BSoD, Task Manager & system restore disabled among other problems.

**Juliet** · 2015-12-03, 20:47

it was for the uninstall button (jpg) and the finish button (jpg)

don't know why that didn't post!

**by_accident** · 2015-12-04, 00:47

My Eset log is as follows:

C:\$Recycle.Bin\how_recover+lti.html Win32/Filecoder.EM trojan
C:\$Recycle.Bin\how_recover+lti.txt Win32/Filecoder.EM trojan
C:\$Recycle.Bin\S-1-5-21-3388803297-3879758489-340360114-1000\$RUX8H7G.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\$SysReset\how_recover+lti.html Win32/Filecoder.EM trojan
C:\$SysReset\how_recover+lti.txt Win32/Filecoder.EM trojan
C:\$SysReset\Logs\how_recover+lti.html Win32/Filecoder.EM trojan
C:\$SysReset\Logs\how_recover+lti.txt Win32/Filecoder.EM trojan
C:\4b318d7c3ab90976e725c758\how_recover+lti.html Win32/Filecoder.EM trojan
C:\4b318d7c3ab90976e725c758\how_recover+lti.txt Win32/Filecoder.EM trojan
C:\81e9708521e86f94a234\how_recover+lti.html Win32/Filecoder.EM trojan
C:\81e9708521e86f94a234\how_recover+lti.txt Win32/Filecoder.EM trojan
C:\AMD\amdkmpfd\how_recover+lti.html Win32/Filecoder.EM trojan
C:\AMD\amdkmpfd\how_recover+lti.txt Win32/Filecoder.EM trojan
C:\AMD\Catalyst_10.12_Windows7_Vista\Bin\how_recover+lti.html Win32/Filecoder.EM trojan
C:\AMD\Catalyst_10.12_Windows7_Vista\Bin\how_recover+lti.txt Win32/Filecoder.EM trojan
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\OCSetupHlp.dll a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Lou\AppData\Local\Microsoft\a1d22ec2-a20c-3ffc-249e-e044fe486761\399b743e-4d95-459b-bdf6-f9534a2066ef.exe Win32/Agent.RCJ trojan
C:\Users\Lou\AppData\Roaming\FF32A6D9-ACAE-42F5-AE3C-A6CAF0BDEBA9\108C.tmp.exe Win32/Agent.RCJ trojan
C:\Users\Lou\Documents\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Lou\Documents\Downloads\utorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\Lou\Documents\Downloads\Audio Tools\frostwire-5.1.5.windows.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Lou\Documents\Downloads\Audio Tools\iPod_Support_v3_07.exe Win32/PrcView potentially unsafe application
C:\Users\Lou\Documents\Downloads\Disc Tools\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Lou\Documents\Downloads\DVD stuff\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Lou\Documents\Downloads\Microsoft\Microsoft Office Proffesional Plus 2010 Corporate Final Full Activated -NoGRp\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso a variant of MSIL/HackKMS.A potentially unsafe application
C:\Users\Lou\Documents\Downloads\Misc\IZArc4b1.exe Win32/OpenCandy potentially unsafe application
C:\Users\Lou\Documents\Downloads\Security\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Lou\Downloads\HSS-3.32-install-e-550-plain.exe Win32/Bundled.Toolbar.Ask.L potentially unsafe application
C:\Windows.old\Documents and Settings\Lou\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Windows.old\Documents and Settings\Lou\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Windows.old\Documents and Settings\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Windows.old\Documents and Settings\Lou\Downloads\goback.exe a variant of Win32/TFTPD32.A potentially unsafe application
C:\Windows.old\Program Files (x86)\EaseUS\System GoBack Free\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe application
C:\Windows.old\Program Files (x86)\IObit\Driver Booster\DBPro.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Windows.old\Users\Lou\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Windows.old\Users\Lou\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Windows.old\Users\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Windows.old\Users\Lou\Downloads\goback.exe a variant of Win32/TFTPD32.A potentially unsafe application
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 1.zip a variant of Win32/AdkDLLWrapper.A potentially unwanted application
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 2.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 20.zip a variant of Win32/CNETInstaller.B potentially unwanted application
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 49.zip a variant of Win32/Toolbar.Visicom.A potentially unwanted application
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 5.zip Win32/HackTool.WinActivator.I potentially unsafe application
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 6.zip Win32/OpenCandy potentially unsafe application
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 8.zip a variant of Win32/Toolbar.Widgi.B potentially unwanted application

**Juliet** · 2015-12-04, 01:19

100% of Cracked/KeyGen software contains some form of malicious code.
This forum as well as most of the other malware removal forums do not support the use of illegal software,

These 4 files located within the AMD folder?

C:\AMD\amdkmpfd\how_recover+lti.html
C:\AMD\amdkmpfd\how_recover+lti.txt
C:\AMD\Catalyst_10.12_Windows7_Vista\Bin\how_recover+lti.html
C:\AMD\Catalyst_10.12_Windows7_Vista\Bin\how_recover+lti.txt

If it's something you placed or directed there I think it's fine to delete those, haven't seen those before and I think I'll let you delete those.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
C:\$Recycle.Bin\how_recover+lti.html
C:\$Recycle.Bin\how_recover+lti.txt
C:\$Recycle.Bin\S-1-5-21-3388803297-3879758489-340360114-1000\$RUX8H7G.exe
C:\$SysReset\how_recover+lti.html
C:\$SysReset\how_recover+lti.txt
C:\$SysReset\Logs\how_recover+lti.html
C:\$SysReset\Logs\how_recover+lti.txt
C:\4b318d7c3ab90976e725c758\how_recover+lti.html
C:\4b318d7c3ab90976e725c758\how_recover+lti.txt
C:\81e9708521e86f94a234\how_recover+lti.html
C:\81e9708521e86f94a234\how_recover+lti.txt
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\OCSetupHlp.dll
C:\Users\Lou\AppData\Local\Microsoft\a1d22ec2-a20c-3ffc-249e-e044fe486761\399b743e-4d95-459b-bdf6-f9534a2066ef.exe
C:\Users\Lou\AppData\Roaming\FF32A6D9-ACAE-42F5-AE3C-A6CAF0BDEBA9\108C.tmp.exe
C:\Users\Lou\Documents\Downloads\ccsetup415.exe
C:\Users\Lou\Documents\Downloads\utorrent.exe
C:\Users\Lou\Documents\Downloads\Audio Tools\frostwire-5.1.5.windows.exe
C:\Users\Lou\Documents\Downloads\Audio Tools\iPod_Support_v3_07.exe
C:\Users\Lou\Documents\Downloads\Disc Tools\defragsetup.exe
C:\Users\Lou\Documents\Downloads\DVD stuff\SetupImgBurn_2.5.7.0.exe
C:\Users\Lou\Documents\Downloads\Microsoft\Microsoft Office Proffesional Plus 2010 Corporate Final Full Activated -NoGRp\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso
C:\Users\Lou\Documents\Downloads\Misc\IZArc4b1.exe
C:\Users\Lou\Documents\Downloads\Security\ccsetup415.exe
C:\Users\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe
C:\Users\Lou\Downloads\HSS-3.32-install-e-550-plain.exe
C:\Windows.old\Documents and Settings\Lou\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe
C:\Windows.old\Documents and Settings\Lou\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe
C:\Windows.old\Documents and Settings\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe
C:\Windows.old\Documents and Settings\Lou\Downloads\goback.exe
C:\Windows.old\Program Files (x86)\EaseUS\System GoBack Free\bin\PxeServer.dll
C:\Windows.old\Program Files (x86)\IObit\Driver Booster\DBPro.exe
C:\Windows.old\Users\Lou\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe
C:\Windows.old\Users\Lou\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe
C:\Windows.old\Users\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe
C:\Windows.old\Users\Lou\Downloads\goback.exe
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 1.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 2.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 20.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 49.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 5.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 6.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 8.zip
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

How is the computer now?

**by_accident** · 2015-12-04, 02:21

I have deleted the 4 files from the AMD folder.

FRST FixLog is as follows:

Fix result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Lou (2015-12-03 19:37:22) Run:2
Running from C:\Users\Lou\Desktop
Loaded Profiles: Lou (Available Profiles: Lou)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\$Recycle.Bin\how_recover+lti.html
C:\$Recycle.Bin\how_recover+lti.txt
C:\$Recycle.Bin\S-1-5-21-3388803297-3879758489-340360114-1000\$RUX8H7G.exe
C:\$SysReset\how_recover+lti.html
C:\$SysReset\how_recover+lti.txt
C:\$SysReset\Logs\how_recover+lti.html
C:\$SysReset\Logs\how_recover+lti.txt
C:\4b318d7c3ab90976e725c758\how_recover+lti.html
C:\4b318d7c3ab90976e725c758\how_recover+lti.txt
C:\81e9708521e86f94a234\how_recover+lti.html
C:\81e9708521e86f94a234\how_recover+lti.txt
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\OCSetupHlp.dll
C:\Users\Lou\AppData\Local\Microsoft\a1d22ec2-a20c-3ffc-249e-e044fe486761\399b743e-4d95-459b-bdf6-f9534a2066ef.exe
C:\Users\Lou\AppData\Roaming\FF32A6D9-ACAE-42F5-AE3C-A6CAF0BDEBA9\108C.tmp.exe
C:\Users\Lou\Documents\Downloads\ccsetup415.exe
C:\Users\Lou\Documents\Downloads\utorrent.exe
C:\Users\Lou\Documents\Downloads\Audio Tools\frostwire-5.1.5.windows.exe
C:\Users\Lou\Documents\Downloads\Audio Tools\iPod_Support_v3_07.exe
C:\Users\Lou\Documents\Downloads\Disc Tools\defragsetup.exe
C:\Users\Lou\Documents\Downloads\DVD stuff\SetupImgBurn_2.5.7.0.exe
C:\Users\Lou\Documents\Downloads\Microsoft\Microsoft Office Proffesional Plus 2010 Corporate Final Full Activated -NoGRp\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso
C:\Users\Lou\Documents\Downloads\Misc\IZArc4b1.exe
C:\Users\Lou\Documents\Downloads\Security\ccsetup415.exe
C:\Users\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe
C:\Users\Lou\Downloads\HSS-3.32-install-e-550-plain.exe
C:\Windows.old\Documents and Settings\Lou\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe
C:\Windows.old\Documents and Settings\Lou\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe
C:\Windows.old\Documents and Settings\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe
C:\Windows.old\Documents and Settings\Lou\Downloads\goback.exe
C:\Windows.old\Program Files (x86)\EaseUS\System GoBack Free\bin\PxeServer.dll
C:\Windows.old\Program Files (x86)\IObit\Driver Booster\DBPro.exe
C:\Windows.old\Users\Lou\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe
C:\Windows.old\Users\Lou\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe
C:\Windows.old\Users\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe
C:\Windows.old\Users\Lou\Downloads\goback.exe
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 1.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 2.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 20.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 49.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 5.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 6.zip
E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 8.zip
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\$Recycle.Bin\how_recover+lti.html => moved successfully
C:\$Recycle.Bin\how_recover+lti.txt => moved successfully
"C:\$Recycle.Bin\S-1-5-21-3388803297-3879758489-340360114-1000\$RUX8H7G.exe" => not found.
C:\$SysReset\how_recover+lti.html => moved successfully
C:\$SysReset\how_recover+lti.txt => moved successfully
C:\$SysReset\Logs\how_recover+lti.html => moved successfully
C:\$SysReset\Logs\how_recover+lti.txt => moved successfully
C:\4b318d7c3ab90976e725c758\how_recover+lti.html => moved successfully
C:\4b318d7c3ab90976e725c758\how_recover+lti.txt => moved successfully
C:\81e9708521e86f94a234\how_recover+lti.html => moved successfully
C:\81e9708521e86f94a234\how_recover+lti.txt => moved successfully
C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\OCSetupHlp.dll => moved successfully
C:\Users\Lou\AppData\Local\Microsoft\a1d22ec2-a20c-3ffc-249e-e044fe486761\399b743e-4d95-459b-bdf6-f9534a2066ef.exe => moved successfully
C:\Users\Lou\AppData\Roaming\FF32A6D9-ACAE-42F5-AE3C-A6CAF0BDEBA9\108C.tmp.exe => moved successfully
C:\Users\Lou\Documents\Downloads\ccsetup415.exe => moved successfully
C:\Users\Lou\Documents\Downloads\utorrent.exe => moved successfully
C:\Users\Lou\Documents\Downloads\Audio Tools\frostwire-5.1.5.windows.exe => moved successfully
C:\Users\Lou\Documents\Downloads\Audio Tools\iPod_Support_v3_07.exe => moved successfully
C:\Users\Lou\Documents\Downloads\Disc Tools\defragsetup.exe => moved successfully
C:\Users\Lou\Documents\Downloads\DVD stuff\SetupImgBurn_2.5.7.0.exe => moved successfully
C:\Users\Lou\Documents\Downloads\Microsoft\Microsoft Office Proffesional Plus 2010 Corporate Final Full Activated -NoGRp\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso => moved successfully
C:\Users\Lou\Documents\Downloads\Misc\IZArc4b1.exe => moved successfully
C:\Users\Lou\Documents\Downloads\Security\ccsetup415.exe => moved successfully
C:\Users\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe => moved successfully
C:\Users\Lou\Downloads\HSS-3.32-install-e-550-plain.exe => moved successfully
C:\Windows.old\Documents and Settings\Lou\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe => moved successfully
C:\Windows.old\Documents and Settings\Lou\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe => moved successfully
C:\Windows.old\Documents and Settings\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe => moved successfully
C:\Windows.old\Documents and Settings\Lou\Downloads\goback.exe => moved successfully
C:\Windows.old\Program Files (x86)\EaseUS\System GoBack Free\bin\PxeServer.dll => moved successfully
C:\Windows.old\Program Files (x86)\IObit\Driver Booster\DBPro.exe => moved successfully
"C:\Windows.old\Users\Lou\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe" => not found.
"C:\Windows.old\Users\Lou\AppData\Roaming\uTorrent\updates\3.4.1_30888.exe" => not found.
"C:\Windows.old\Users\Lou\Downloads\cbsidlm-cbsi176-PrintFolders-SEO-10067127.exe" => not found.
"C:\Windows.old\Users\Lou\Downloads\goback.exe" => not found.
"E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 1.zip" => not found.
"E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 2.zip" => not found.
"E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 20.zip" => not found.
"E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 49.zip" => not found.
"E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 5.zip" => not found.
"E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 6.zip" => not found.
"E:\LOU-PC\Backup Set 2015-11-30 175420\Backup Files 2015-11-30 175420\Backup files 8.zip" => not found.
EmptyTemp: => 3.8 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 19:39:43 ====

I wiped my E: drive as it was my backup drive. Dont want any nasties coming back.

I enabled my display driver and have not had a BSoD. Task manager and system restore are enabled as normal.

I hope this is the end. I am very grateful for your assistance. Thank you.

**Juliet** · 2015-12-04, 12:19

I enabled my display driver and have not had a BSoD. Task manager and system restore are enabled as normal.

I hope this is the end. I am very grateful for your assistance. Thank you.

Music to my ears.

Before we remove tools and quarantine folders, and I let you go let's see if you have outdated software.

Please run this security check.

Download Security Check by screen317 from here.
or these 2 other sites.
http://rocketgrannie.spywareinfoforu...urityCheck.exe
http://www.bleepingcomputer.com/download/securitycheck/

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

The above will check for outdated software.

I see several entries for Kaspersky that we can take out later just need to be sure.
RE: Antivirus program... I was using Panda free, but apparently it did not work very well.
I uninstalled with the Kaspersky uninstall tool. I have since reverted to Avast

I think we should also run another fresh FRST scan, post the logs, and let's get those remnants of other antivirus off the machine so you'll run into no conflicts there.

**by_accident** · 2015-12-05, 00:47

OK, ran the Security check and got an error. Rebooted, ran again... same error:
SC_error.PNG

Here are my current logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Lou (administrator) on LOU-PC (04-12-2015 18:23:10)
Running from C:\Users\Lou\Desktop
Loaded Profiles: Lou (Available Profiles: Lou)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\CardIcon\iconcs2268301.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(MSI CO.,LTD.) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6612072 2011-03-07] (Realtek Semiconductor)
HKLM\...\Run: [USBestCR] => C:\Program Files (x86)\CardIcon\iconcs2268301.exe [7373824 2015-08-16] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe [303104 2011-01-25] (TODO: <Company name>)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-02] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-02] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F3F01220-67D3-497D-81E7-D8217777E1F9}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-02] (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-02] (AVAST Software)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-08-31] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Docs) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Cast) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-11-21]
CHR Extension: (Google Search) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (Google Docs Offline) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (AdBlock) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-16]
CHR Extension: (Gmail) - C:\Users\Lou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2015-08-16] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-02] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-19] (IObit)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; winhttp.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-02] (AVAST Software)
S3 cpuz137; no ImagePath
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 npf; no ImagePath
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-07-12] (MSI)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2015-11-15] (Realtek Semiconductor Corporation )
S3 athur; system32\DRIVERS\athurx.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 18:23 - 2015-12-04 18:23 - 00011409 _____ C:\Users\Lou\Desktop\FRST.txt
2015-12-04 18:14 - 2015-12-04 18:14 - 00852720 _____ C:\Users\Lou\Downloads\SecurityCheck.exe
2015-12-04 18:14 - 2015-12-04 18:14 - 00852720 _____ C:\Users\Lou\Desktop\SecurityCheck.exe
2015-12-03 20:39 - 2015-12-03 20:39 - 01199856 _____ ( ) C:\Users\Lou\Downloads\hwmonitor_1.28.exe
2015-12-03 20:39 - 2015-12-03 20:39 - 00000941 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-12-03 20:39 - 2015-12-03 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-12-03 20:39 - 2015-12-03 20:39 - 00000000 ____D C:\Program Files\CPUID
2015-12-03 19:58 - 2015-12-03 19:58 - 00007607 _____ C:\Users\Lou\AppData\Local\Resmon.ResmonCfg
2015-12-03 07:52 - 2015-12-03 07:52 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 07:52 - 2015-12-03 07:52 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-03 06:59 - 2015-12-03 06:59 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-02 20:42 - 2015-12-03 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-02 20:42 - 2015-12-03 20:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-02 20:42 - 2015-12-02 20:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-02 20:39 - 2015-12-03 20:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-02 19:50 - 2015-12-02 19:48 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-02 19:49 - 2015-12-02 19:51 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-02 19:49 - 2015-12-02 19:49 - 00000000 ____D C:\Users\Lou\AppData\Roaming\AVAST Software
2015-12-02 19:49 - 2015-12-02 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-02 19:48 - 2015-12-02 19:48 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-02 19:48 - 2015-12-02 19:48 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-02 19:48 - 2015-12-02 19:48 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-02 19:48 - 2015-12-02 19:48 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-02 19:48 - 2015-12-02 19:48 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-02 19:48 - 2015-12-02 19:48 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-02 19:48 - 2015-12-02 19:48 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-02 19:48 - 2015-12-02 19:48 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-02 19:48 - 2015-12-02 19:48 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-02 19:47 - 2015-12-02 19:47 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-02 19:46 - 2015-12-02 19:47 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-02 19:37 - 2015-12-02 19:37 - 05084256 _____ (AVAST Software) C:\Users\Lou\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2015-12-02 18:57 - 2015-12-02 19:19 - 00000000 ____D C:\Users\Lou\AppData\Roaming\ProductData
2015-12-02 18:37 - 2015-12-03 20:47 - 00000000 ____D C:\AdwCleaner
2015-12-02 18:30 - 2015-12-03 19:39 - 00007436 _____ C:\Users\Lou\Desktop\Fixlog.txt
2015-12-01 17:41 - 2015-12-01 17:41 - 00262144 _____ C:\Windows\system32\config\elam
2015-12-01 17:39 - 2015-12-04 18:23 - 00000000 ____D C:\FRST
2015-12-01 17:39 - 2015-12-01 17:39 - 02350080 _____ (Farbar) C:\Users\Lou\Desktop\FRST64.exe
2015-12-01 17:38 - 2015-12-01 17:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LOU-PC-Windows-7-Ultimate-(64-bit).dat
2015-12-01 17:37 - 2015-12-01 17:37 - 00000000 ____D C:\RegBackup
2015-12-01 17:35 - 2015-12-01 17:35 - 04777232 _____ (Tweaking.com) C:\Users\Lou\Downloads\tweaking.com_registry_backup_setup.exe
2015-11-30 22:30 - 2015-12-02 18:32 - 00000008 __RSH C:\Users\Lou\ntuser.pol
2015-11-30 22:19 - 2015-11-30 22:19 - 00399360 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-11-30 22:18 - 2015-11-30 22:18 - 00381396 _____ C:\Users\Lou\AppData\Local\census.cache
2015-11-30 22:17 - 2015-11-30 22:17 - 00156399 _____ C:\Users\Lou\AppData\Local\ars.cache
2015-11-30 22:00 - 2015-11-30 22:00 - 00000036 _____ C:\Users\Lou\AppData\Local\housecall.guid.cache
2015-11-30 22:00 - 2015-05-29 02:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-11-30 19:24 - 2015-11-30 21:21 - 00000000 ____D C:\Program Files\AMD
2015-11-30 19:17 - 2015-11-30 19:20 - 300806184 _____ (AMD Inc.) C:\Users\Lou\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe
2015-11-30 18:42 - 2015-12-04 01:23 - 00000000 ____D C:\Windows\Minidump
2015-11-30 18:39 - 2015-12-01 17:33 - 00000000 ____H C:\ProgramData\@system.temp
2015-11-30 18:07 - 2015-12-03 19:38 - 00000000 ____D C:\Users\Lou\AppData\Roaming\FF32A6D9-ACAE-42F5-AE3C-A6CAF0BDEBA9
2015-11-30 18:07 - 2015-12-01 17:35 - 00000000 ____D C:\Users\Lou\AppData\Roaming\BrowserMe
2015-11-30 18:07 - 2015-11-30 18:07 - 00000254 _____ C:\Users\Lou\Documents\recover_file_iwdmcanxn.txt
2015-11-28 17:39 - 2015-11-28 17:39 - 00000000 ____D C:\Users\Lou\AppData\Local\ElevatedDiagnostics
2015-11-22 12:45 - 2015-11-22 12:45 - 00194817 _____ C:\Users\Lou\Downloads\EligibilityNotice.pdf
2015-11-15 14:55 - 2015-11-15 14:55 - 00004669 _____ C:\Users\Lou\Desktop\comcast.txt
2015-11-15 13:26 - 2015-11-15 13:26 - 00000000 ____D C:\Users\Lou\Downloads\Archer T4U_V1_141219
2015-11-15 13:02 - 2015-11-15 13:02 - 09736240 _____ (CyberGhost S.R.L. ) C:\Users\Lou\Downloads\CG_5.5.0.2_7.exe
2015-11-15 12:30 - 2015-11-15 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series
2015-11-15 12:29 - 2015-11-15 12:29 - 00000000 ____D C:\Windows\SysWOW64\STRING
2015-11-15 12:26 - 2015-11-15 12:26 - 24632480 _____ C:\Users\Lou\Downloads\mast-win-mg5300-1_1-ucd.exe
2015-11-15 10:11 - 2015-11-15 10:11 - 82821120 _____ C:\Windows\system32\config\software.iodefrag.bak
2015-11-15 10:11 - 2015-11-15 10:11 - 00225280 _____ C:\Windows\system32\config\default.iodefrag.bak
2015-11-15 10:11 - 2015-11-15 10:11 - 00024576 _____ C:\Windows\system32\config\security.iodefrag.bak
2015-11-15 10:11 - 2015-11-15 10:11 - 00024576 _____ C:\Windows\system32\config\sam.iodefrag.bak
2015-11-15 10:10 - 2015-11-15 10:10 - 50606080 _____ C:\Windows\system32\config\components.iodefrag.bak
2015-11-15 10:10 - 2015-11-15 10:10 - 00000000 ____H C:\asc_rdflag
2015-11-14 21:37 - 2015-11-14 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-11-14 20:56 - 2015-11-14 20:56 - 00000000 ____D C:\Users\Lou\Downloads\NETGEAR
2015-11-14 12:30 - 2015-11-14 12:31 - 170221752 _____ C:\Users\Lou\Downloads\Letters From The Labrinth + Digital Booklet.zip
2015-11-14 11:06 - 2015-10-20 10:00 - 14292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-14 11:06 - 2015-10-20 08:53 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-14 11:05 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-14 11:05 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-14 11:05 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-14 11:05 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-14 11:05 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-14 11:05 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-14 11:05 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-14 11:05 - 2015-10-20 10:01 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-14 11:05 - 2015-10-20 10:01 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-14 11:05 - 2015-10-20 10:00 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-14 11:05 - 2015-10-20 10:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-14 11:05 - 2015-10-20 08:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-14 11:05 - 2015-10-20 08:53 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-14 11:05 - 2015-10-20 08:53 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-14 11:05 - 2015-10-20 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-14 11:05 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-14 11:05 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-14 11:05 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-14 11:05 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-14 11:05 - 2015-10-15 14:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-14 11:05 - 2015-10-15 14:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-14 11:05 - 2015-10-15 13:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-14 11:05 - 2015-10-15 13:36 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-14 11:05 - 2015-10-15 13:11 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-11-14 11:05 - 2015-10-15 13:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-11-14 11:04 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-14 11:04 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-14 11:04 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-14 11:04 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-14 11:04 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-14 11:04 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-14 11:04 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-14 11:04 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-14 11:04 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-14 11:04 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-14 11:04 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-14 11:04 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-14 11:04 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-14 11:04 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-14 11:04 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-14 11:04 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-14 11:04 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-14 11:04 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-14 11:04 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-14 11:04 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-14 11:04 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-14 11:04 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-14 11:04 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-14 11:04 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-14 11:04 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-14 11:04 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-14 11:04 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-14 11:04 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-14 11:04 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-14 11:04 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-14 11:04 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-14 11:04 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-14 11:04 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-14 11:04 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-14 11:04 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-14 11:04 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-14 11:04 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-14 11:04 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-14 10:57 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-14 10:57 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-14 10:57 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-14 10:49 - 2014-10-16 09:27 - 00027424 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2015-11-14 10:35 - 2015-11-14 10:35 - 07942416 _____ (IObit ) C:\Users\Lou\Downloads\smart-defrag-setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 18:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-04 18:20 - 2015-08-16 14:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-04 18:18 - 2009-07-13 23:45 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-04 18:18 - 2009-07-13 23:45 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-04 18:16 - 2008-09-12 17:07 - 00000000 ____D C:\Users\Lou\Desktop\Virus and Protection
2015-12-04 18:13 - 2015-08-16 14:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-04 01:24 - 2014-07-12 14:10 - 00000000 ____D C:\Users\Lou\Documents\CCleaner
2015-12-04 01:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-03 21:13 - 2015-08-08 12:12 - 00000000 ____D C:\temp
2015-12-03 20:55 - 2009-07-14 00:13 - 00802762 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-03 20:48 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-03 19:38 - 2015-08-14 21:14 - 00000000 ___HD C:\$SysReset
2015-12-03 19:38 - 2015-08-02 14:20 - 00000000 ____D C:\81e9708521e86f94a234
2015-12-03 19:38 - 2011-07-16 11:27 - 00000000 ____D C:\4b318d7c3ab90976e725c758
2015-12-03 18:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-03 06:52 - 2008-09-13 19:17 - 00000000 ____D C:\Users\Lou\Documents\Herp
2015-12-03 06:52 - 2008-09-13 17:38 - 00000000 ____D C:\Users\Lou\Documents\Doc's
2015-12-03 00:20 - 2015-08-16 14:35 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 20:02 - 2008-09-12 19:40 - 00000000 ____D C:\Users\Lou\Desktop\Maintenance
2015-12-02 18:32 - 2015-10-25 11:29 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-12-02 18:32 - 2015-08-16 16:47 - 00000000 ____D C:\Users\Lou
2015-12-02 18:31 - 2015-08-19 22:08 - 00000000 ____D C:\Program Files (x86)\IObit
2015-12-02 18:30 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-02 18:12 - 2015-08-19 22:08 - 00000000 ____D C:\Users\Lou\AppData\Roaming\IObit
2015-12-01 14:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-01 08:01 - 2015-08-16 14:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 08:00 - 2015-08-16 14:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-01 07:47 - 2015-08-16 14:30 - 00109296 _____ C:\Users\Lou\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-01 07:47 - 2009-07-13 23:45 - 00415096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-01 07:27 - 2015-08-16 20:59 - 00000000 ____D C:\ProgramData\Panda Security
2015-12-01 07:27 - 2015-08-16 20:59 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-12-01 07:26 - 2015-08-16 21:00 - 00000000 ____D C:\Users\Lou\AppData\Roaming\Panda Security
2015-11-30 19:24 - 2015-08-16 14:26 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-11-30 19:22 - 2012-06-28 18:39 - 00000000 ____D C:\AMD
2015-11-30 18:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-11-28 12:12 - 2015-08-19 21:46 - 00000000 ____D C:\Program Files\CARCare
2015-11-28 11:57 - 2012-12-28 21:56 - 00000000 ____D C:\Users\Lou\Documents\Quicken
2015-11-28 11:33 - 2009-07-13 21:34 - 00000503 _____ C:\Windows\win.ini
2015-11-28 10:37 - 2015-09-07 13:50 - 00098756 _____ C:\Users\Lou\Documents\Port_#0005 Hub_#0004
2015-11-27 18:38 - 2015-08-16 14:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-23 18:28 - 2015-08-16 17:19 - 00000000 ____D C:\Windows\Panther
2015-11-22 12:47 - 2015-08-16 22:21 - 00000000 ____D C:\Windows\system32\MRT
2015-11-22 12:44 - 2015-08-16 22:21 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-22 12:44 - 2015-08-16 20:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-22 12:32 - 2015-08-16 20:54 - 00777980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-22 12:30 - 2009-07-14 02:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-21 17:23 - 2015-08-16 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-21 17:23 - 2015-08-16 21:25 - 00000000 ____D C:\ProgramData\Oracle
2015-11-21 17:23 - 2015-08-16 21:25 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-21 17:17 - 2015-08-29 16:54 - 00000000 ____D C:\Users\Lou\.oracle_jre_usage
2015-11-21 17:17 - 2015-08-16 21:26 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-11-15 13:26 - 2014-08-05 18:07 - 02978520 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2015-11-15 13:26 - 2014-08-05 18:07 - 00020184 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\system32\rtlCoInst.dll
2015-11-15 13:26 - 2014-05-12 23:12 - 00008099 _____ C:\Windows\system32\rtlCoInst.dat
2015-11-15 12:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-11-15 12:41 - 2015-08-24 17:55 - 00000000 ____D C:\Program Files (x86)\Canon
2015-11-14 21:37 - 2015-09-09 17:38 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-14 21:32 - 2015-09-09 17:39 - 00000000 ____D C:\Users\Lou\AppData\Local\Plex Media Server

==================== Files in the root of some directories =======

2015-11-30 22:17 - 2015-11-30 22:17 - 0156399 _____ () C:\Users\Lou\AppData\Local\ars.cache
2015-11-30 22:18 - 2015-11-30 22:18 - 0381396 _____ () C:\Users\Lou\AppData\Local\census.cache
2015-11-30 22:00 - 2015-11-30 22:00 - 0000036 _____ () C:\Users\Lou\AppData\Local\housecall.guid.cache
2015-12-03 19:58 - 2015-12-03 19:58 - 0007607 _____ () C:\Users\Lou\AppData\Local\Resmon.ResmonCfg
2015-11-30 18:39 - 2015-12-01 17:33 - 0000000 ____H () C:\ProgramData\@system.temp

Some files in TEMP:
====================
C:\Users\Lou\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD.

LastRegBack: 2015-12-01 14:39

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Lou (2015-12-04 18:23:39)
Running from C:\Users\Lou\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-08-16 21:47:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3388803297-3879758489-340360114-500 - Administrator - Disabled)
Guest (S-1-5-21-3388803297-3879758489-340360114-501 - Limited - Enabled)
Lou (S-1-5-21-3388803297-3879758489-340360114-1000 - Administrator - Enabled) => C:\Users\Lou

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Card Icon Program 1.7.0.0 (HKLM-x32\...\Card Icon Program_is1) (Version: - )
ccc-core-static (x32 Version: 2010.1125.2142.38865 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Metzcal 2.5.0 (HKLM-x32\...\Metzcal 2.5.0) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{24f6f734-f790-479b-bd0f-38409a456508}) (Version: 0.9.1219 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1219 - Plex, Inc.) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.8.8 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6334 - Realtek Semiconductor Corp.)
Registry Help Free (HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\Registry Help Free) (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
ResScan (HKLM-x32\...\{105A1073-76D9-4FDB-BEE0-7979D8C034EF}) (Version: 5.4.1 - ResMed Ltd)
Super-Charger (HKLM-x32\...\Super-Charger_is1) (Version: - MSI CO.,LTD.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

02-12-2015 18:47:30 JRT Pre-Junkware Removal
02-12-2015 21:52:24 Malwarebytes Anti-Rootkit Restore Point
03-12-2015 19:37:35 Restore Point Created by FRST
04-12-2015 01:25:38 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0435853C-5A18-4396-8614-3033043D8863} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {16728246-D373-4641-A5A7-00643074F654} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {418CF01D-D9AF-41D7-8FA7-314C0823B9A5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-02] (AVAST Software)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {DCF2D058-EDBA-4BCF-800B-EA789BD3A896} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {F504DAFA-C9E9-492F-B072-87DDCC859FCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-16] (Google Inc.)
Task: {F7AAA285-E563-418A-B73D-FBE181191639} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-16 21:45 - 2015-08-16 21:45 - 07373824 _____ () C:\Program Files (x86)\CardIcon\iconcs2268301.exe
2015-12-02 19:48 - 2015-12-02 19:48 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-02 19:48 - 2015-12-02 19:48 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-03 18:44 - 2015-12-03 18:44 - 02802176 _____ () C:\Program Files\AVAST Software\Avast\defs\15120301\algo.dll
2015-12-02 19:48 - 2015-12-02 19:48 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-04 18:13 - 2015-12-04 18:13 - 02802176 _____ () C:\Program Files\AVAST Software\Avast\defs\15120403\algo.dll
2015-12-02 19:48 - 2015-12-02 19:48 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-03 00:20 - 2015-11-24 03:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-03 00:20 - 2015-11-24 03:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3388803297-3879758489-340360114-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3388803297-3879758489-340360114-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0F339F85-7794-4C5F-AA63-F2C806B69F96}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{2B17BE19-888F-40A3-8E5E-3A0A9F91BC12}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{54FB2E3D-C329-4A0F-A0F6-1D8494664C3B}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{2E36AF0C-0F5E-44FC-952C-C6375F7F732B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2015 07:51:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/03/2015 07:51:06 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (3628) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (12/03/2015 07:51:06 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (3628) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/03/2015 07:37:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d2e06ba1-3ce1-4398-9424-567da8b367e2}

Error: (12/03/2015 06:58:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/03/2015 06:57:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/03/2015 06:57:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/03/2015 06:59:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/03/2015 06:59:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/03/2015 06:59:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

System errors:
=============
Error: (12/04/2015 05:08:28 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (12/03/2015 08:48:36 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (12/03/2015 08:48:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (12/03/2015 08:47:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/03/2015 08:47:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/03/2015 08:47:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SNMP Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/03/2015 08:47:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Simple TCP/IP Services service terminated unexpectedly. It has done this 1 time(s).

Error: (12/03/2015 08:47:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/03/2015 08:47:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/03/2015 08:47:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz
Percentage of memory in use: 18%
Total physical RAM: 8150.38 MB
Available physical RAM: 6640.56 MB
Total Virtual: 16298.96 MB
Available Virtual: 13888.18 MB

==================== Drives ================================

Drive c: (Main Drive ) (Fixed) (Total:931.5 GB) (Free:677.28 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Fixed) (Total:931.51 GB) (Free:484.84 GB) NTFS
Drive j: (Maxtor 300gb) (Fixed) (Total:298.07 GB) (Free:138.32 GB) NTFS
Drive l: (Backup of Maxtor) (Fixed) (Total:596.16 GB) (Free:427.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 661BBF3B)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: EFE7EFE7)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 99F64612)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 0060DACC)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

**Juliet** · 2015-12-05, 02:53

OK, ran the Security check and got an error. Rebooted, ran again... same error

Don't worry about it, was to check for currrent versions of Java and Adobe and I think they are OK.

Very little found remaining for Panda and IObit.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-19] (IObit)
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
2015-11-14 10:49 - 2014-10-16 09:27 - 00027424 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2015-11-14 10:35 - 2015-11-14 10:35 - 07942416 _____ (IObit ) C:\Users\Lou\Downloads\smart-defrag-setup.exe
2015-12-02 18:31 - 2015-08-19 22:08 - 00000000 ____D C:\Program Files (x86)\IObit
2015-12-02 18:12 - 2015-08-19 22:08 - 00000000 ____D C:\Users\Lou\AppData\Roaming\IObit
2015-12-01 07:27 - 2015-08-16 20:59 - 00000000 ____D C:\ProgramData\Panda Security
2015-12-01 07:27 - 2015-08-16 20:59 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-12-01 07:26 - 2015-08-16 21:00 - 00000000 ____D C:\Users\Lou\AppData\Roaming\Panda Security
C:\Users\Lou\AppData\Local\Temp\sqlite3.dll
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

This should be the end of it.

Ready to remove tools and quarantine folders?

**by_accident** · 2015-12-05, 03:51

Fix result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Lou (2015-12-04 21:35:36) Run:3
Running from C:\Users\Lou\Desktop
Loaded Profiles: Lou (Available Profiles: Lou)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-19] (IObit)
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
2015-11-14 10:49 - 2014-10-16 09:27 - 00027424 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2015-11-14 10:35 - 2015-11-14 10:35 - 07942416 _____ (IObit ) C:\Users\Lou\Downloads\smart-defrag-setup.exe
2015-12-02 18:31 - 2015-08-19 22:08 - 00000000 ____D C:\Program Files (x86)\IObit
2015-12-02 18:12 - 2015-08-19 22:08 - 00000000 ____D C:\Users\Lou\AppData\Roaming\IObit
2015-12-01 07:27 - 2015-08-16 20:59 - 00000000 ____D C:\ProgramData\Panda Security
2015-12-01 07:27 - 2015-08-16 20:59 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-12-01 07:26 - 2015-08-16 21:00 - 00000000 ____D C:\Users\Lou\AppData\Roaming\Panda Security
C:\Users\Lou\AppData\Local\Temp\sqlite3.dll
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKCR\PROTOCOLS\Filter\application/octet-stream" => key removed successfully
"HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => key removed successfully
"HKCR\PROTOCOLS\Filter\application/x-complus" => key removed successfully
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => key not found.
"HKCR\PROTOCOLS\Filter\application/x-msdownload" => key removed successfully
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => key not found.
LiveUpdateSvc => service removed successfully
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => moved successfully
C:\Windows\system32\RegistryDefragBootTime.exe => moved successfully
C:\Users\Lou\Downloads\smart-defrag-setup.exe => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Users\Lou\AppData\Roaming\IObit => moved successfully
C:\ProgramData\Panda Security => moved successfully
C:\Program Files (x86)\Panda Security => moved successfully
C:\Users\Lou\AppData\Roaming\Panda Security => moved successfully
C:\Users\Lou\AppData\Local\Temp\sqlite3.dll => moved successfully
EmptyTemp: => 22.9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 21:36:13 ====

Ready to continue

**Juliet** · 2015-12-05, 13:16

DelFix

Please download DelFix or from Here and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~~~``

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malwareby quietman7, MVP

The following programmes come highly recommended in the security community.

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secuina PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Want to help others? Join the ClassRoom and learn how.

**by_accident** · 2015-12-06, 06:48

Things are back to normal here. I am very grateful. Thank you Juliet for all your assistance.

Sincerely,
Lou

Thread: BSoD, Task Manager & system restore disabled among other problems.

Thread Tools

Display

Posting Permissions