rockmypunkk
2015-11-16, 03:40
This is unrelated to my other open thread on here, https://forums.spybot.info/showthread.php?72899-javaws-exe-and-90-100-cpu-usage-and-locking-up/page2
this is for my family members laptop, they're not security minded so they download all of the toolbar downloads from pogo, some gambling site they play on, laptop runs very slowly, especially on shut down and start up, trying to open firefox opens IE instead even though the shortcut is correct and IE somehow defaulted itself as the main browser
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Rhonda (administrator) on RHONDA-PC (15-11-2015 20:20:05)
Running from C:\Users\Rhonda\Desktop
Loaded Profiles: Rhonda (Available Profiles: Rhonda & Tom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\iWinTrusted.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-11] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-10] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\Run: [Desktop Software] => "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\MountPoints2: {f78eead1-176e-11e5-950f-1c7508ca7420} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-23] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1ACA89FC-E4F1-4210-84FD-49EE2F2FF873}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{32F3325B-196B-4F18-B50F-B258365B3381}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
URLSearchHook: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 -> DefaultScope {AF8E5158-B052-4AFA-9B63-05213705B3DA} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=A011US662&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 -> {AF8E5158-B052-4AFA-9B63-05213705B3DA} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=A011US662&p={SearchTerms}
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-15] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\4gvsues2.default-1444751557871
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.pogo.com/?pageSection=cp_header_home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\4gvsues2.default-1444751557871\searchplugins\web-search.xml [2015-11-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-12-02] [not signed]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 iWinTrusted; C:\Program Files (x86)\Pogo Games\iWinTrusted.exe [216920 2015-08-13] (iWin Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-11] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 20:20 - 2015-11-15 20:21 - 00017773 _____ C:\Users\Rhonda\Desktop\FRST.txt
2015-11-15 20:19 - 2015-11-15 20:20 - 00000000 ____D C:\FRST
2015-11-15 20:17 - 2015-11-15 20:19 - 05198336 _____ (AVAST Software) C:\Users\Rhonda\Desktop\aswMBR.exe
2015-11-15 20:16 - 2015-11-15 20:16 - 02198528 _____ (Farbar) C:\Users\Rhonda\Desktop\FRST64.exe
2015-11-14 19:42 - 2015-11-14 19:42 - 00001187 _____ C:\Users\Rhonda\Desktop\Continue Firefox Installation.lnk
2015-11-14 19:40 - 2015-11-14 19:40 - 01066784 _____ (Installer ) C:\Users\Rhonda\Downloads\Firefox_Setup.exe
2015-11-12 17:26 - 2015-11-12 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-12 17:26 - 2015-11-12 17:26 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-12 11:48 - 2015-11-03 11:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 14:32 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 14:32 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 14:32 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 14:32 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 14:32 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 14:32 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 14:32 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 14:32 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 14:32 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 14:32 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 14:31 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 14:31 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 14:31 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 14:31 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 14:31 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 14:31 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 14:31 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 14:31 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 14:31 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 14:31 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 14:31 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 14:31 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 14:31 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 14:31 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 14:31 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 14:31 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 14:31 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 14:31 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 14:31 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 14:31 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 14:31 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 14:31 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 14:31 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 14:31 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 14:31 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 14:31 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 14:31 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 14:31 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 14:31 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 14:31 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 14:31 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 14:31 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 14:31 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 14:31 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 14:31 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 14:31 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 14:31 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 14:31 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 14:31 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 14:31 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 14:31 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 14:31 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 14:31 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 14:31 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 14:31 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 14:31 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 14:31 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 14:31 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 14:31 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 14:31 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 14:31 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 14:31 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 14:31 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 14:31 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 14:31 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 14:31 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 14:31 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 14:31 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 14:31 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 14:31 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 14:31 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 14:31 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 14:31 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 14:31 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 14:30 - 2015-10-19 19:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 14:30 - 2015-10-19 19:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 14:30 - 2015-10-19 19:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 14:30 - 2015-10-19 19:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 14:30 - 2015-10-19 19:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 14:30 - 2015-10-19 19:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 14:30 - 2015-10-19 19:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 14:30 - 2015-10-19 19:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 14:30 - 2015-10-19 19:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 14:30 - 2015-10-19 19:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 14:30 - 2015-10-19 19:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 14:30 - 2015-10-19 19:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 14:30 - 2015-10-19 19:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 14:30 - 2015-10-19 19:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 14:30 - 2015-10-19 18:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 14:30 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 14:30 - 2015-10-19 18:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 14:30 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 14:30 - 2015-10-19 18:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 14:30 - 2015-10-19 18:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 14:30 - 2015-10-19 18:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 14:30 - 2015-10-19 18:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 14:30 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 14:30 - 2015-10-19 18:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 14:30 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 14:30 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 17:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 14:30 - 2015-10-19 17:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 14:30 - 2015-10-19 17:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 14:30 - 2015-10-19 17:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 14:30 - 2015-10-19 17:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 14:30 - 2015-10-19 17:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 17:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 17:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 17:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 14:30 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 14:30 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 14:30 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 14:29 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 14:29 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 14:29 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 14:29 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 14:29 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 14:29 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 14:29 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 14:29 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 14:29 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 14:29 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 14:29 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 14:29 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 14:29 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-04 05:54 - 2015-11-05 05:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-03 08:40 - 2015-11-03 08:40 - 00000000 _____ C:\Windows\SysWOW64\sho60D6.tmp
2015-11-02 04:28 - 2015-11-02 04:28 - 00000383 _____ C:\ftconfig.ini
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 20:17 - 2011-02-19 13:10 - 01813926 _____ C:\Windows\WindowsUpdate.log
2015-11-15 20:12 - 2012-07-16 13:32 - 00000000 ____D C:\ProgramData\clear.fi
2015-11-15 20:12 - 2011-02-19 13:24 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-15 20:11 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 20:11 - 2009-07-13 22:51 - 00068711 _____ C:\Windows\setupact.log
2015-11-15 20:09 - 2015-10-13 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-15 20:09 - 2013-11-16 21:36 - 00000000 ____D C:\ProgramData\Oracle
2015-11-15 20:08 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 20:08 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 20:07 - 2015-09-04 09:29 - 00000000 ____D C:\Users\Rhonda\.oracle_jre_usage
2015-11-15 20:05 - 2015-10-13 10:04 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-15 20:05 - 2015-10-13 10:03 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-15 20:03 - 2012-07-16 13:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-15 15:25 - 2009-07-13 23:13 - 00782744 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-13 20:13 - 2009-07-13 23:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-12 19:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-11-12 17:26 - 2014-06-22 15:51 - 00001938 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-12 17:21 - 2009-07-13 22:45 - 00263640 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 00:12 - 2014-04-24 21:10 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 00:03 - 2014-04-24 21:10 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 23:32 - 2014-07-21 18:54 - 00775358 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 23:30 - 2009-07-14 01:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 19:55 - 2012-07-16 13:30 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 19:55 - 2012-07-16 13:30 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 19:55 - 2012-07-16 13:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-05 05:58 - 2012-07-16 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-05 05:58 - 2011-02-19 13:06 - 00055062 _____ C:\Windows\PFRO.log
2015-11-04 14:01 - 2015-03-22 16:32 - 00008228 _____ C:\Windows\wininit.ini
==================== Files in the root of some directories =======
2011-02-19 13:37 - 2011-02-19 13:50 - 0016235 _____ () C:\ProgramData\ArcadeDeluxe5.log
Some files in TEMP:
====================
C:\Users\Rhonda\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Rhonda\AppData\Local\Temp\java-installer.exe
C:\Users\Rhonda\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Rhonda\AppData\Local\Temp\_is2954.exe
C:\Users\Rhonda\AppData\Local\Temp\_is4BCB.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-10 07:10
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Rhonda (2015-11-15 20:23:13)
Running from C:\Users\Rhonda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-05-15 17:56:32)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2668850861-2937669843-3631336596-500 - Administrator - Disabled)
Guest (S-1-5-21-2668850861-2937669843-3631336596-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2668850861-2937669843-3631336596-1003 - Limited - Enabled)
Rhonda (S-1-5-21-2668850861-2937669843-3631336596-1001 - Administrator - Enabled) => C:\Users\Rhonda
Tom (S-1-5-21-2668850861-2937669843-3631336596-1004 - Administrator - Enabled) => C:\Users\Tom
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3001 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
ccc-core-static (x32 Version: 2010.1118.1603.28745 - ATI) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.41.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.5 - Acer Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Regency Solitaire (HKLM-x32\...\Regency Solitaire) (Version: - Pogo.com)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.0.4 - Splashtop Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Video Performer (HKLM-x32\...\Video Performer) (Version: - PerformerSoft LLC) <==== ATTENTION
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
23-10-2015 06:40:33 Windows Update
25-10-2015 19:53:29 Windows Backup
27-10-2015 05:15:44 Windows Update
01-11-2015 19:00:08 Windows Backup
03-11-2015 04:37:55 Windows Update
06-11-2015 05:51:33 Windows Update
08-11-2015 21:34:29 Windows Backup
10-11-2015 11:37:42 Windows Update
11-11-2015 23:28:42 Windows Update
12-11-2015 14:43:42 Windows Update
15-11-2015 19:00:13 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2015-11-12 17:26 - 00450805 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com (http://www.123moviedownload.com)
There are 15463 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C562562-F3F5-4988-BC32-18B98690FB3B} - System32\Tasks\{7004F38C-419A-43EF-A0E7-171912F6981D} => pcalua.exe -a C:\Users\Rhonda\Downloads\jxpiinstall(9).exe -d C:\Users\Rhonda\Downloads
Task: {1E12A17A-B120-4B36-B2B3-B5395636F4CC} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2015-08-13] (iWin Inc.)
Task: {3BC37893-C885-4643-AB2B-95BE24C5DF08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {4D03DE6F-5AAA-48DC-A54C-6D63ABA64D82} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-10-12] (Acer)
Task: {557D5803-C9A7-40F4-BB11-DCA8AFB146A1} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {79FFE39D-4AB4-4535-8217-DCE6A8B01D87} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {878986CB-EDF5-4EC0-B14D-91A9762DE3EA} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {A08204E4-4F5C-4B96-BCCC-DBDA6364808E} - System32\Tasks\{32814AE2-21BE-4543-824F-B90A9677B48E} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {BB38E7EB-268D-4A19-8597-266B04AD6749} - System32\Tasks\{10CFA84D-955C-4DC7-B58F-1712425F60C8} => pcalua.exe -a C:\Users\Rhonda\Downloads\jxpiinstall(12).exe -d C:\Users\Rhonda\Downloads
Task: {C67CC429-E133-45F9-87FC-68AA26B0FE5C} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: {F12E3B03-8D86-4ECE-A723-7B2FDADB6E4B} - System32\Tasks\{27918C27-F706-44CD-AAB4-C8E28712A28D} => pcalua.exe -a C:\Users\Rhonda\Downloads\jxpiinstall(11).exe -d C:\Users\Rhonda\Downloads
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (Whitelisted) ==============
2010-11-18 18:13 - 2010-11-18 18:13 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2010-11-18 18:14 - 2010-11-18 18:14 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-11-11 19:22 - 2010-11-11 19:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-11 19:22 - 2010-11-11 19:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-11 19:22 - 2010-11-11 19:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2015-09-07 19:12 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-07 19:12 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-07 19:12 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-07 19:12 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-07 19:12 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-12-23 16:46 - 2010-12-23 16:46 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)
There are 7866 more sites.
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)
There are 7866 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rhonda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9C080EF5-C928-4428-818C-404A3149D359}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3BB6C29B-6053-4EE2-B76A-4FC926776493}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{52E7A56D-C286-4C80-A135-D1E1801AABF0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DF8F173E-5EC9-45D3-B5EF-B227FD249F1B}] => (Allow) LPort=2869
FirewallRules: [{FD7C1578-436B-43D8-B7D0-DE228DE09121}] => (Allow) LPort=1900
FirewallRules: [{C9655107-6C6C-4670-A207-464C053D0446}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{681AF9AE-04C0-48BD-A0C5-2F1D2D71711F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9A73C631-584D-4BDD-AAA2-EEE44B2F5F80}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{7F019B25-AEC1-4BB8-AF20-6DC62C15D952}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{6F1B7CA2-FF3F-4D2A-A098-5F451364438C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{04F2AF7E-ABE2-480D-B7D5-789E673F37B6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{DFBD6115-3F6D-40CB-B971-E9BB1110DF66}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{E3D067FD-C40A-466F-BF7C-DF0DF3AE4531}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{D4D9143A-F098-4622-A789-BD047D8B3913}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{735140E3-1030-4280-8E7D-7F3DD176DF99}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{54A20C64-7751-4948-B032-34266352F580}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{190825FF-BC5A-40E8-9D3B-485A1619982C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{0B266C0C-E0E5-4C80-BF17-AD47FB1456A6}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{ABC6F9B8-FDA0-4ACF-8B23-5DCD1AA8E70F}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{D9F9C6BB-C741-418C-9160-B1AA58735EF5}] => (Allow) C:\Users\Rhonda\Downloads\VideoPerformerSetup.exe
FirewallRules: [{5BDE25AF-7B98-487D-B98F-B4BEB22B398D}] => (Allow) C:\Users\Rhonda\Downloads\VideoPerformerSetup.exe
FirewallRules: [{D29C274D-DCB9-4027-91F0-DDF6B16D73D0}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{B8CF2AB8-B48B-4740-8D14-346C07EA2303}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{650BE5EB-FB8C-4CCA-9DA3-80B8FD7954FB}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{5613EA9C-3142-48EC-B3A1-98346592B5F3}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{2838F8B6-7F53-40E8-A9A6-2F2890989024}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8878FD93-99D1-4520-A6D7-75B0A548746F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E762F24E-8763-4D19-A393-D3FC31E283C4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{7C9175EC-3325-4A45-BE03-0DB09CE0BC82}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{760DD741-E515-41BF-9BAA-F0E8ADBDB437}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9956CC8E-0CB7-41FE-A781-4E1CC9A154C9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E7B743D3-5B47-4346-A9BE-F62A7EEAFF56}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19877B43-2D24-487F-92CB-B38DD99446EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6C98D87F-2EF1-439D-9788-91EBD4E8BF5D}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{E25BC489-33CF-4B07-8AB9-4C06E5A828D6}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{375C4F21-241F-4A44-9EC0-EAA63763BB9D}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/15/2015 08:22:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
Error: (11/15/2015 08:12:30 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
Error: (11/15/2015 08:12:30 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=A50}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7145.5001.sft' (rc 24604E0A-40000193, original rc 24604E0A-40000193).
Error: (11/15/2015 08:12:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
Error: (11/15/2015 08:12:29 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=A50}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7145.5001.sft' (rc 24604E0A-40000193, original rc 24604E0A-40000193).
Error: (11/15/2015 03:28:49 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
Error: (11/15/2015 03:19:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
Error: (11/15/2015 03:19:57 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=A54}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7145.5001.sft' (rc 24604E0A-40000193, original rc 24604E0A-40000193).
Error: (11/15/2015 03:19:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
Error: (11/15/2015 03:19:57 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=A54}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7145.5001.sft' (rc 24604E0A-40000193, original rc 24604E0A-40000193).
System errors:
=============
Error: (11/15/2015 08:11:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2
Error: (11/15/2015 03:18:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2
Error: (11/15/2015 02:09:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (11/15/2015 08:28:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (11/15/2015 08:28:10 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{32F3325B-196B-4F18-B50F-B258365B3381} because another computer on the network has the same name. The server could not start.
Error: (11/15/2015 08:27:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2
Error: (11/14/2015 07:38:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (11/14/2015 07:36:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2
Error: (11/14/2015 06:06:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (11/14/2015 06:06:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
==================== Memory info ===========================
Processor: AMD C-50 Processor
Percentage of memory in use: 43%
Total physical RAM: 2794.9 MB
Available physical RAM: 1589.62 MB
Total Virtual: 5588.01 MB
Available Virtual: 4036.56 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:216.77 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2BAB1292)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-11-15 20:33:31
-----------------------------
20:33:31.577 OS Version: Windows x64 6.1.7601 Service Pack 1
20:33:31.577 Number of processors: 2 586 0x100
20:33:31.577 ComputerName: RHONDA-PC UserName: Rhonda
20:33:33.215 Initialize success
20:33:33.277 VM: initialized successfully
20:33:33.277 VM: Amd CPU supported
20:33:39.708 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:33:39.723 Disk 0 Vendor: WDC_WD3200BPVT-22ZEST0 01.01A01 Size: 305245MB BusType: 11
20:33:39.879 Disk 0 MBR read successfully
20:33:39.895 Disk 0 MBR scan
20:33:39.911 Disk 0 Windows 7 default MBR code
20:33:39.911 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
20:33:39.942 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
20:33:39.957 Disk 0 Boot: NTFS code=1
20:33:39.973 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289783 MB offset 31664128
20:33:40.004 Disk 0 scanning C:\Windows\system32\drivers
20:33:48.413 Service scanning
20:34:07.619 Modules scanning
20:34:07.650 Disk 0 trace - called modules:
20:34:07.681 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:34:07.697 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030ca6b0]
20:34:07.712 3 CLASSPNP.SYS[fffff880018bc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002f6f060]
20:34:07.743 Disk 0 statistics 98538/0/0 @ 6.55 MB/s
20:34:07.759 Scan finished successfully
20:38:35.970 Disk 0 MBR has been saved successfully to "C:\Users\Rhonda\Desktop\MBR.dat"
20:38:35.986 The log file has been saved successfully to "C:\Users\Rhonda\Desktop\aswMBRtext.txt"
this is for my family members laptop, they're not security minded so they download all of the toolbar downloads from pogo, some gambling site they play on, laptop runs very slowly, especially on shut down and start up, trying to open firefox opens IE instead even though the shortcut is correct and IE somehow defaulted itself as the main browser
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Rhonda (administrator) on RHONDA-PC (15-11-2015 20:20:05)
Running from C:\Users\Rhonda\Desktop
Loaded Profiles: Rhonda (Available Profiles: Rhonda & Tom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\iWinTrusted.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860040 2010-10-29] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296768 2010-11-11] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1029200 2010-12-31] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-10] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\Run: [Desktop Software] => "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\MountPoints2: {f78eead1-176e-11e5-950f-1c7508ca7420} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-23] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1ACA89FC-E4F1-4210-84FD-49EE2F2FF873}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{32F3325B-196B-4F18-B50F-B258365B3381}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
URLSearchHook: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 -> DefaultScope {AF8E5158-B052-4AFA-9B63-05213705B3DA} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=A011US662&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001 -> {AF8E5158-B052-4AFA-9B63-05213705B3DA} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=A011US662&p={SearchTerms}
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-15] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-09-17] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\4gvsues2.default-1444751557871
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.pogo.com/?pageSection=cp_header_home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\4gvsues2.default-1444751557871\searchplugins\web-search.xml [2015-11-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-12-02]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-02-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-12-02] [not signed]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-11-18] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 iWinTrusted; C:\Program Files (x86)\Pogo Games\iWinTrusted.exe [216920 2015-08-13] (iWin Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2010-11-11] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 20:20 - 2015-11-15 20:21 - 00017773 _____ C:\Users\Rhonda\Desktop\FRST.txt
2015-11-15 20:19 - 2015-11-15 20:20 - 00000000 ____D C:\FRST
2015-11-15 20:17 - 2015-11-15 20:19 - 05198336 _____ (AVAST Software) C:\Users\Rhonda\Desktop\aswMBR.exe
2015-11-15 20:16 - 2015-11-15 20:16 - 02198528 _____ (Farbar) C:\Users\Rhonda\Desktop\FRST64.exe
2015-11-14 19:42 - 2015-11-14 19:42 - 00001187 _____ C:\Users\Rhonda\Desktop\Continue Firefox Installation.lnk
2015-11-14 19:40 - 2015-11-14 19:40 - 01066784 _____ (Installer ) C:\Users\Rhonda\Downloads\Firefox_Setup.exe
2015-11-12 17:26 - 2015-11-12 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-12 17:26 - 2015-11-12 17:26 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-12 11:48 - 2015-11-03 11:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 14:32 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 14:32 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 14:32 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 14:32 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 14:32 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 14:32 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 14:32 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 14:32 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 14:32 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 14:32 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 14:32 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 14:31 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 14:31 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 14:31 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 14:31 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 14:31 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 14:31 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 14:31 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 14:31 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 14:31 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 14:31 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 14:31 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 14:31 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 14:31 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 14:31 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 14:31 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 14:31 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 14:31 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 14:31 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 14:31 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 14:31 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 14:31 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 14:31 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 14:31 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 14:31 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 14:31 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 14:31 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 14:31 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 14:31 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 14:31 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 14:31 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 14:31 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 14:31 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 14:31 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 14:31 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 14:31 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 14:31 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 14:31 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 14:31 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 14:31 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 14:31 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 14:31 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 14:31 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 14:31 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 14:31 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 14:31 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 14:31 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 14:31 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 14:31 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 14:31 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 14:31 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 14:31 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 14:31 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 14:31 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 14:31 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 14:31 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 14:31 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 14:31 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 14:31 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 14:31 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 14:31 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 14:31 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 14:31 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 14:31 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 14:31 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 14:30 - 2015-10-19 19:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 14:30 - 2015-10-19 19:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 14:30 - 2015-10-19 19:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 14:30 - 2015-10-19 19:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 14:30 - 2015-10-19 19:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 14:30 - 2015-10-19 19:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 14:30 - 2015-10-19 19:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 14:30 - 2015-10-19 19:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 14:30 - 2015-10-19 19:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 14:30 - 2015-10-19 19:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 14:30 - 2015-10-19 19:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 14:30 - 2015-10-19 19:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 14:30 - 2015-10-19 19:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 14:30 - 2015-10-19 19:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 14:30 - 2015-10-19 19:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 14:30 - 2015-10-19 18:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 14:30 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 14:30 - 2015-10-19 18:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 14:30 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 14:30 - 2015-10-19 18:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 14:30 - 2015-10-19 18:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 14:30 - 2015-10-19 18:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 14:30 - 2015-10-19 18:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 14:30 - 2015-10-19 18:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 14:30 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 14:30 - 2015-10-19 18:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 14:30 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 14:30 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 17:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 14:30 - 2015-10-19 17:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 14:30 - 2015-10-19 17:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 14:30 - 2015-10-19 17:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 14:30 - 2015-10-19 17:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 14:30 - 2015-10-19 17:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 17:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 17:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 14:30 - 2015-10-19 17:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 14:30 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 14:30 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 14:30 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 14:29 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 14:29 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 14:29 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 14:29 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 14:29 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 14:29 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 14:29 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 14:29 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 14:29 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 14:29 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 14:29 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 14:29 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 14:29 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-04 05:54 - 2015-11-05 05:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-03 08:40 - 2015-11-03 08:40 - 00000000 _____ C:\Windows\SysWOW64\sho60D6.tmp
2015-11-02 04:28 - 2015-11-02 04:28 - 00000383 _____ C:\ftconfig.ini
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-15 20:17 - 2011-02-19 13:10 - 01813926 _____ C:\Windows\WindowsUpdate.log
2015-11-15 20:12 - 2012-07-16 13:32 - 00000000 ____D C:\ProgramData\clear.fi
2015-11-15 20:12 - 2011-02-19 13:24 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-15 20:11 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 20:11 - 2009-07-13 22:51 - 00068711 _____ C:\Windows\setupact.log
2015-11-15 20:09 - 2015-10-13 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-15 20:09 - 2013-11-16 21:36 - 00000000 ____D C:\ProgramData\Oracle
2015-11-15 20:08 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 20:08 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 20:07 - 2015-09-04 09:29 - 00000000 ____D C:\Users\Rhonda\.oracle_jre_usage
2015-11-15 20:05 - 2015-10-13 10:04 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-15 20:05 - 2015-10-13 10:03 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-15 20:03 - 2012-07-16 13:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-15 15:25 - 2009-07-13 23:13 - 00782744 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-13 20:13 - 2009-07-13 23:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-12 19:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-11-12 17:26 - 2014-06-22 15:51 - 00001938 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-12 17:21 - 2009-07-13 22:45 - 00263640 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 00:12 - 2014-04-24 21:10 - 00000000 ____D C:\Windows\system32\MRT
2015-11-12 00:03 - 2014-04-24 21:10 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 23:32 - 2014-07-21 18:54 - 00775358 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 23:30 - 2009-07-14 01:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 19:55 - 2012-07-16 13:30 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 19:55 - 2012-07-16 13:30 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 19:55 - 2012-07-16 13:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-05 05:58 - 2012-07-16 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-05 05:58 - 2011-02-19 13:06 - 00055062 _____ C:\Windows\PFRO.log
2015-11-04 14:01 - 2015-03-22 16:32 - 00008228 _____ C:\Windows\wininit.ini
==================== Files in the root of some directories =======
2011-02-19 13:37 - 2011-02-19 13:50 - 0016235 _____ () C:\ProgramData\ArcadeDeluxe5.log
Some files in TEMP:
====================
C:\Users\Rhonda\AppData\Local\Temp\ICReinstall_Firefox_Setup.exe
C:\Users\Rhonda\AppData\Local\Temp\java-installer.exe
C:\Users\Rhonda\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Rhonda\AppData\Local\Temp\_is2954.exe
C:\Users\Rhonda\AppData\Local\Temp\_is4BCB.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-10 07:10
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Rhonda (2015-11-15 20:23:13)
Running from C:\Users\Rhonda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-05-15 17:56:32)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2668850861-2937669843-3631336596-500 - Administrator - Disabled)
Guest (S-1-5-21-2668850861-2937669843-3631336596-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2668850861-2937669843-3631336596-1003 - Limited - Enabled)
Rhonda (S-1-5-21-2668850861-2937669843-3631336596-1001 - Administrator - Enabled) => C:\Users\Rhonda
Tom (S-1-5-21-2668850861-2937669843-3631336596-1004 - Administrator - Enabled) => C:\Users\Tom
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3000 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3001 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4F125E8B-3B58-B80D-51E5-4FD110D1EF58}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
ccc-core-static (x32 Version: 2010.1118.1603.28745 - ATI) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1223.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1223.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.41.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Setup 3.2 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.2a - SEIKO EPSON CORPORATION)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.5 - Acer Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Regency Solitaire (HKLM-x32\...\Regency Solitaire) (Version: - Pogo.com)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.0.4 - Splashtop Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Video Performer (HKLM-x32\...\Video Performer) (Version: - PerformerSoft LLC) <==== ATTENTION
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
23-10-2015 06:40:33 Windows Update
25-10-2015 19:53:29 Windows Backup
27-10-2015 05:15:44 Windows Update
01-11-2015 19:00:08 Windows Backup
03-11-2015 04:37:55 Windows Update
06-11-2015 05:51:33 Windows Update
08-11-2015 21:34:29 Windows Backup
10-11-2015 11:37:42 Windows Update
11-11-2015 23:28:42 Windows Update
12-11-2015 14:43:42 Windows Update
15-11-2015 19:00:13 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2015-11-12 17:26 - 00450805 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com (http://www.123moviedownload.com)
There are 15463 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C562562-F3F5-4988-BC32-18B98690FB3B} - System32\Tasks\{7004F38C-419A-43EF-A0E7-171912F6981D} => pcalua.exe -a C:\Users\Rhonda\Downloads\jxpiinstall(9).exe -d C:\Users\Rhonda\Downloads
Task: {1E12A17A-B120-4B36-B2B3-B5395636F4CC} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2015-08-13] (iWin Inc.)
Task: {3BC37893-C885-4643-AB2B-95BE24C5DF08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {4D03DE6F-5AAA-48DC-A54C-6D63ABA64D82} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2010-10-12] (Acer)
Task: {557D5803-C9A7-40F4-BB11-DCA8AFB146A1} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-23] (CyberLink)
Task: {79FFE39D-4AB4-4535-8217-DCE6A8B01D87} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-23] (Acer Incorporated)
Task: {878986CB-EDF5-4EC0-B14D-91A9762DE3EA} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {A08204E4-4F5C-4B96-BCCC-DBDA6364808E} - System32\Tasks\{32814AE2-21BE-4543-824F-B90A9677B48E} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {BB38E7EB-268D-4A19-8597-266B04AD6749} - System32\Tasks\{10CFA84D-955C-4DC7-B58F-1712425F60C8} => pcalua.exe -a C:\Users\Rhonda\Downloads\jxpiinstall(12).exe -d C:\Users\Rhonda\Downloads
Task: {C67CC429-E133-45F9-87FC-68AA26B0FE5C} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-23] (CyberLink Corp.)
Task: {F12E3B03-8D86-4ECE-A723-7B2FDADB6E4B} - System32\Tasks\{27918C27-F706-44CD-AAB4-C8E28712A28D} => pcalua.exe -a C:\Users\Rhonda\Downloads\jxpiinstall(11).exe -d C:\Users\Rhonda\Downloads
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (Whitelisted) ==============
2010-11-18 18:13 - 2010-11-18 18:13 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2010-11-18 18:14 - 2010-11-18 18:14 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-11-11 19:22 - 2010-11-11 19:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2010-11-11 19:22 - 2010-11-11 19:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2010-11-11 19:22 - 2010-11-11 19:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2015-09-07 19:12 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-07 19:12 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-07 19:12 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-07 19:12 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-07 19:12 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-12-23 16:46 - 2010-12-23 16:46 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)
There are 7866 more sites.
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)
There are 7866 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2668850861-2937669843-3631336596-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rhonda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9C080EF5-C928-4428-818C-404A3149D359}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3BB6C29B-6053-4EE2-B76A-4FC926776493}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{52E7A56D-C286-4C80-A135-D1E1801AABF0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DF8F173E-5EC9-45D3-B5EF-B227FD249F1B}] => (Allow) LPort=2869
FirewallRules: [{FD7C1578-436B-43D8-B7D0-DE228DE09121}] => (Allow) LPort=1900
FirewallRules: [{C9655107-6C6C-4670-A207-464C053D0446}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{681AF9AE-04C0-48BD-A0C5-2F1D2D71711F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9A73C631-584D-4BDD-AAA2-EEE44B2F5F80}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{7F019B25-AEC1-4BB8-AF20-6DC62C15D952}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{6F1B7CA2-FF3F-4D2A-A098-5F451364438C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{04F2AF7E-ABE2-480D-B7D5-789E673F37B6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{DFBD6115-3F6D-40CB-B971-E9BB1110DF66}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{E3D067FD-C40A-466F-BF7C-DF0DF3AE4531}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
FirewallRules: [{D4D9143A-F098-4622-A789-BD047D8B3913}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{735140E3-1030-4280-8E7D-7F3DD176DF99}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{54A20C64-7751-4948-B032-34266352F580}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{190825FF-BC5A-40E8-9D3B-485A1619982C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{0B266C0C-E0E5-4C80-BF17-AD47FB1456A6}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{ABC6F9B8-FDA0-4ACF-8B23-5DCD1AA8E70F}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{D9F9C6BB-C741-418C-9160-B1AA58735EF5}] => (Allow) C:\Users\Rhonda\Downloads\VideoPerformerSetup.exe
FirewallRules: [{5BDE25AF-7B98-487D-B98F-B4BEB22B398D}] => (Allow) C:\Users\Rhonda\Downloads\VideoPerformerSetup.exe
FirewallRules: [{D29C274D-DCB9-4027-91F0-DDF6B16D73D0}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{B8CF2AB8-B48B-4740-8D14-346C07EA2303}] => (Allow) C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{650BE5EB-FB8C-4CCA-9DA3-80B8FD7954FB}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{5613EA9C-3142-48EC-B3A1-98346592B5F3}] => (Allow) C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{2838F8B6-7F53-40E8-A9A6-2F2890989024}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8878FD93-99D1-4520-A6D7-75B0A548746F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E762F24E-8763-4D19-A393-D3FC31E283C4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{7C9175EC-3325-4A45-BE03-0DB09CE0BC82}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{760DD741-E515-41BF-9BAA-F0E8ADBDB437}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9956CC8E-0CB7-41FE-A781-4E1CC9A154C9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E7B743D3-5B47-4346-A9BE-F62A7EEAFF56}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{19877B43-2D24-487F-92CB-B38DD99446EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6C98D87F-2EF1-439D-9788-91EBD4E8BF5D}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{E25BC489-33CF-4B07-8AB9-4C06E5A828D6}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{375C4F21-241F-4A44-9EC0-EAA63763BB9D}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/15/2015 08:22:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
Error: (11/15/2015 08:12:30 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
Error: (11/15/2015 08:12:30 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=A50}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7145.5001.sft' (rc 24604E0A-40000193, original rc 24604E0A-40000193).
Error: (11/15/2015 08:12:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
Error: (11/15/2015 08:12:29 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=A50}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7145.5001.sft' (rc 24604E0A-40000193, original rc 24604E0A-40000193).
Error: (11/15/2015 03:28:49 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
Error: (11/15/2015 03:19:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
Error: (11/15/2015 03:19:57 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=A54}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7145.5001.sft' (rc 24604E0A-40000193, original rc 24604E0A-40000193).
Error: (11/15/2015 03:19:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
Error: (11/15/2015 03:19:57 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=A54}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7145.5001.sft' (rc 24604E0A-40000193, original rc 24604E0A-40000193).
System errors:
=============
Error: (11/15/2015 08:11:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2
Error: (11/15/2015 03:18:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2
Error: (11/15/2015 02:09:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (11/15/2015 08:28:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (11/15/2015 08:28:10 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{32F3325B-196B-4F18-B50F-B258365B3381} because another computer on the network has the same name. The server could not start.
Error: (11/15/2015 08:27:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2
Error: (11/14/2015 07:38:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (11/14/2015 07:36:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2
Error: (11/14/2015 06:06:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (11/14/2015 06:06:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
==================== Memory info ===========================
Processor: AMD C-50 Processor
Percentage of memory in use: 43%
Total physical RAM: 2794.9 MB
Available physical RAM: 1589.62 MB
Total Virtual: 5588.01 MB
Available Virtual: 4036.56 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:216.77 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2BAB1292)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-11-15 20:33:31
-----------------------------
20:33:31.577 OS Version: Windows x64 6.1.7601 Service Pack 1
20:33:31.577 Number of processors: 2 586 0x100
20:33:31.577 ComputerName: RHONDA-PC UserName: Rhonda
20:33:33.215 Initialize success
20:33:33.277 VM: initialized successfully
20:33:33.277 VM: Amd CPU supported
20:33:39.708 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:33:39.723 Disk 0 Vendor: WDC_WD3200BPVT-22ZEST0 01.01A01 Size: 305245MB BusType: 11
20:33:39.879 Disk 0 MBR read successfully
20:33:39.895 Disk 0 MBR scan
20:33:39.911 Disk 0 Windows 7 default MBR code
20:33:39.911 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
20:33:39.942 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
20:33:39.957 Disk 0 Boot: NTFS code=1
20:33:39.973 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 289783 MB offset 31664128
20:33:40.004 Disk 0 scanning C:\Windows\system32\drivers
20:33:48.413 Service scanning
20:34:07.619 Modules scanning
20:34:07.650 Disk 0 trace - called modules:
20:34:07.681 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:34:07.697 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030ca6b0]
20:34:07.712 3 CLASSPNP.SYS[fffff880018bc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002f6f060]
20:34:07.743 Disk 0 statistics 98538/0/0 @ 6.55 MB/s
20:34:07.759 Scan finished successfully
20:38:35.970 Disk 0 MBR has been saved successfully to "C:\Users\Rhonda\Desktop\MBR.dat"
20:38:35.986 The log file has been saved successfully to "C:\Users\Rhonda\Desktop\aswMBRtext.txt"