AF6} - System32\Tasks\{FC529B0A-212D-4B10-800C-5B2D8A841643} => A:\SETUP.EXE
Task: {D57D7E1D-3C6B-453A-AD7E-DB1B22C2ECDE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D5A05941-C0AC-4735-9926-A3BF3F1501A6} - System32\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5 => C:\Program Files (x86)\System NotifierV28.08\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.exe <==== ATTENTION
Task: {D7D91148-C069-4391-985F-89A1D817D799} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {DB856F68-6DEC-4B19-BE75-2A0285C772D8} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {DD7DE760-6056-4A7D-8D5A-1BB224CB9308} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {DEB4E9AC-5C50-4B77-AA52-4EA4F3B5EA0B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {E164AC5A-BF95-44FB-8D29-C7AC4E1C1679} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E4E5AD52-FB9B-4644-9B6A-EB84B2B503F6} - System32\Tasks\{D2AEB262-8F76-4904-974D-0E2E94B96F83} => A:\SETUP.EXE
Task: {E5C357C7-9935-49C6-B5D1-5EAB992C1C2C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E8A0BDCD-A1C2-4B87-840B-BF8D04C684F1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {EA9251A8-C370-4387-B1E5-E0530E08EE6B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EB87C302-8830-44E2-93D8-A80193AE26A6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EF929B38-3EF1-4911-A65E-7CBB48021553} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F0504E68-04D2-4A1E-8A56-97679599D4C1} - \a4f9fcf0-e386-46b9-8906-77a1fd8dad71-10_user -> No File <==== ATTENTION
Task: {F0F428D2-EF8D-4EB2-8BA2-DB8B068EC749} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {F2BED9FF-E0A2-4759-BB3A-3A1E478C4FF6} - System32\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5_user => C:\Program Files (x86)\System NotifierV28.08\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.exe <==== ATTENTION
Task: {F3F56F7C-18D9-40DE-9185-EE96B5FC54DE} - System32\Tasks\{BA301650-9FB1-45D4-9E58-3E45517D43CA} => A:\SETUP.EXE
Task: {F40D7047-305C-44D2-8853-4B75B1B5BBF9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {F6D92D28-9667-4A83-90F1-134A28EBFB75} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F7F4AA45-6619-46AF-B6DF-F18AE7C62F76} - System32\Tasks\SXsqUveBBPPqtSELNqTlIRb => C:\Users\Ed\AppData\Roaming\SXsqUveBBPPqtSELNqTlIRb.exe <==== ATTENTION
Task: {FAEA0EDC-C25E-4820-866B-01CBC081F2C1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FB8D83FD-13D2-47FA-98D2-761117A53868} - System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5_user => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.exe [2015-08-28] (Cinema PlusV28.08) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7.job => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13.job => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4.job => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.job => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5_user.job => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-10_user.job => C:\Program Files (x86)\System NotifierV28.08\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.job => C:\Program Files (x86)\System NotifierV28.08\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5_user.job => C:\Program Files (x86)\System NotifierV28.08\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1003Core1d0c4c2b0b7473b.job => C:\Users\Ed\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004Core.job => C:\Users\Nettie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004UA.job => C:\Users\Nettie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\SXsqUveBBPPqtSELNqTlIRb.job => C:\Users\Ed\AppData\Roaming\SXsqUveBBPPqtSELNqTlIRb.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System Healer Period.job =>
Task: C:\WINDOWS\Tasks\System Healer StartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\tQ2EVipPq.job => C:\Users\Ed\AppData\Roaming\tQ2EVipPq.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2015-08-16 08:20 - 2015-08-16 08:20 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-20 16:31 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-27 15:54 - 2015-08-27 15:54 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 13002488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareServiceKernel.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_regex-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareActivation.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareApplicationUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareGamingMode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareReset.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTime.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdaterScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIgnoreList.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareQuarantine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01050880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiMalwareEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiRootkitEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerHistory.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScanner.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_timer-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00244472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIncompatibles.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00938728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiSpam.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00883440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiPhishing.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareParentalControl.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02985208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareWebProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01324280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareEmailProtection.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_iostreams-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01312512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNetworkProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePromo.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareFeedback.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareThreatWorkAlliance.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePinCode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNotice.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAvcEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtectionHistory.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareStatistics.dll
2015-08-28 18:36 - 2015-08-18 08:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 18:36 - 2015-08-18 08:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02794744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareShellExtension.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-16 08:21 - 2015-08-16 08:21 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 09558752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_locale-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\HtmlFramework.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTrayDefaultSkin.dll
2015-08-16 08:20 - 2015-08-16 08:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-20 16:31 - 2015-08-11 09:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-16 08:20 - 2015-08-16 08:20 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00082704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00254224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00049424 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00029968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00036112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2015-09-07 03:12 - 2015-09-07 03:12 - 00071168 _____ () c:\users\ed\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ylghf.dll
2015-09-06 14:17 - 2015-08-05 06:26 - 00012800 _____ () C:\Users\Ed\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-09-06 14:17 - 2015-08-05 06:26 - 00779776 _____ () C:\Users\Ed\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-06 14:17 - 2015-08-05 06:26 - 00056320 _____ () C:\Users\Ed\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-09-06 14:17 - 2015-08-05 06:26 - 00012288 _____ () C:\Users\Ed\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-08-30 10:45 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2015-08-28 15:36 - 2015-08-28 15:36 - 00170496 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\10edc62919c074493ccdf4332262aec2\IsdiInterop.ni.dll
2010-08-30 10:03 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-09-07 10:59 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-07 10:59 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-07 10:59 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-07 10:59 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-07 10:59 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7869 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{A4E6FC22-13F8-42BB-A747-B7A822E661E3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{86B1B1F4-6699-497C-A5AD-D1B012484283}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{718714FD-1194-48FC-806C-F3909BBFFAF4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [UDP Query User{A0862088-546F-4777-8A8D-67D66E27CE2F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3A7E25BF-F222-4D10-8B10-98046CCB0639}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9F42A272-D24F-471F-AA6F-B3531308675F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D7D3FCB-04FA-4746-89AF-DB3B5F4E422E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{550276AC-FB39-48B9-8F66-A61AF2EA10CE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{84D33289-1F42-49D7-B93F-468AFAB16C9A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [UDP Query User{7BE71360-1857-46CD-8EE0-510381ACE90B}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [TCP Query User{156CC31C-0CCE-4BA9-ABCB-40FD09696655}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{30A58B6E-6928-48D1-9049-B4A2EA9D6E53}C:\users\ed\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ed\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{4BABAE28-695A-4800-B937-A05D46EBA749}C:\users\ed\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ed\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{44BBDE31-9A84-404A-847D-F88990CCCB09}] => (Allow) C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{545FB99B-9F0A-4CEA-96A7-BB215F31C1F0}] => (Allow) C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{214A7E24-7C4F-4B94-AB21-625D724AB831}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A8C9EA9-1F89-43B7-83D6-C5797E9F3ECA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FB364656-6C7A-4C19-8B31-BBCCCFEE5FB8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D870040-96CE-48DA-803B-E43797EB5587}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{16BC501C-4782-4D93-916C-3B3439A1BF9D}] => (Allow) LPort=1900
FirewallRules: [{6C8C4420-E918-4151-A3AB-032535F5A421}] => (Allow) LPort=2869
FirewallRules: [{86497337-2B47-42BD-9E39-85A4F3C7900E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{476B7AE3-D312-40A4-B0B4-38D65A179341}C:\users\nettie\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\nettie\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [TCP Query User{2348676A-BD30-469B-84D1-213C142E22D7}C:\users\nettie\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\nettie\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{7C4D19A1-9247-40E6-84D2-9F3CB2818490}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{40F34BAF-E652-4B76-9455-CABA0DA9CE83}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B5DA1D28-9103-497F-879B-028F43423FD2}] => (Allow) svchost.exe
FirewallRules: [{F64B8F5B-0517-4997-8D9B-5192E8762BA3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9C5AA253-DBED-4E74-BF57-C5F4C982C1C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/23/2015 09:41:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46985657
Error: (09/23/2015 09:41:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46985657
Error: (09/23/2015 09:41:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/22/2015 11:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10820266
Error: (09/22/2015 11:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10820266
Error: (09/22/2015 11:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/22/2015 11:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10809469
Error: (09/22/2015 11:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10809469
Error: (09/22/2015 11:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/22/2015 07:54:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14813
System errors:
=============
Error: (09/21/2015 09:50:38 PM) (Source: DCOM) (EventID: 10010) (User: Jean-PC)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca
Error: (09/07/2015 04:03:28 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (09/07/2015 08:15:44 AM) (Source: DCOM) (EventID: 10010) (User: Jean-PC)
Description: App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca
Error: (09/07/2015 03:23:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (09/07/2015 03:08:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IE Search Set service failed to start due to the following error:
%%1053
Error: (09/07/2015 03:08:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IE Search Set service to connect.
Error: (09/07/2015 03:08:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Msmq Listener Adapter service failed to start due to the following error:
%%1053
Error: (09/07/2015 03:08:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Net.Msmq Listener Adapter service to connect.
Error: (09/07/2015 03:08:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1053
Error: (09/07/2015 03:08:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Tcp Port Sharing Service service failed to start due to the following error:
%%1053
CodeIntegrity:
===================================
Date: 2015-08-28 15:42:44.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:44.392
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:44.342
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:44.263
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:44.211
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:44.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:41.897
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:41.291
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:31:45.255
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:31:45.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 77%
Total physical RAM: 2806.71 MB
Available physical RAM: 630.92 MB
Total Virtual: 5622.71 MB
Available Virtual: 2665.72 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:284.55 GB) (Free:134.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 14759462)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-09-23 10:29:05
-----------------------------
10:29:05.445 OS Version: Windows x64 6.2.9200
10:29:05.445 Number of processors: 4 586 0x2505
10:29:05.445 ComputerName: JEAN-PC UserName: Ed
10:29:08.617 Initialize success
10:29:08.742 VM: initialized successfully
10:29:08.742 VM: Intel CPU supported
10:29:16.961 VM: disk I/O iaStor.sys
10:34:47.309 AVAST engine defs: 15092300
10:36:39.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:36:39.291 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
10:36:39.510 Disk 0 MBR read successfully
10:36:39.510 Disk 0 MBR scan
10:36:39.635 Disk 0 Windows 7 default MBR code
10:36:39.635 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
10:36:39.682 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
10:36:39.697 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291381 MB offset 27469824
10:36:39.744 Disk 0 Partition 4 00 27 Hidden NTFS WinRE NTFS 450 MB offset 624218112
10:36:39.822 Disk 0 scanning C:\WINDOWS\system32\drivers
10:37:03.613 Service scanning
10:37:42.927 Modules scanning
10:37:42.927 Disk 0 trace - called modules:
10:37:42.943 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:37:42.943 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001e847c060]
10:37:42.958 3 CLASSPNP.SYS[fffff8019b9a46c5] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xffffe001e4dc2050]
10:37:47.708 AVAST engine scan C:\WINDOWS
10:37:50.880 AVAST engine scan C:\WINDOWS\system32
10:43:52.878 AVAST engine scan C:\WINDOWS\system32\drivers
10:44:20.201 AVAST engine scan C:\Users\Ed
10:59:33.959 AVAST engine scan C:\ProgramData
11:02:46.756 Disk 0 statistics 4976972/0/0 @ 2.25 MB/s
11:02:46.778 Scan finished successfully
11:19:25.576 Disk 0 MBR has been saved successfully to "C:\Users\Ed\Desktop\MBR.dat"
11:19:25.607 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"
Again thanks in advance for your assistance and I hope that my earlier tinkering has not complicated matters.
Regards Ed
Would appreciate some assistance on this matter. Recently upgraded PC to Windows 10 and unfortunately AVG was not reporting that it was not functioning, my daughter (on her laptop) in downloading something installed an array of malware including system notifier and webshield. After a bit of a fight I managed to install adaware, spybot and ESET, which have all been run and have apparently removed or controlled many of the issues, I subsequently managed to uninstall system notifier and a browser toolbar, and some firefox add ons. But webshield will not install and instead seems to direct you to more malware, the attempt is blocked by eset, which identifies an installcore.adq.gen attack, which also occurs periodically while using the PC and also installmonetizer attacks occur.
I have followed the per-requisites and following is the suggested logs etc.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Ed (administrator) on JEAN-PC (23-09-2015 10:20:35)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed & Nettie & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Dropbox, Inc.) C:\Users\Ed\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Dropbox, Inc.) C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.12711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935912 2015-08-16] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [534664 2011-11-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2015-01-23] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_gb_004010073] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\...\Run: [Dropbox Update] => C:\Users\Ed\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1402640 2015-09-06] (Lavasoft)
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ed\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-27] (Egis Technology Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013-09-17]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-01-14]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Nettie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2014-02-15]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50515;https=127.0.0.1:50515
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-06] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-09-06] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3de1fac4-b916-448f-a747-e5a362d2fc66}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{448ceda5-5113-4e2f-ae13-3c72e43becab}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-296683832-2999118333-2811571079-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D090615-A60FA26CFB78147A880F&form=CONBDF&conlogo=CT3332038&q={searchTerms}
SearchScopes: HKU\S-1-5-21-296683832-2999118333-2811571079-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D090615-A60FA26CFB78147A880F&form=CONBDF&conlogo=CT3332038&q={searchTerms}
SearchScopes: HKU\S-1-5-21-296683832-2999118333-2811571079-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-296683832-2999118333-2811571079-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-296683832-2999118333-2811571079-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FireFox:
========
FF ProfilePath: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.2: Google
FF SelectedSearchEngine: Ixquick HTTPS - UK
FF Homepage: hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-28] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-28] (globalUpdate)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Xmarks - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\foxmarks@kei.com [2015-06-09]
FF Extension: Zotero automatic export - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\zotero-autoexport-bib@rokdd.xpi [2014-06-29]
FF Extension: Zotero - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\zotero@chnm.gmu.edu.xpi [2014-03-17]
FF Extension: Zotero Scholar Citations - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\zoteroscholarcitations@beloglazov.info.xpi [2014-06-29]
FF Extension: ZotFile - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\zotfile@columbia.edu.xpi [2014-06-29]
FF Extension: Download Status Bar - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\fhls3zti.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-07-21]
Chrome:
=======
CHR Profile: C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-19]
CHR Extension: (Google Search) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-19]
CHR Extension: (avast! WebRep) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-06-24]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-12-18]
CHR Extension: (Gmail) - C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-19]
CHR HKU\S-1-5-21-296683832-2999118333-2811571079-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Ed\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-09]
CHR HKU\S-1-5-21-296683832-2999118333-2811571079-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Ed\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx [2012-12-01]
CHR HKU\S-1-5-21-296683832-2999118333-2811571079-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Ed\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Ed\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx [2012-12-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-04-15]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-01-23] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-01-23] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [786136 2015-01-23] (BlueStack Systems, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2011-11-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-09-06] (Lavasoft Limited)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-16] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [16656 2015-09-06] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-08-16] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-16] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [28504 2012-03-07] (AVAST Software)
S4 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-04-07] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-01-23] (BlueStack Systems)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R1 EMP_MIRRUD; C:\Windows\system32\DRIVERS\EMP_MirrUD.sys [5632 2011-11-17] (Windows (R) Codename Longhorn DDK provider)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2011-11-17] (SEIKO EPSON CORPORATION)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-16] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-16] (Synaptics Incorporated)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-23 10:22 - 2015-09-23 10:22 - 05198336 _____ (AVAST Software) C:\Users\Ed\Desktop\aswMBR.exe
2015-09-23 10:20 - 2015-09-23 10:21 - 00027522 _____ C:\Users\Ed\Desktop\FRST.txt
2015-09-23 10:19 - 2015-09-23 10:20 - 00000000 ____D C:\FRST
2015-09-23 10:18 - 2015-09-23 10:19 - 02191360 _____ (Farbar) C:\Users\Ed\Desktop\FRST64.exe
2015-09-23 10:11 - 2015-09-23 10:11 - 00002312 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-09-23 10:11 - 2015-09-23 10:11 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-JEAN-PC-Windows-10-Home-(64-bit).dat
2015-09-23 10:11 - 2015-09-23 10:11 - 00000000 ____D C:\RegBackup
2015-09-23 10:11 - 2015-09-23 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-09-23 10:11 - 2015-09-23 10:11 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-09-23 10:10 - 2015-09-23 10:10 - 04687448 _____ (Tweaking.com) C:\Users\Ed\Desktop\tweaking.com_registry_backup_setup.exe
2015-09-23 09:41 - 2015-09-23 09:41 - 00016148 _____ C:\WINDOWS\system32\JEAN-PC_Ed_HistoryPrediction.bin
2015-09-21 22:03 - 2015-09-21 22:03 - 18819272 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-09-07 14:46 - 2015-09-23 09:43 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-07 11:20 - 2014-02-08 13:05 - 00450709 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150907-112000.backup
2015-09-07 11:05 - 2015-09-07 11:05 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-07 11:05 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-07 10:59 - 2015-09-07 15:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-07 10:59 - 2015-09-07 11:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-07 10:59 - 2015-09-07 10:59 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-07 10:59 - 2015-09-07 10:59 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-09-07 10:59 - 2015-09-07 10:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-09-07 10:59 - 2015-09-07 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-07 10:59 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-09-06 22:11 - 2015-09-06 22:11 - 00000000 ____D C:\Users\Ed\AppData\Local\ESET
2015-09-06 22:08 - 2015-09-07 10:58 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ed\Desktop\spybot-2.4.exe
2015-09-06 21:58 - 2015-09-06 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-09-06 21:58 - 2015-09-06 21:58 - 00000000 ____D C:\ProgramData\ESET
2015-09-06 21:58 - 2015-09-06 21:58 - 00000000 ____D C:\Program Files\ESET
2015-09-06 21:47 - 2015-09-06 21:54 - 01761992 _____ (ESET) C:\Users\Ed\Desktop\eset_nod32_antivirus_live_installer_.exe
2015-09-06 21:38 - 2015-09-06 21:41 - 00851016 _____ (Program soft ) C:\Users\Ed\Desktop\CCleaner_Setup.exe
2015-09-06 21:32 - 2015-09-06 21:32 - 00003306 _____ C:\WINDOWS\System32\Tasks\{03DD0B3B-B6D8-4C90-9D1B-D0DFC7672C24}
2015-09-06 21:31 - 2015-09-07 03:14 - 00002920 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-09-06 21:31 - 2015-09-07 03:14 - 00002920 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-09-06 21:31 - 2015-09-06 22:00 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Lavasoft
2015-09-06 21:31 - 2015-09-06 21:31 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00000000 ____D C:\Users\Ed\AppData\Local\Lavasoft
2015-09-06 21:31 - 2015-09-06 21:31 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-09-06 21:30 - 2015-09-07 03:10 - 00002406 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-09-06 21:30 - 2015-09-06 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-09-06 21:29 - 2015-09-06 21:29 - 00000000 ____D C:\Program Files\Lavasoft
2015-09-06 21:28 - 2015-09-06 21:28 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-09-06 14:17 - 2015-09-06 14:17 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-28 18:36 - 2015-08-20 07:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 18:36 - 2015-08-20 07:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-28 18:36 - 2015-08-20 07:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-28 18:36 - 2015-08-20 06:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-28 18:36 - 2015-08-20 06:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-28 18:36 - 2015-08-20 06:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-28 18:36 - 2015-08-20 06:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 18:36 - 2015-08-20 06:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-28 18:36 - 2015-08-20 06:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 18:36 - 2015-08-20 05:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-28 18:36 - 2015-08-18 08:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 18:36 - 2015-08-18 08:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-28 18:36 - 2015-08-18 08:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-28 18:36 - 2015-08-18 08:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-28 18:36 - 2015-08-18 08:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-28 18:36 - 2015-08-18 08:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-28 18:36 - 2015-08-18 08:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-28 18:36 - 2015-08-18 08:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-28 18:36 - 2015-08-18 08:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-28 18:36 - 2015-08-18 08:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-28 18:36 - 2015-08-18 08:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-28 18:36 - 2015-08-18 07:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-28 18:36 - 2015-08-18 07:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-28 18:36 - 2015-08-18 07:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-28 18:36 - 2015-08-18 07:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-28 18:36 - 2015-08-18 07:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-28 18:36 - 2015-08-18 07:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-28 18:36 - 2015-08-18 07:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-28 18:36 - 2015-08-18 07:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-28 18:36 - 2015-08-18 07:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-28 18:36 - 2015-08-18 07:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-28 18:36 - 2015-08-18 07:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-28 18:36 - 2015-08-18 07:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-28 18:36 - 2015-08-18 07:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-28 18:36 - 2015-08-18 07:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-28 18:36 - 2015-08-18 07:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-28 18:36 - 2015-08-18 07:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-28 18:36 - 2015-08-18 07:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-28 18:36 - 2015-08-18 07:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-28 18:36 - 2015-08-18 07:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-28 18:36 - 2015-08-18 07:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-28 18:36 - 2015-08-18 07:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-28 18:36 - 2015-08-18 07:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 18:36 - 2015-08-18 05:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-28 16:57 - 2015-08-28 16:57 - 00000000 ____D C:\Users\Ed\AppData\Local\Navman_Technology_New_Zea
2015-08-28 16:55 - 2015-08-28 17:48 - 00000000 ____D C:\Users\Ed\Documents\My Maps
2015-08-28 16:55 - 2015-08-28 17:09 - 00002145 _____ C:\Users\Public\Desktop\NavDesk.lnk
2015-08-28 16:55 - 2015-08-28 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navman
2015-08-28 16:55 - 2015-08-28 16:55 - 00000000 ____D C:\Program Files (x86)\Navman
2015-08-28 16:15 - 2015-08-28 16:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-08-28 15:51 - 2015-08-28 15:51 - 00000000 ____D C:\Users\Ed\AppData\Roaming\System Healer
2015-08-28 15:50 - 2015-08-28 15:51 - 00000000 ____D C:\ProgramData\Lnihloasolo
2015-08-28 15:48 - 2015-09-23 09:48 - 00002458 _____ C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5_user.job
2015-08-28 15:48 - 2015-09-23 09:48 - 00002458 _____ C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.job
2015-08-28 15:48 - 2015-09-07 15:48 - 00000994 _____ C:\WINDOWS\Tasks\tQ2EVipPq.job
2015-08-28 15:48 - 2015-08-28 15:48 - 00005574 _____ C:\WINDOWS\System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5
2015-08-28 15:48 - 2015-08-28 15:48 - 00004116 _____ C:\WINDOWS\System32\Tasks\tQ2EVipPq
2015-08-28 15:47 - 2015-09-23 09:52 - 00004506 _____ C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4.job
2015-08-28 15:47 - 2015-09-23 09:47 - 00003484 _____ C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13.job
2015-08-28 15:47 - 2015-09-23 09:47 - 00003150 _____ C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7.job
2015-08-28 15:47 - 2015-09-23 09:47 - 00002456 _____ C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5_user.job
2015-08-28 15:47 - 2015-09-23 09:47 - 00002456 _____ C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.job
2015-08-28 15:47 - 2015-09-23 09:47 - 00002122 _____ C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-10_user.job
2015-08-28 15:47 - 2015-09-07 15:47 - 00001022 _____ C:\WINDOWS\Tasks\SXsqUveBBPPqtSELNqTlIRb.job
2015-08-28 15:47 - 2015-09-06 14:03 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-28 15:47 - 2015-08-28 15:47 - 00007622 _____ C:\WINDOWS\System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4
2015-08-28 15:47 - 2015-08-28 15:47 - 00006660 _____ C:\WINDOWS\System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13
2015-08-28 15:47 - 2015-08-28 15:47 - 00006270 _____ C:\WINDOWS\System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7
2015-08-28 15:47 - 2015-08-28 15:47 - 00005572 _____ C:\WINDOWS\System32\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5
2015-08-28 15:47 - 2015-08-28 15:47 - 00004172 _____ C:\WINDOWS\System32\Tasks\SXsqUveBBPPqtSELNqTlIRb
2015-08-28 15:47 - 2015-08-28 15:47 - 00000000 ____D C:\Users\Ed\AppData\Local\globalUpdate
2015-08-28 15:47 - 2015-08-28 15:47 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-28 15:46 - 2015-09-07 20:15 - 00000000 ____D C:\Program Files (x86)\System NotifierV28.08
2015-08-28 15:46 - 2015-09-06 21:54 - 00000000 ____D C:\Program Files (x86)\Cinema-Plus-4.3cV28.08
2015-08-28 15:46 - 2015-08-28 15:57 - 00000000 ____D C:\Users\Ed\AppData\Local\WebShield
2015-08-28 15:46 - 2015-08-28 15:46 - 00002568 _____ C:\WINDOWS\patsearch.bin
2015-08-28 15:46 - 2015-08-28 15:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-08-28 15:45 - 2015-09-07 20:19 - 00000000 ____D C:\ProgramData\WebShield
2015-08-28 15:45 - 2015-09-06 21:48 - 00000000 ____D C:\ProgramData\pjoeRo
2015-08-28 15:45 - 2015-08-28 15:45 - 00004084 _____ C:\WINDOWS\System32\Tasks\LaunchPreSignup
2015-08-28 15:45 - 2015-08-28 15:45 - 00000282 _____ C:\WINDOWS\Tasks\System Healer StartUp.job
2015-08-28 15:45 - 2015-08-28 15:45 - 00000282 _____ C:\WINDOWS\Tasks\System Healer Period.job
2015-08-28 14:51 - 2015-08-28 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-23 10:02 - 2012-10-01 21:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-23 09:53 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-23 09:43 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-22 19:35 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-21 22:21 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-21 22:03 - 2012-10-01 21:07 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-16 21:17 - 2015-08-16 00:27 - 00000000 ____D C:\Users\Ed\AppData\Local\Packages
2015-09-15 17:12 - 2015-07-10 12:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 17:12 - 2015-07-10 12:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-12 13:04 - 2013-01-14 16:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-12 12:58 - 2013-08-19 15:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-11 20:06 - 2012-08-08 11:01 - 00000932 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004UA.job
2015-09-07 20:30 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-07 11:16 - 2015-08-16 08:25 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-07 11:16 - 2013-04-28 21:24 - 00000000 ____D C:\Users\Ed\AppData\Local\CrashDumps
2015-09-07 11:06 - 2012-08-08 11:01 - 00000910 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004Core.job
2015-09-07 03:13 - 2014-09-08 10:29 - 00000000 ___RD C:\Users\Ed\Dropbox
2015-09-07 03:13 - 2013-07-18 12:08 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Dropbox
2015-09-07 03:07 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-07 03:07 - 2014-10-21 18:09 - 00000000 ____D C:\ProgramData\AVG2015
2015-09-07 03:07 - 2012-12-22 21:50 - 00000000 ____D C:\ProgramData\MFAData
2015-09-07 03:06 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-07 03:03 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-07 03:03 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-06 22:06 - 2014-06-29 18:07 - 00000000 ____D C:\Program Files (x86)\Freecorder extension
2015-09-06 21:41 - 2014-10-21 16:32 - 00000000 ____D C:\Users\Ed\AppData\Local\Avg2015
2015-09-06 21:38 - 2012-12-22 21:55 - 00000000 ___HD C:\$AVG
2015-09-06 21:33 - 2013-01-22 21:37 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-09-06 21:32 - 2013-12-21 00:48 - 00000000 ____D C:\Users\Ed\AppData\Roaming\LavasoftStatistics
2015-09-06 21:30 - 2013-12-21 00:24 - 00000000 ____D C:\ProgramData\Lavasoft
2015-09-06 21:29 - 2015-08-15 23:32 - 01005662 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-28 16:55 - 2010-08-30 10:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-28 16:25 - 2015-08-15 23:34 - 00000000 ____D C:\Users\Nettie
2015-08-28 16:09 - 2015-08-15 23:34 - 00000000 ____D C:\Users\Ed
2015-08-28 16:06 - 2012-05-14 23:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-28 15:44 - 2013-07-18 12:09 - 00004673 _____ C:\WINDOWS\wininit.ini
2015-08-26 18:37 - 2011-04-10 12:37 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2013-06-29 20:16 - 2014-06-23 12:13 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Ed\AppData\Roaming\SXsqUveBBPPqtSELNqTlIRb
2014-06-19 20:21 - 2014-06-19 20:21 - 0000024 _____ () C:\Users\Ed\AppData\Roaming\temp.ini
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Ed\AppData\Roaming\tQ2EVipPq
2014-05-24 09:40 - 2014-05-24 09:41 - 0004608 _____ () C:\Users\Ed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-15 23:30 - 2015-08-15 23:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-08-30 10:12 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
Some files in TEMP:
====================
C:\Users\Ed\AppData\Local\Temp\8b741567-ebbe-4f84-8a88-2c00c1c2e331.exe
C:\Users\Ed\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ylghf.dll
C:\Users\Ed\AppData\Local\Temp\InstHelper.exe
C:\Users\Ed\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Jean\AppData\Local\Temp\COMAP.EXE
C:\Users\Jean\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Jean\AppData\Local\Temp\GoogleToolbarInstaller.exe
C:\Users\Jean\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-07 14:56
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Ed (2015-09-23 10:23:15)
Running from C:\Users\Ed\Desktop
Windows 10 Home (X64) (2015-08-15 23:27:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-296683832-2999118333-2811571079-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-296683832-2999118333-2811571079-503 - Limited - Disabled)
Ed (S-1-5-21-296683832-2999118333-2811571079-1003 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-296683832-2999118333-2811571079-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-296683832-2999118333-2811571079-1002 - Limited - Enabled)
Nettie (S-1-5-21-296683832-2999118333-2811571079-1004 - Limited - Enabled) => C:\Users\Nettie
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.5 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
BatScan 9 (HKLM-x32\...\{8BF14E17-A1A9-4FF8-8777-773D5C388DB5}) (Version: 9.7 - Visualization Software LLC)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.8.4406 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{02F2570F-4B20-43B5-A3DD-082AF5C0E6DC}) (Version: 0.9.8.4406 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Canon iX6500 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iX6500_series) (Version: - Canon Inc.)
Canon iX6500 series User Registration (HKLM-x32\...\Canon iX6500 series User Registration) (Version: - )
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Cinema-Plus-4.3cV28.08 (HKLM-x32\...\Cinema-Plus-4.3cV28.08) (Version: 1.36.01.22 - Cinema PlusV28.08) <==== ATTENTION
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-296683832-2999118333-2811571079-1003\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.60.000 - SEIKO EPSON CORPORATION)
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FastStone Photo Resizer 3.1 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
IntiProc (HKLM-x32\...\IntiProc 1.01) (Version: 1.01 - MigrateTechnology)
IntiProc (x32 Version: 1.01 - MigrateTechnology) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MigrateTechnology (HKLM-x32\...\{53FC2DAC-AE27-4A1D-A151-2BC19702C672}) (Version: 1.1.0 - Migrate Technology Ltd)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
NavDesk (HKLM-x32\...\{69EEF1DC-DE38-46DB-AA2A-5D1D8D81E850}) (Version: 5.90.405 - Navman Technologies NZ Ltd)
NI EULA Depot (x32 Version: 2.80.301 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2010 SP1 (x32 Version: 10.1.100.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2010 (x32 Version: 10.1.101.0 - National Instruments) Hidden
NI MDF Support (x32 Version: 2.80.301 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 10.0.334.0 - National Instruments) Hidden
NI Trace Engine (x32 Version: 10.0.334.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 2.80.301 - National Instruments) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
OMNI CONTROL USB Audio driver (HKLM\...\USB_AUDIO_DEusb-audio.deNumarkOMNICONTROL) (Version: - )
OmniFormat (HKLM-x32\...\OmniFormat) (Version: - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}) (Version: 3.41.9593 - Apache Software Foundation)
QGIS Chugiak 2.4.0 Chugiak (HKLM\...\QGIS Chugiak) (Version: - QGIS Development Team)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
R for Windows 2.12.1 (HKLM\...\R for Windows 2.12.1_is1) (Version: 2.12.1 - R Development Core Team)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7280 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Companion (HKLM-x32\...\{c6fe325f-c5a1-4848-a283-7343b5ec1ae4}) (Version: 2.1.1095.2272 - Lavasoft)
Web Shield (HKLM-x32\...\WebShield) (Version: 2.7.74 - Irrational Number Applications) <==== ATTENTION
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-296683832-2999118333-2811571079-1003_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ed\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Restore Points =========================
07-09-2015 17:15:46 Scheduled Checkpoint
11-09-2015 21:16:50 Windows Update
21-09-2015 22:20:16 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-09-07 11:20 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08E9E692-6B70-40D3-94E2-1E1C77736892} - System32\Tasks\{D44A82E6-C95A-405A-B038-45924E048F7B} => A:\SETUP.EXE
Task: {10FAF39E-C39F-457F-B4D7-46CC3C164A81} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004UA => C:\Users\Nettie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {1907E81D-8D46-4105-AC77-C02854827BF4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {19639003-C77D-4B18-A332-8DD151EC2CEE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {1DF50CA9-BF1B-4976-9D04-B5DF1A305B35} - System32\Tasks\{03DD0B3B-B6D8-4C90-9D1B-D0DFC7672C24} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=DOWNLOADMANAGER /UDS=1
Task: {1EF41258-2361-4435-B500-B774E7C9A65B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {1F94E964-A264-4F55-A401-6646BF7EE7DB} - System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5 => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.exe [2015-08-28] (Cinema PlusV28.08) <==== ATTENTION
Task: {21AE865E-E468-4C66-867A-FF05FB272454} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {27C55141-6B01-4DE1-B251-7727913D7275} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {29A07224-C86C-4AFE-9DCD-CDA1B0F8B5C4} - System32\Tasks\{CCC6916A-F6B8-4504-8FE0-A6E8A5911078} => A:\SETUP.EXE
Task: {2B6BE7C8-031C-45F7-AAE9-7F9FC41B44C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {2C6CE008-C8D9-43A4-BE6E-1577ECF7BDEE} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2CD21605-ED43-42A0-A8ED-8F3F98370D2A} - System32\Tasks\{987436CD-815E-4483-8829-C11121FB4FBD} => A:\SETUP.EXE
Task: {3619DDEB-01D8-4AEF-BA75-2F893C3AB41D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {3B438481-7716-48C7-8F26-CDDCB32B72DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3B98583D-60CC-42BD-895C-759A8C4221F2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {3C6CD12F-71EC-4A17-AE4F-618DB69F2FA4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3E5902D5-964E-42F0-8EA7-845169C0993B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3EF71759-59A7-4D75-95E7-2BBED69127D8} - System32\Tasks\{6AAE7280-8443-45FB-9259-B4E5D02B8D7E} => pcalua.exe -a C:\Users\Ed\Desktop\NetFx20SP1_x86.exe -d C:\Users\Ed\Desktop
Task: {40FD9465-E077-4A38-98CB-05A33FD58DD7} - System32\Tasks\{EF10C601-FB37-45EB-9C36-71E9F69E5B90} => A:\SETUP.EXE
Task: {41735738-A886-4FF2-A62B-EA4FAA6193E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {418AB803-5038-44F7-8A58-F4909DF4C825} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4B0CFE87-0E50-478F-8D13-5C245179374D} - System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4 => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4.exe [2015-08-28] (Cinema PlusV28.08) <==== ATTENTION
Task: {4C6EC6CE-E028-4DFD-8031-771B3DDB8138} - System32\Tasks\{84B8B1C5-97D5-42F1-A76E-3EE1AA416395} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=12007
Task: {4D1D12F4-DF43-46B2-8E88-FF08AB89E880} - System32\Tasks\Games\UpdateCheck_S-1-5-21-296683832-2999118333-2811571079-1000
Task: {57331538-E388-41D4-AEB2-0B9A6B2B9B01} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {57610DA1-AD06-46F2-8529-10BBB87A075B} - System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7 => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7.exe [2015-08-28] (Cinema PlusV28.08) <==== ATTENTION
Task: {5EB608A6-11D5-49FB-82D5-8B34A7FC3709} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5F20C597-0BD8-48E1-95E0-0871A15CA3E8} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {66411273-9DF4-47B4-9B75-944299189921} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {74AFB06C-8FFE-4A2A-BFC1-9BF38BA57AC8} - System32\Tasks\{0CEB94B1-97D6-4F0C-9C5B-8EC02694353A} => A:\SETUP.EXE
Task: {757B2DC7-58A5-4F77-A711-5C3493D90F88} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {8439A83D-4409-4868-95C3-BAAC15BE9502} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {868BFDBC-C5C8-4363-B770-658518AA278E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8E0C63C1-54DD-4999-B5E2-DE4142BA4052} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004Core => C:\Users\Nettie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {8F158D86-9AFB-455C-B00B-7E929DD83D81} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {900CF8CD-073E-4EB9-9CC4-5F9686904A33} - System32\Tasks\{81B4A68C-F8D8-413F-BCED-D6186BBEBDAF} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=12007
Task: {9584E8AA-0126-4464-85C7-DE75AC63E825} - System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13 => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13.exe [2015-08-28] (Cinema PlusV28.08) <==== ATTENTION
Task: {9643A9C1-64CC-457E-B68E-4FC1758FB7F5} - System32\Tasks\{BEF409DF-7A35-4605-963C-2D24E9091529} => A:\SETUP.EXE
Task: {97696FC3-36DC-4F2D-B4EC-72E2A847B77D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {99154118-61E9-4833-8799-6A6835265744} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {99D16169-1A2E-453F-BF9C-1415662C4949} - System32\Tasks\tQ2EVipPq => C:\Users\Ed\AppData\Roaming\tQ2EVipPq.exe <==== ATTENTION
Task: {9BC1E227-8A5A-4E68-BABF-AC4C49F39A5D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9BCBC4AE-C460-41FC-A4D6-C72503AE522D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A7ADEE7B-F735-4DE7-8441-A5B85D506EFB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A8C1F049-CDDA-4B6D-BDB1-0EB5E2352142} - System32\Tasks\{83684222-ACAD-4129-899C-27E937CAC39A} => A:\SETUP.EXE
Task: {A8CB5879-61D0-4488-936D-BE917FB72D36} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {ADEE898F-ADDA-4CB3-960A-4C00664DEF67} - \Lnihloasolo -> No File <==== ATTENTION
Task: {B39F3C6B-7B89-4B88-82AA-8CF28455E316} - System32\Tasks\{F0366847-EF86-4A56-97FD-4102133DB83B} => A:\SETUP.EXE
Task: {B3EDC27B-CB94-4A42-9B66-0FAD02EE1399} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B3FC0613-3EB0-44A7-B33F-D2CF847E1726} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {BDB3674C-914F-42BB-9756-091D882D5580} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BF3985AB-389F-4FBC-AC54-98F495BAC556} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C07D9B9A-C923-4C0B-9E05-01EAAA93622A} - System32\Tasks\{921D86F7-1B88-4C08-97A1-92E201878A00} => A:\SETUP.EXE
Task: {C5C574B1-B160-43A4-BB7E-E75E79CF27FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CA788199-8F1F-471B-8CBB-91D7DAE3C2A9} - System32\Tasks\{D7B9DFB3-1BCA-4CBD-93B5-D1CB204227DA} => A:\SETUP.EXE
Task: {CCAD96D2-251F-4553-A833-A77EB8A39AF6} - System32\Tasks\{FC529B0A-212D-4B10-800C-5B2D8A841643} => A:\SETUP.EXE
Task: {D57D7E1D-3C6B-453A-AD7E-DB1B22C2ECDE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D5A05941-C0AC-4735-9926-A3BF3F1501A6} - System32\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5 => C:\Program Files (x86)\System NotifierV28.08\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.exe <==== ATTENTION
Task: {D7D91148-C069-4391-985F-89A1D817D799} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {DB856F68-6DEC-4B19-BE75-2A0285C772D8} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {DD7DE760-6056-4A7D-8D5A-1BB224CB9308} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {DEB4E9AC-5C50-4B77-AA52-4EA4F3B5EA0B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {E164AC5A-BF95-44FB-8D29-C7AC4E1C1679} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E4E5AD52-FB9B-4644-9B6A-EB84B2B503F6} - System32\Tasks\{D2AEB262-8F76-4904-974D-0E2E94B96F83} => A:\SETUP.EXE
Task: {E5C357C7-9935-49C6-B5D1-5EAB992C1C2C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E8A0BDCD-A1C2-4B87-840B-BF8D04C684F1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {EA9251A8-C370-4387-B1E5-E0530E08EE6B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EB87C302-8830-44E2-93D8-A80193AE26A6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EF929B38-3EF1-4911-A65E-7CBB48021553} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F0504E68-04D2-4A1E-8A56-97679599D4C1} - \a4f9fcf0-e386-46b9-8906-77a1fd8dad71-10_user -> No File <==== ATTENTION
Task: {F0F428D2-EF8D-4EB2-8BA2-DB8B068EC749} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {F2BED9FF-E0A2-4759-BB3A-3A1E478C4FF6} - System32\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5_user => C:\Program Files (x86)\System NotifierV28.08\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.exe <==== ATTENTION
Task: {F3F56F7C-18D9-40DE-9185-EE96B5FC54DE} - System32\Tasks\{BA301650-9FB1-45D4-9E58-3E45517D43CA} => A:\SETUP.EXE
Task: {F40D7047-305C-44D2-8853-4B75B1B5BBF9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {F6D92D28-9667-4A83-90F1-134A28EBFB75} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F7F4AA45-6619-46AF-B6DF-F18AE7C62F76} - System32\Tasks\SXsqUveBBPPqtSELNqTlIRb => C:\Users\Ed\AppData\Roaming\SXsqUveBBPPqtSELNqTlIRb.exe <==== ATTENTION
Task: {FAEA0EDC-C25E-4820-866B-01CBC081F2C1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FB8D83FD-13D2-47FA-98D2-761117A53868} - System32\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5_user => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.exe [2015-08-28] (Cinema PlusV28.08) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7.job => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13.job => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-13.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4.job => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.job => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5_user.job => C:\Program Files (x86)\Cinema-Plus-4.3cV28.08\86a3ab59-1528-4fe1-b6cc-6310448ec1fb-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-10_user.job => C:\Program Files (x86)\System NotifierV28.08\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.job => C:\Program Files (x86)\System NotifierV28.08\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5_user.job => C:\Program Files (x86)\System NotifierV28.08\a4f9fcf0-e386-46b9-8906-77a1fd8dad71-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1003Core1d0c4c2b0b7473b.job => C:\Users\Ed\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004Core.job => C:\Users\Nettie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-296683832-2999118333-2811571079-1004UA.job => C:\Users\Nettie\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\SXsqUveBBPPqtSELNqTlIRb.job => C:\Users\Ed\AppData\Roaming\SXsqUveBBPPqtSELNqTlIRb.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System Healer Period.job =>
Task: C:\WINDOWS\Tasks\System Healer StartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\tQ2EVipPq.job => C:\Users\Ed\AppData\Roaming\tQ2EVipPq.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2015-08-16 08:20 - 2015-08-16 08:20 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-20 16:31 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-27 15:54 - 2015-08-27 15:54 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 13002488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareServiceKernel.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_regex-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareActivation.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareApplicationUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareGamingMode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareReset.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTime.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdaterScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIgnoreList.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareQuarantine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01050880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiMalwareEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiRootkitEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerHistory.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScanner.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_timer-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00244472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIncompatibles.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00938728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiSpam.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00883440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiPhishing.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareParentalControl.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02985208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareWebProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01324280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareEmailProtection.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_iostreams-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01312512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNetworkProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePromo.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareFeedback.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareThreatWorkAlliance.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePinCode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNotice.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAvcEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtectionHistory.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareStatistics.dll
2015-08-28 18:36 - 2015-08-18 08:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 18:36 - 2015-08-18 08:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02794744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareShellExtension.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-16 08:21 - 2015-08-16 08:21 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 09558752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_locale-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\HtmlFramework.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTrayDefaultSkin.dll
2015-08-16 08:20 - 2015-08-16 08:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-20 16:31 - 2015-08-11 09:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-16 08:20 - 2015-08-16 08:20 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00082704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00254224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00049424 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00029968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-09-06 21:31 - 2015-09-06 21:31 - 00036112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2015-09-07 03:12 - 2015-09-07 03:12 - 00071168 _____ () c:\users\ed\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ylghf.dll
2015-09-06 14:17 - 2015-08-05 06:26 - 00012800 _____ () C:\Users\Ed\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-09-06 14:17 - 2015-08-05 06:26 - 00779776 _____ () C:\Users\Ed\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-06 14:17 - 2015-08-05 06:26 - 00056320 _____ () C:\Users\Ed\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-09-06 14:17 - 2015-08-05 06:26 - 00012288 _____ () C:\Users\Ed\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-08-30 10:45 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2015-08-28 15:36 - 2015-08-28 15:36 - 00170496 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\10edc62919c074493ccdf4332262aec2\IsdiInterop.ni.dll
2010-08-30 10:03 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-09-07 10:59 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-07 10:59 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-07 10:59 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-07 10:59 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-07 10:59 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7869 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-296683832-2999118333-2811571079-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{A4E6FC22-13F8-42BB-A747-B7A822E661E3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{86B1B1F4-6699-497C-A5AD-D1B012484283}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{718714FD-1194-48FC-806C-F3909BBFFAF4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [UDP Query User{A0862088-546F-4777-8A8D-67D66E27CE2F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3A7E25BF-F222-4D10-8B10-98046CCB0639}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9F42A272-D24F-471F-AA6F-B3531308675F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D7D3FCB-04FA-4746-89AF-DB3B5F4E422E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{550276AC-FB39-48B9-8F66-A61AF2EA10CE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{84D33289-1F42-49D7-B93F-468AFAB16C9A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [UDP Query User{7BE71360-1857-46CD-8EE0-510381ACE90B}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [TCP Query User{156CC31C-0CCE-4BA9-ABCB-40FD09696655}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{30A58B6E-6928-48D1-9049-B4A2EA9D6E53}C:\users\ed\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ed\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{4BABAE28-695A-4800-B937-A05D46EBA749}C:\users\ed\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ed\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{44BBDE31-9A84-404A-847D-F88990CCCB09}] => (Allow) C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{545FB99B-9F0A-4CEA-96A7-BB215F31C1F0}] => (Allow) C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{214A7E24-7C4F-4B94-AB21-625D724AB831}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A8C9EA9-1F89-43B7-83D6-C5797E9F3ECA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FB364656-6C7A-4C19-8B31-BBCCCFEE5FB8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D870040-96CE-48DA-803B-E43797EB5587}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{16BC501C-4782-4D93-916C-3B3439A1BF9D}] => (Allow) LPort=1900
FirewallRules: [{6C8C4420-E918-4151-A3AB-032535F5A421}] => (Allow) LPort=2869
FirewallRules: [{86497337-2B47-42BD-9E39-85A4F3C7900E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{476B7AE3-D312-40A4-B0B4-38D65A179341}C:\users\nettie\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\nettie\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [TCP Query User{2348676A-BD30-469B-84D1-213C142E22D7}C:\users\nettie\appdata\local\facebook\video\skype\facebookvideocalling.exe] => (Block) C:\users\nettie\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{7C4D19A1-9247-40E6-84D2-9F3CB2818490}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{40F34BAF-E652-4B76-9455-CABA0DA9CE83}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B5DA1D28-9103-497F-879B-028F43423FD2}] => (Allow) svchost.exe
FirewallRules: [{F64B8F5B-0517-4997-8D9B-5192E8762BA3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9C5AA253-DBED-4E74-BF57-C5F4C982C1C1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/23/2015 09:41:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46985657
Error: (09/23/2015 09:41:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46985657
Error: (09/23/2015 09:41:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/22/2015 11:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10820266
Error: (09/22/2015 11:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10820266
Error: (09/22/2015 11:38:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/22/2015 11:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10809469
Error: (09/22/2015 11:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10809469
Error: (09/22/2015 11:38:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/22/2015 07:54:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14813
System errors:
=============
Error: (09/21/2015 09:50:38 PM) (Source: DCOM) (EventID: 10010) (User: Jean-PC)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca
Error: (09/07/2015 04:03:28 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
Error: (09/07/2015 08:15:44 AM) (Source: DCOM) (EventID: 10010) (User: Jean-PC)
Description: App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca
Error: (09/07/2015 03:23:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (09/07/2015 03:08:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IE Search Set service failed to start due to the following error:
%%1053
Error: (09/07/2015 03:08:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IE Search Set service to connect.
Error: (09/07/2015 03:08:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Msmq Listener Adapter service failed to start due to the following error:
%%1053
Error: (09/07/2015 03:08:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Net.Msmq Listener Adapter service to connect.
Error: (09/07/2015 03:08:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1053
Error: (09/07/2015 03:08:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Tcp Port Sharing Service service failed to start due to the following error:
%%1053
CodeIntegrity:
===================================
Date: 2015-08-28 15:42:44.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:44.392
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:44.342
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:44.263
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:44.211
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:44.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:41.897
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:42:41.291
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:31:45.255
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2015-08-28 15:31:45.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 77%
Total physical RAM: 2806.71 MB
Available physical RAM: 630.92 MB
Total Virtual: 5622.71 MB
Available Virtual: 2665.72 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:284.55 GB) (Free:134.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 14759462)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-09-23 10:29:05
-----------------------------
10:29:05.445 OS Version: Windows x64 6.2.9200
10:29:05.445 Number of processors: 4 586 0x2505
10:29:05.445 ComputerName: JEAN-PC UserName: Ed
10:29:08.617 Initialize success
10:29:08.742 VM: initialized successfully
10:29:08.742 VM: Intel CPU supported
10:29:16.961 VM: disk I/O iaStor.sys
10:34:47.309 AVAST engine defs: 15092300
10:36:39.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:36:39.291 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
10:36:39.510 Disk 0 MBR read successfully
10:36:39.510 Disk 0 MBR scan
10:36:39.635 Disk 0 Windows 7 default MBR code
10:36:39.635 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
10:36:39.682 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
10:36:39.697 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291381 MB offset 27469824
10:36:39.744 Disk 0 Partition 4 00 27 Hidden NTFS WinRE NTFS 450 MB offset 624218112
10:36:39.822 Disk 0 scanning C:\WINDOWS\system32\drivers
10:37:03.613 Service scanning
10:37:42.927 Modules scanning
10:37:42.927 Disk 0 trace - called modules:
10:37:42.943 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:37:42.943 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001e847c060]
10:37:42.958 3 CLASSPNP.SYS[fffff8019b9a46c5] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xffffe001e4dc2050]
10:37:47.708 AVAST engine scan C:\WINDOWS
10:37:50.880 AVAST engine scan C:\WINDOWS\system32
10:43:52.878 AVAST engine scan C:\WINDOWS\system32\drivers
10:44:20.201 AVAST engine scan C:\Users\Ed
10:59:33.959 AVAST engine scan C:\ProgramData
11:02:46.756 Disk 0 statistics 4976972/0/0 @ 2.25 MB/s
11:02:46.778 Scan finished successfully
11:19:25.576 Disk 0 MBR has been saved successfully to "C:\Users\Ed\Desktop\MBR.dat"
11:19:25.607 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"
Again thanks in advance for your assistance and I hope that my earlier tinkering has not complicated matters.
Regards Ed