Possible infections. Please help :)
***Addition.txt was too large to attach so i have added to this post***
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
Ran by Rick (administrator) on 26NC-PC (27-04-2016 09:30:07)
Running from C:\Users\Rick\Desktop
Loaded Profiles: Rick (Available Profiles: Rick)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7834656 2009-06-02] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-02] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [Check Point Endpoint Security] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe [738824 2010-09-26] (Check Point Software Technologies)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\Run: [Google Update] => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2010912 2015-11-17] (IObit)
HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-12-19]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2016-04-27]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 170.198.40.65 170.198.78.65
Tcpip\..\Interfaces\{2C4C7ED0-6783-40CB-8052-DED17AC0FAD8}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B03AE1B0-8357-40AE-803B-242412DBD29A}: [DhcpNameServer] 109.249.185.224 109.249.188.32
Tcpip\..\Interfaces\{E0223885-1943-4AE8-8DC4-C8F81DDEB5BB}: [DhcpNameServer] 170.198.40.65 170.198.78.65
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_dsites03_14_22_ch&cd=2XzuyEtN2Y1L1QzuyDyEtAtAyD0AtCzyzy0DtD0EzyyE0FtCtN0D0Tzu0SzzyBzytN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtCtCtD0CzyyEtAtGyDyCyB0EtGyCtDyEtCtGtC0BtByEtGyEtC0ByD0ByEzzzy0EtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Fzy0DtDyBzzzytGyB0CyB0FtGtAyDzz0DtG0E0DtCtDtGtAtD0FyC0C0A0F0FtCtB0FtA2Q&cr=161536708&ir=
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001 -> DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites03_14_22_ch&cd=2XzuyEtN2Y1L1QzuyDyEtAtAyD0AtCzyzy0DtD0EzyyE0FtCtN0D0Tzu0SzzyBzytN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtCtCtD0CzyyEtAtGyDyCyB0EtGyCtDyEtCtGtC0BtByEtGyEtC0ByD0ByEzzzy0EtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Fzy0DtDyBzzzytGyB0CyB0FtGtAyDzz0DtG0E0DtCtDtGtAtD0FyC0C0A0F0FtCtB0FtA2Q&cr=161536708&ir=
SearchScopes: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites03_14_22_ch&cd=2XzuyEtN2Y1L1QzuyDyEtAtAyD0AtCzyzy0DtD0EzyyE0FtCtN0D0Tzu0SzzyBzytN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtCtCtD0CzyyEtAtGyDyCyB0EtGyCtDyEtCtGtC0BtByEtGyEtC0ByD0ByEzzzy0EtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Fzy0DtDyBzzzytGyB0CyB0FtGtAyDzz0DtG0E0DtCtDtGtAtD0FyC0C0A0F0FtCtB0FtA2Q&cr=161536708&ir=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-26] (Microsoft Corporation)
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-01-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-04-26] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-01-04] (Oracle Corporation)
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-04-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-04] (Oracle Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-gb.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: linkscanner - No CLSID Value
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-26] (Microsoft Corporation)
Handler: skype4com - No CLSID Value
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-26] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-01-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll [2012-03-07] (Virgin Media)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll [2012-03-07] (Virgin Media)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1546463944-2749064583-3027644177-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1546463944-2749064583-3027644177-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-05-04] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-09-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-09-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-09-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-09-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-09-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-09-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-09-09] (Apple Inc.)
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-09-16] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-12-14] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010-04-02] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-05-14] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-09-26] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-11-10] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-08] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-18] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-07-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-10-03] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR Plugin: (Native Client) - C:\Users\Rick\AppData\Local\Google\Chrome\Application\50.0.2661.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Rick\AppData\Local\Google\Chrome\Application\50.0.2661.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Rick\AppData\Local\Google\Chrome\Application\50.0.2661.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npatgpc.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll => No File
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Service Manager) - C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Rick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Rapport) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-27]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-09-16]
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Virgin Media\Service Manager\ChromeExtension.crx [2014-12-21]
StartMenuInternet: Google Chrome - C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [827680 2015-11-04] (IObit)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-06-04] (Creative Labs) [File not signed]
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-06-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
S3 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S4 HsdService; C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [1406264 2011-03-23] (Virgin Media)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 ServicepointService; C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [10294584 2012-03-07] (Radialpoint SafeCare Inc.)
S3 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [4142608 2010-09-26] (Check Point Software Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-09-08] (REALiX(tm))
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2015-01-04] (JMicron Technology Corp.)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (hxxp://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-11] (Windows (R) Codename Longhorn DDK provider)
R3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2010-09-26] (Check Point Software Technologies)
R1 vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [457264 2010-09-13] (Check Point Software Technologies Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-27 09:30 - 2016-04-27 09:30 - 00029940 _____ C:\Users\Rick\Desktop\FRST.txt
2016-04-27 09:28 - 2016-04-27 07:34 - 02376192 _____ (Farbar) C:\Users\Rick\Desktop\FRST64.exe
2016-04-27 09:27 - 2016-04-27 09:27 - 00029999 _____ C:\Users\Rick\Downloads\FRST.txt
2016-04-27 09:26 - 2016-04-27 09:30 - 00000000 ____D C:\FRST
2016-04-27 09:25 - 2016-04-27 09:25 - 00000207 _____ C:\Windows\tweaking.com-regbackup-26NC-PC-Windows-7-Home-Premium-(64-bit).dat
2016-04-27 09:25 - 2016-04-27 09:25 - 00000000 ____D C:\RegBackup
2016-04-27 09:24 - 2016-04-27 09:25 - 00017981 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-04-27 09:24 - 2016-04-27 09:24 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-04-27 09:24 - 2016-04-27 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-04-27 09:24 - 2016-04-27 09:24 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-27 08:34 - 2016-04-27 08:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-27 08:34 - 2016-04-27 08:34 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-04-27 08:15 - 2016-04-27 08:15 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-04-27 08:15 - 2016-04-27 08:15 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-04-27 08:15 - 2016-04-27 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-04-27 08:14 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-04-27 08:07 - 2016-04-27 08:07 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-27 08:07 - 2016-04-27 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-27 07:54 - 2016-04-27 07:54 - 00001890 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-04-27 07:54 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-04-27 07:53 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-04-27 07:53 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-04-27 07:53 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-04-27 07:53 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-04-27 07:53 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-04-27 07:53 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-04-27 07:53 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-04-27 07:53 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2016-04-27 07:53 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2016-04-27 07:53 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-04-27 07:53 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-04-27 07:53 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-04-27 07:53 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-04-27 07:53 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-04-27 07:53 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-04-27 07:53 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-04-27 07:53 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-04-27 07:46 - 2016-04-27 07:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Rick\Downloads\spybot-2.4.exe
2016-04-27 07:45 - 2016-04-27 07:45 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-27 07:45 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-04-27 07:40 - 2016-02-01 20:08 - 00114624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-27 07:40 - 2016-02-01 19:59 - 03243008 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-27 07:40 - 2016-02-01 19:59 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-04-27 07:40 - 2016-02-01 19:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-04-27 07:40 - 2016-02-01 19:56 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-27 07:40 - 2016-02-01 19:56 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-27 07:40 - 2016-02-01 19:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-27 07:40 - 2016-02-01 19:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-04-27 07:40 - 2016-02-01 19:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-04-27 07:40 - 2016-02-01 19:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-04-27 07:40 - 2015-08-05 18:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-04-27 07:40 - 2015-08-05 18:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-04-27 07:39 - 2015-12-16 19:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-04-27 07:39 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-04-27 07:39 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-04-27 07:39 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-04-27 07:39 - 2015-12-16 19:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-04-27 07:39 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-04-27 07:39 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-04-27 07:39 - 2015-12-16 19:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-04-27 07:38 - 2016-03-09 20:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-04-27 07:38 - 2016-03-09 20:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-04-27 07:38 - 2016-03-09 19:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-04-27 07:38 - 2016-03-09 19:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-04-27 07:38 - 2016-03-09 19:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-04-27 07:38 - 2016-03-09 19:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-04-27 07:34 - 2016-04-27 07:35 - 05198336 _____ (AVAST Software) C:\Users\Rick\Downloads\aswMBR.exe
2016-04-27 07:34 - 2016-04-27 07:34 - 02376192 _____ (Farbar) C:\Users\Rick\Downloads\FRST64.exe
2016-04-27 07:34 - 2016-02-05 19:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-27 07:34 - 2016-02-05 19:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-27 07:34 - 2016-02-05 18:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-27 07:34 - 2015-06-03 21:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-27 07:33 - 2016-04-27 07:33 - 05523840 _____ (Tweaking.com) C:\Users\Rick\Downloads\tweaking.com_registry_backup_setup.exe
2016-04-26 22:00 - 2016-04-26 22:00 - 00002156 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-04-26 22:00 - 2016-04-26 22:00 - 00002104 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-04-26 22:00 - 2016-04-26 22:00 - 00002104 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-04-26 22:00 - 2016-04-26 22:00 - 00000000 ___RD C:\Users\Rick\OneDrive
2016-04-26 22:00 - 2016-04-26 22:00 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-04-26 22:00 - 2016-04-26 22:00 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-04-26 18:19 - 2016-03-29 18:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-26 18:19 - 2016-03-16 01:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-26 18:19 - 2016-03-16 01:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-26 18:19 - 2016-03-16 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-26 18:19 - 2016-01-21 01:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-26 18:18 - 2016-03-18 00:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-26 18:18 - 2016-03-17 23:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-26 18:18 - 2016-03-17 23:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-26 18:18 - 2016-03-17 23:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-26 18:18 - 2016-03-17 23:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-26 18:18 - 2016-03-17 23:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-26 18:18 - 2016-03-16 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-26 18:18 - 2016-03-16 19:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-26 18:18 - 2016-03-16 19:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-26 18:18 - 2016-03-06 19:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-26 18:18 - 2016-03-06 19:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-26 18:18 - 2016-03-06 19:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-26 18:18 - 2016-03-06 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-26 18:18 - 2016-02-02 19:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-26 18:17 - 2016-03-18 00:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-26 18:17 - 2016-03-18 00:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-26 18:17 - 2016-03-18 00:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-26 18:17 - 2016-03-18 00:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-26 18:17 - 2016-03-18 00:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-26 18:17 - 2016-03-17 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-26 18:17 - 2016-03-17 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-26 18:17 - 2016-03-17 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-26 18:17 - 2016-03-17 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-26 18:17 - 2016-03-17 23:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-26 18:17 - 2016-03-17 23:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-26 18:17 - 2016-03-17 23:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-26 18:17 - 2016-03-17 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-26 18:17 - 2016-03-17 23:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-26 18:17 - 2016-03-17 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-26 18:17 - 2016-03-17 23:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-26 18:17 - 2016-03-17 23:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-26 18:17 - 2016-03-17 23:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-26 18:17 - 2016-03-17 23:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-26 18:17 - 2016-03-17 23:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-26 18:17 - 2016-03-17 23:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-26 18:17 - 2016-03-17 23:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-26 18:17 - 2016-03-17 23:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-26 18:17 - 2016-03-17 23:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-26 18:17 - 2016-03-17 23:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-26 18:17 - 2016-03-17 23:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-26 18:17 - 2016-03-17 23:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-26 18:17 - 2016-03-17 23:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-26 18:17 - 2016-03-17 23:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-26 18:17 - 2016-03-17 23:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-26 18:17 - 2016-03-17 23:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-26 18:17 - 2016-03-17 23:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-26 18:17 - 2016-03-17 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-26 18:17 - 2016-03-17 23:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-26 18:17 - 2016-03-17 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-26 18:17 - 2016-03-17 23:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-26 18:17 - 2016-03-17 23:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-26 18:17 - 2016-03-17 23:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-26 18:17 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-26 18:17 - 2016-03-17 23:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-26 18:17 - 2016-03-17 23:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-26 18:17 - 2016-03-17 23:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-26 18:17 - 2016-03-17 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-26 18:17 - 2016-03-17 23:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-26 18:17 - 2016-03-17 23:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 22:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-26 18:17 - 2016-03-17 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-26 18:17 - 2016-03-17 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-26 18:17 - 2016-03-17 22:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-26 18:17 - 2016-03-17 22:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-26 18:17 - 2016-03-17 22:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-26 18:17 - 2016-03-17 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-26 18:17 - 2016-03-17 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-26 18:17 - 2016-03-17 22:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-26 18:17 - 2016-03-17 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-26 18:17 - 2016-03-17 22:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-26 18:17 - 2016-03-17 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-26 18:17 - 2016-03-17 22:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-26 18:17 - 2016-03-17 22:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-26 18:17 - 2016-03-17 22:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-26 18:17 - 2016-03-17 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-26 18:17 - 2016-03-17 22:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-26 18:17 - 2016-03-17 22:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 22:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 22:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-26 18:17 - 2016-03-17 22:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-26 18:16 - 2016-04-04 19:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-26 18:16 - 2016-04-04 19:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-26 18:16 - 2016-04-02 14:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-26 18:16 - 2016-03-31 20:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-26 18:16 - 2016-03-31 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-26 18:16 - 2016-03-31 01:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-26 18:16 - 2016-03-31 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-26 18:16 - 2016-03-31 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-26 18:16 - 2016-03-31 01:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-26 18:16 - 2016-03-31 01:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-26 18:16 - 2016-03-31 01:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-26 18:16 - 2016-03-31 01:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-26 18:16 - 2016-03-31 01:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-26 18:16 - 2016-03-31 01:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-26 18:16 - 2016-03-31 01:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-26 18:16 - 2016-03-31 01:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-26 18:16 - 2016-03-31 01:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-26 18:16 - 2016-03-31 01:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-26 18:16 - 2016-03-31 01:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-26 18:16 - 2016-03-31 01:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-26 18:16 - 2016-03-31 01:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-26 18:16 - 2016-03-31 01:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-26 18:16 - 2016-03-31 01:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-26 18:16 - 2016-03-31 01:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-26 18:16 - 2016-03-31 01:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-26 18:16 - 2016-03-31 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-26 18:16 - 2016-03-31 01:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-26 18:16 - 2016-03-31 00:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-26 18:16 - 2016-03-31 00:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-26 18:16 - 2016-03-31 00:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-26 18:16 - 2016-03-31 00:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-26 18:16 - 2016-03-31 00:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-26 18:16 - 2016-03-31 00:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-26 18:16 - 2016-03-31 00:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-26 18:16 - 2016-03-31 00:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-26 18:16 - 2016-03-31 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-26 18:16 - 2016-03-31 00:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-26 18:16 - 2016-03-31 00:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-26 18:16 - 2016-03-31 00:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-26 18:16 - 2016-03-31 00:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-26 18:16 - 2016-03-31 00:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-26 18:16 - 2016-03-31 00:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-26 18:16 - 2016-03-31 00:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-26 18:16 - 2016-03-31 00:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-26 18:16 - 2016-03-31 00:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-26 18:16 - 2016-03-31 00:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-26 18:16 - 2016-03-31 00:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-26 18:16 - 2016-03-31 00:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-26 18:16 - 2016-03-31 00:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-26 18:16 - 2016-03-31 00:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-26 18:16 - 2016-03-31 00:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-26 18:16 - 2016-03-31 00:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-26 18:16 - 2016-03-31 00:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-26 18:16 - 2016-03-31 00:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-26 18:16 - 2016-03-31 00:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-26 18:16 - 2016-03-31 00:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-26 18:16 - 2016-03-31 00:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-26 18:16 - 2016-03-31 00:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-26 18:16 - 2016-03-31 00:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-26 18:16 - 2016-03-31 00:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-26 18:16 - 2016-03-31 00:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-26 18:16 - 2016-03-31 00:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-26 18:16 - 2016-03-31 00:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-26 18:16 - 2016-03-31 00:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-26 18:16 - 2016-03-31 00:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-26 18:16 - 2016-03-31 00:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-26 18:16 - 2016-03-31 00:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-26 18:16 - 2016-03-31 00:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-26 18:16 - 2016-03-31 00:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-26 18:16 - 2016-03-23 15:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-26 18:16 - 2016-03-17 19:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-26 18:16 - 2016-03-17 19:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-26 18:16 - 2016-03-17 19:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-26 18:16 - 2016-03-17 19:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-26 18:15 - 2016-03-11 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-26 18:15 - 2016-03-11 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-26 18:14 - 2016-04-26 18:14 - 00002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-04-26 18:14 - 2016-04-26 18:14 - 00002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-04-26 18:14 - 2016-04-26 18:14 - 00002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-04-26 18:14 - 2016-04-26 18:14 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-04-26 18:14 - 2016-04-26 18:14 - 00002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-04-26 18:14 - 2016-04-26 18:14 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-04-26 18:14 - 2016-04-26 18:14 - 00002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-04-26 18:14 - 2016-04-26 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-04-26 18:02 - 2016-04-26 18:26 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-26 18:02 - 2016-04-26 18:02 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-04-26 17:58 - 2016-04-26 17:58 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-26 17:57 - 2016-04-26 17:57 - 03300032 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\Setup.X86.en-US_O365HomePremRetail_478be9af-bf0c-4dad-b2c3-69d4b16f4dc2_TX_DB_.exe
2016-04-26 14:15 - 2016-04-26 14:15 - 05934784 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-04-26 14:12 - 2016-04-26 14:12 - 00000000 ____D C:\Users\Rick\Desktop\Megan
2016-04-26 14:06 - 2016-04-26 14:06 - 00000000 ____D C:\Users\Rick\Desktop\Alfie
2016-04-26 12:43 - 2016-04-26 12:43 - 00000000 ____D C:\Program Files\Realtek
2016-04-26 12:42 - 2016-04-26 12:43 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-04-03 08:12 - 2016-04-03 08:12 - 00635120 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-04-03 08:12 - 2016-04-03 08:12 - 00390408 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-04-03 08:12 - 2016-04-03 08:12 - 00333080 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-04-03 08:12 - 2016-04-03 08:12 - 00088808 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-04-03 06:26 - 2016-04-03 06:26 - 00439536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-04-03 06:26 - 2016-04-03 06:26 - 00267016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-04-03 06:26 - 2016-04-03 06:26 - 00243480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-04-03 06:26 - 2016-04-03 06:26 - 00085232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-27 09:15 - 2012-08-14 16:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-27 09:10 - 2012-08-16 18:05 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1003UA.job
2016-04-27 08:59 - 2009-11-11 20:43 - 00000000 ____D C:\Users\Rick\AppData\Roaming\Skype
2016-04-27 08:58 - 2012-06-22 08:17 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1001UA.job
2016-04-27 08:43 - 2016-02-13 15:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-04-27 08:43 - 2009-11-10 07:03 - 00000000 ____D C:\Windows\Panther
2016-04-27 08:36 - 2015-01-03 11:44 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-04-27 08:34 - 2009-11-12 23:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-27 08:33 - 2009-11-12 23:53 - 00000000 ____D C:\ProgramData\Adobe
2016-04-27 08:31 - 2009-07-14 05:45 - 00023072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-27 08:31 - 2009-07-14 05:45 - 00023072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-27 08:27 - 2013-03-29 07:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-27 08:17 - 2009-07-14 06:13 - 00786662 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-27 08:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-04-27 08:14 - 2013-03-29 07:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-27 08:11 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-27 08:09 - 2010-06-04 13:27 - 00061160 _____ C:\Windows\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-60021102}.rfx
2016-04-27 08:09 - 2010-06-04 13:27 - 00061160 _____ C:\Windows\system32\BMXState-{00000005-00000000-00000000-00001102-00000005-60021102}.rfx
2016-04-27 08:09 - 2010-06-04 13:27 - 00000788 _____ C:\Windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000005-60021102}.rfx
2016-04-27 08:08 - 2005-12-10 22:47 - 00002282 _____ C:\Users\Rick\Documents\Default.rdp
2016-04-27 08:07 - 2009-11-11 20:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-27 08:06 - 2009-11-11 20:43 - 00000000 ____D C:\ProgramData\Skype
2016-04-27 08:05 - 2013-08-25 03:02 - 00000000 ____D C:\Windows\system32\MRT
2016-04-27 07:59 - 2014-09-27 08:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-27 07:55 - 2009-11-09 23:15 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-27 07:54 - 2013-09-15 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-04-27 07:54 - 2012-06-28 09:07 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-04-27 07:53 - 2014-09-27 08:17 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2016-04-27 04:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-04-27 03:28 - 2009-07-14 05:45 - 00479416 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-27 03:25 - 2014-12-11 04:38 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-26 23:58 - 2012-06-22 08:17 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1001Core.job
2016-04-26 22:00 - 2009-11-09 23:56 - 00127424 _____ C:\Users\Rick\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-26 22:00 - 2009-11-09 23:11 - 00000000 ____D C:\Users\Rick
2016-04-26 18:10 - 2012-08-16 18:05 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1003Core.job
2016-04-26 18:02 - 2009-11-11 21:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-26 18:02 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-26 17:47 - 2014-12-27 11:18 - 00002362 _____ C:\Users\Rick\Desktop\Google Chrome.lnk
2016-04-26 17:47 - 2012-06-22 08:18 - 00002370 _____ C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-26 14:20 - 2010-04-02 11:08 - 00000000 ____D C:\Program Files (x86)\BookSmart
2016-04-26 14:16 - 2012-08-14 16:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-26 14:16 - 2012-04-10 08:10 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-26 14:16 - 2011-06-03 12:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-26 14:14 - 2012-08-22 10:33 - 00000000 ____D C:\Users\Kate
2016-04-26 14:13 - 2009-11-24 19:32 - 00000000 ____D C:\Users\Megan.26NC-PC
2016-04-26 14:11 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2016-04-26 14:07 - 2010-06-23 08:16 - 00000000 ____D C:\Users\Alfie.26NC-PC
2016-04-26 13:54 - 2011-01-16 11:21 - 00000000 ____D C:\Program Files\WinRAR
2016-04-26 13:50 - 2015-11-30 11:55 - 00002260 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-04-26 13:37 - 2011-02-05 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-04-26 13:33 - 2015-01-04 12:58 - 00000000 ____D C:\ProgramData\ProductData
2016-04-26 13:31 - 2009-07-14 08:45 - 00000000 ____D C:\Windows\ShellNew
2016-04-26 13:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-26 13:25 - 2009-07-14 03:34 - 00000387 _____ C:\Windows\win.ini
2016-04-26 13:19 - 2009-11-10 00:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-26 13:17 - 2015-03-26 20:33 - 00000000 ____D C:\Program Files (x86)\UltraISO
2016-04-26 13:17 - 2011-03-08 22:02 - 00000000 ____D C:\Users\Rick\AppData\Local\Unity
2016-04-26 13:14 - 2011-11-03 13:00 - 00000000 ____D C:\ProgramData\VMware
2016-04-26 12:54 - 2011-11-03 13:17 - 00000000 ____D C:\Users\Rick\AppData\Roaming\VMware
2016-04-22 08:57 - 2009-11-09 23:22 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2011-09-28 19:05 - 2011-07-17 10:37 - 0161744 _____ () C:\Program Files (x86)\u4res.dll
2015-01-14 22:46 - 2015-01-14 22:46 - 0000005 _____ () C:\Users\Rick\AppData\Roaming\mbam.context.scan
2012-08-22 09:51 - 2012-08-22 09:53 - 0038450 _____ () C:\Users\Rick\AppData\Roaming\Microsoft Excel 97-2003.ADR
2014-03-15 16:49 - 2015-02-08 21:47 - 0000767 _____ () C:\Users\Rick\AppData\Roaming\Safer-Networking.log
2012-08-22 09:48 - 2012-08-22 09:48 - 0038457 _____ () C:\Users\Rick\AppData\Roaming\Tab Separated Values (Windows).ADR
2010-03-15 00:56 - 2014-04-08 08:23 - 0036352 _____ () C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-13 10:00 - 2015-10-25 14:37 - 0007600 _____ () C:\Users\Rick\AppData\Local\resmon.resmoncfg
2010-03-18 09:43 - 2011-06-30 14:25 - 0017408 _____ () C:\Users\Rick\AppData\Local\WebpageIcons.db
2009-11-10 00:02 - 2009-11-10 00:23 - 0001863 _____ () C:\Users\Rick\AppData\Local\Win7_tmp1.htm
2011-09-01 10:37 - 2011-09-01 10:37 - 0000011 _____ () C:\ProgramData\.tv5
2015-01-10 11:33 - 2015-01-10 11:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-11-11 20:44 - 2009-11-11 20:44 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some files in TEMP:
====================
C:\Users\Rick\AppData\Local\Temp\i4jdel0.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-27 00:38
==================== End of FRST.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-04-27 10:06:07
-----------------------------
10:06:07.299 OS Version: Windows x64 6.1.7601 Service Pack 1
10:06:07.299 Number of processors: 2 586 0x170A
10:06:07.299 ComputerName: 26NC-PC UserName: Rick
10:06:08.484 Initialize success
10:06:08.562 VM: initialized successfully
10:06:08.562 VM: Intel CPU supported
10:06:09.972 VM: supported disk I/O ataport.SYS
10:06:51.196 AVAST engine defs: 16042700
10:07:18.918 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:07:18.918 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
10:07:19.043 Disk 0 MBR read successfully
10:07:19.058 Disk 0 MBR scan
10:07:19.105 Disk 0 Windows 7 default MBR code
10:07:19.105 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
10:07:19.136 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 161792
10:07:19.167 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31619072
10:07:19.167 Disk 0 default boot code
10:07:19.214 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 594940 MB offset 31823872
10:07:19.292 Disk 0 scanning C:\Windows\system32\drivers
10:07:39.666 Service scanning
10:08:20.663 Modules scanning
10:08:20.663 Disk 0 trace - called modules:
10:08:20.678 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
10:08:20.678 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800496c060]
10:08:20.694 3 CLASSPNP.SYS[fffff8800196e43f] -> nt!IofCallDriver -> [0xfffffa80044b5520]
10:08:20.694 5 ACPI.sys[fffff88000ee27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80044a9060]
10:08:22.238 AVAST engine scan C:\Windows
10:08:26.466 AVAST engine scan C:\Windows\system32
10:14:33.285 AVAST engine scan C:\Windows\system32\drivers
10:14:53.737 AVAST engine scan C:\Users\Rick
11:17:35.491 File: C:\Users\Rick\Downloads\MineCraftSetup.exe **INFECTED** Win32:Adware-gen [Adw]
11:46:00.173 AVAST engine scan C:\ProgramData
12:06:57.609 Disk 0 statistics 6577158/0/0 @ 0.72 MB/s
12:06:57.625 Scan finished successfully
12:14:48.766 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat"
12:14:48.826 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt"
_____________________________________________________
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by Rick (2016-04-27 09:31:17)
Running from C:\Users\Rick\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2009-11-09 22:11:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1546463944-2749064583-3027644177-500 - Administrator - Disabled)
Guest (S-1-5-21-1546463944-2749064583-3027644177-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1546463944-2749064583-3027644177-1008 - Limited - Enabled)
Rick (S-1-5-21-1546463944-2749064583-3027644177-1001 - Administrator - Enabled) => C:\Users\Rick
Sonos (S-1-5-21-1546463944-2749064583-3027644177-1009 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.0.3 - IObit)
Amazon Music (HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Check Point Endpoint Security (HKLM-x32\...\{f508ae38-2d20-413e-a55c-58c86661f045}) (Version: 5.41.0000 - CheckPoint)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.12 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Freemake Video Converter version 4.0.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
HD Writer AE 3.0 (HKLM-x32\...\{5678B15A-504C-4A79-8554-05488A206E41}) (Version: 3.00.019.1033 - Panasonic Corporation)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Lame ACM MP3 Codec (HKLM-x32\...\LameACM) (Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{3E061CBA-1DBB-45DD-8873-D100072ADCAD}) (Version: 3.0.215.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Paddy Power Poker (HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\Paddy Power Poker) (Version: - )
Paddy Power Poker Odds Calculator 1.4.2 (HKLM-x32\...\Paddy Power Poker Odds Calculator_is1) (Version: - hxxp://www.paddypowerpoker.com)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Radialpoint Dashboard Patch version 13.12.23.29994 (x32 Version: 13.12.23.29994 - ) Hidden
Radialpoint Security Advisor 2.5.23 (x32 Version: 2.5.23 - Radialpoint SafeCare Inc.) Hidden
Rapport (Version: 3.5.1201.78 - Trusteer) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5864 - Realtek Semiconductor Corp.)
SDFormatter (HKLM-x32\...\{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}) (Version: 3.0.0 - SD Association)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.83040 - Sonos, Inc.)
SoundFont Bank Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Virgin Media Digital Home Support 2.1.27 (HKLM-x32\...\RadialpointHomeSecurityDashboard_is1) (Version: 2.1.27 - Virgin Media)
Virgin Media Service Manager 4.1.18 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.18 - Virgin Media)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Rick\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Rick\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rick\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07D72C71-3F48-46BE-92A4-602CD22149E7} - System32\Tasks\{C1298050-8BC3-45B0-8A56-307A8158AC35} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.0.105/en/abandoninstall?page=tsProgressBar
Task: {16B77572-9657-46A6-8CD6-C6AB3681F9F6} - System32\Tasks\{9C2DBA6F-D5D5-4933-A015-E17DE7567B28} => Chrome.exe
Task: {19BF5E15-9014-4150-93A7-23B13F9DC821} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-26] (Microsoft Corporation)
Task: {2163A028-6112-4E42-80E3-0DBA6CCA9DB0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {23C93B7C-BCF7-4355-B71A-B9CE9068F577} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {25C87722-6651-41BE-B054-1811FC20A2FE} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\Windows\vVX3000.exe [2009-06-30] (Microsoft Corporation)
Task: {2CFE7F9E-DA63-4294-9E76-2605A1E4EBF7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {32A927D6-16EA-4B83-9837-ABCC99BFCF5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1001UA => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3400BAC0-7307-4D7A-AD3A-42B7D827E0CA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {49A65AB9-9668-4257-ABC7-18DAD346E8DC} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL hxxp://go.microsoft.com/fwlink/?LinkID=130646
Task: {4C4AF11F-B015-4C80-A213-C145E00457EC} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {53D818FE-D732-4732-AAB0-9A2D01830E92} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {5A12C689-586E-4EEC-B480-64300F80ACD2} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2015-12-09] (IObit)
Task: {61446A49-A7EC-4894-90AC-04A2FFA9D59B} - System32\Tasks\{F5C7AFDA-F11F-47D4-9331-48CBA93BCB9C} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25] (Skype Technologies S.A.)
Task: {6805C922-4F0F-4B4A-BBD9-7DB6F19E55AB} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {69572C0C-982F-45F3-9FD3-1071920231F7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {6D7C155F-0DA6-43E8-9AB7-1A87645E9AA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {78727D69-EA1D-4A0B-A704-C1D7B3E74FCD} - System32\Tasks\{7F80AA18-D849-4DD0-AE05-68A935A42EA6} => Chrome.exe
Task: {790D0989-3A5C-4A4A-A4EC-F85BB932F13F} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {80206FD1-B6C9-455E-A5C2-3F40F995BB8D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1001Core => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {83575EEF-C98D-4F88-B8A3-148168525BAC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {88751E9A-9D38-4409-8B3B-C42E8C104F49} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {96C8B7E2-2C60-4D2A-B1A9-D9FB89C0299C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {9F78821A-20D8-4D36-93D6-EB1C8F72F547} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1003UA => C:\Users\Megan.26NC-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {ACE26122-5BEE-4C6F-9239-7C3D897934FE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {BE98C32D-A4A8-4819-90A8-AC5BF93A105A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {BE991105-EA33-4333-AA37-61E1382093D3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {C66008FB-28D4-4ADC-9F8A-8F60E80D930C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.)
Task: {CB2BA0D1-7FA7-47F6-AC4C-C91BAD86199B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {DC90B7CE-9B45-424A-B0F1-FD46007D5437} - System32\Tasks\{B4877708-E411-4A61-AB2E-9B033B5E4E30} => Chrome.exe hxxp://ui.skype.com/ui/0/6.7.0.102/en/abandoninstall?page=tsProgressBar
Task: {E5689785-1F05-43F3-AE22-4B4FF2A72D0A} - System32\Tasks\Driver Booster SkipUAC (Rick) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {EAE98BFF-23D4-472F-97FF-5F786BCFC9AF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
Task: {EC92874D-83F4-4F2E-871C-3C6459FC5121} - System32\Tasks\{E707D03C-180A-48AF-9A9A-EEC1ADB56EB4} => pcalua.exe -a "J:\work stuff\MICROSOFT_OFFICE_2003_SP3\SETUPPRO.EXE" -d "J:\work stuff\MICROSOFT_OFFICE_2003_SP3"
Task: {EF264819-FC67-4C67-9491-1F783F2C8B96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-26] (Adobe Systems Incorporated)
Task: {F70DC25D-42D9-48CD-8AAB-40F7A5A6CD67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {F74DB374-12E3-49F8-A2E6-ADE57971953B} - System32\Tasks\ASC9_SkipUac_Rick => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2015-11-23] (IObit)
Task: {FB9686B3-1E39-4BEB-8EC5-4F9C1B1D715D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1003Core => C:\Users\Megan.26NC-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1003Core.job => C:\Users\Megan.26NC-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1003UA.job => C:\Users\Megan.26NC-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1001Core.job => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1001UA.job => C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2013-03-17 12:56 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-26 17:58 - 2016-04-03 04:34 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-04-26 18:15 - 2016-04-26 18:15 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-09-29 21:32 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2013-06-18 16:49 - 2013-06-18 16:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-30 00:08 - 2013-04-30 00:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-11-30 11:55 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2015-11-30 11:55 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2015-11-30 11:55 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2015-11-30 11:55 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2015-11-30 11:55 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2010-09-26 19:55 - 2010-09-26 19:55 - 04993024 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Connect\QtGui4.dll
2010-09-26 19:55 - 2010-09-26 19:55 - 01302528 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Connect\QtCore4.dll
2010-09-26 19:55 - 2010-09-26 19:55 - 00028672 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Connect\imageformats\qgif4.dll
2016-04-27 08:14 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-27 08:14 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-04-27 08:14 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-27 08:14 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-04-27 08:14 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-04-26 17:47 - 2016-04-20 22:08 - 01738904 _____ () C:\Users\Rick\AppData\Local\Google\Chrome\Application\50.0.2661.87\libglesv2.dll
2016-04-26 17:47 - 2016-04-20 22:08 - 00086168 _____ () C:\Users\Rick\AppData\Local\Google\Chrome\Application\50.0.2661.87\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:30FD0CBD [140]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\...\1-se.com -> 1-se.com
There are 11334 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2013-03-26 23:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1546463944-2749064583-3027644177-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 170.198.40.65 - 170.198.78.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: HsdService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ServicepointService => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk => C:\Windows\pss\HD Writer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PURE FlowServer Tray Control.lnk => C:\Windows\pss\PURE FlowServer Tray Control.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Rick\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BrowserPlugInHelper => C:\Program Files (x86)\iSkysoft\Video Converter Ultimate\BrowserPlugInHelper.exe
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Rick\AppData\Local\Apps\2.0\T0347KBA.ZGA\NPGLN71V.TWJ\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe
MSCONFIG\startupreg: DHSClient.exe => "C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
MSCONFIG\startupreg: Google Update => "C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PocketCloud Location => "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ServiceManager.exe => "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Rick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_16_Plus_Download_Version\TrayServer.exe
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B2CD908F-7AF5-4EA0-88E6-162D6EDBFA63}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{2FC14784-85A2-4D4C-9C73-71D454F08852}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{F53277DC-0579-4088-80A5-D1AD55413680}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{911C0133-B72A-4C0A-A502-D9CD46D10C27}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{874AFD7F-D1E1-4289-94C4-8C8740822609}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{6F5EB494-58CF-4F67-8898-63D736D81B47}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{B8BC7303-B815-4691-9A89-5A7B9D2C2C8B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{16AF1336-75DB-4B1C-AE2C-E17CDFAE1860}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{46717982-C47E-4105-8E2A-13BF4ECD57AB}] => (Allow) svchost.exe
FirewallRules: [{6C624442-FEEF-4C55-B3DD-CE6617A11CA2}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{E779213D-9E5B-44A0-A497-729137A69FCE}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{51AA7582-24D1-48CB-8534-F2ABCCC24A8E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6E120D4C-3ED2-420A-96FC-1379E557A714}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6160661-AC55-4007-8927-17A31FBD48E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57AE438F-6A4F-489E-9BB0-E3E11F867A2E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{38A70D34-CB84-40C2-A2E3-E98F1FADDDC8}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{B61C5741-0D24-4DB8-9E02-8F86E178A73A}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{65DFC6F4-4E84-41CB-8F66-49E49D920FE7}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
FirewallRules: [{684C3CE7-A6E8-4E69-B684-C76F06FF1B3F}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
FirewallRules: [{31D750A0-424C-47F4-A964-CA67BDC241FE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1BD1022E-1B08-4614-B7A1-3BDAE023D26A}] => (Allow) LPort=2869
FirewallRules: [{52D39082-ED17-4DCC-89B9-13FC64973FC4}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{A85BC356-DA05-4F26-A230-6D0930DFBE97}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{85ABBCE8-C995-4C72-8D83-0E60035FB028}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{D198A511-4F31-4B7E-8C6C-162A2BD5EEC2}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6B4EA716-8F47-4449-A2F9-09E32548DAF9}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3F467F47-4F9F-46AC-8DC4-BF3796F177B7}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A15BB27E-18E1-41E9-963C-26092F06BBD3}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{0B84EC33-3B57-4A53-994C-98F92D949B8B}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{A563DD2F-1F38-44E8-82A5-6E81791B3AF0}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{05210DE5-FD90-40CE-A347-15654B8EBF91}] => (Allow) C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
FirewallRules: [{30D760D9-9CA0-4B90-B786-EF9A120637C1}] => (Allow) C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
FirewallRules: [{3AB3536D-15BF-4AEC-8342-C3148FA71166}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{53E6C85E-A393-4CF1-9117-4AA75135973E}C:\users\rick\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\rick\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{1A2AD225-BA0C-4C85-B34A-AD30A535B090}C:\users\rick\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\rick\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{DB03F45F-1D0B-4811-B54B-8147EF178BAE}] => (Block) C:\users\rick\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{F5D4D684-5C32-4B2E-8E73-40C1F2175EFD}] => (Block) C:\users\rick\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{4647EC11-63BC-4718-B110-ADC9601A22FC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6AC3FAC4-44F4-494F-8F96-D299F28F76C0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{435C6D44-B45A-4AA2-AE7D-6890B807F9D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{14E510E1-2C6D-4A6B-AE3A-E6573F4A535C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B5EE20B-5CD9-4913-8D3F-15F4037E500F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5E805568-2152-4B21-B928-D2299DC59AB0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4220B33-9E60-4035-82E5-025B47AFF5EB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{252617A7-0060-4CD9-B3F6-29BD97EE5911}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{5ED7B25B-209E-4A5F-934A-244FAE9606C9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
27-04-2016 03:00:17 Windows Update
27-04-2016 07:41:19 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2016 09:29:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 25.4.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 15d4
Start Time: 01d1a05e8440d424
Termination Time: 76
Application Path: C:\Users\Rick\Downloads\FRST64.exe
Report Id: 04e26d6a-0c52-11e6-95f1-54335a199d0e
Error: (04/27/2016 07:43:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 50.0.2661.87, time stamp: 0x5717d482
Faulting module name: chrome.dll, version: 50.0.2661.87, time stamp: 0x5717cdd0
Exception code: 0xc0000005
Fault offset: 0x0002f29e
Faulting process id: 0x23c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Error: (04/26/2016 02:14:22 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: 26NC-PC)
Description: Windows cannot delete the profile directory C:\Users\Kate. This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty.
Error: (04/26/2016 02:13:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: 26NC-PC)
Description: Windows cannot delete the profile directory C:\Users\Megan.26NC-PC. This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty.
Error: (04/26/2016 02:07:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: 26NC-PC)
Description: Windows cannot delete the profile directory C:\Users\Alfie.26NC-PC. This error may be caused by files in this directory being used by another program.
DETAIL - The directory is not empty.
Error: (04/26/2016 02:07:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 3.5.0.0, time stamp: 0x4f2058d9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000176db901a
Faulting process id: 0x143c
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Error: (04/26/2016 01:22:53 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
Context: Application, SystemIndex Catalog
Error: (04/26/2016 01:01:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dismhost.exe, version: 6.1.7601.18489, time stamp: 0x53882a0d
Faulting module name: drvstore.dll_unloaded, version: 0.0.0.0, time stamp: 0x54e43955
Exception code: 0xc0000005
Fault offset: 0x000007feeb76ddee
Faulting process id: 0x1514
Faulting application start time: 0xdismhost.exe0
Faulting application path: dismhost.exe1
Faulting module path: dismhost.exe2
Report Id: dismhost.exe3
Error: (04/26/2016 12:50:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 3.5.0.0, time stamp: 0x4f2058d9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000176f2901a
Faulting process id: 0x6fc
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Error: (03/25/2016 11:10:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 49.0.2623.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: a95c
Start Time: 01d1867d710296ae
Termination Time: 0
Application Path: C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
Report Id: b8477e52-f271-11e5-9f1d-005056c00008
System errors:
=============
Error: (04/27/2016 08:44:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Upgrade to Windows 10 Home, version 1511, 10586.
Error: (04/27/2016 08:08:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (04/27/2016 12:19:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Upgrade to Windows 10 Home, version 1511, 10586.
Error: (04/26/2016 05:42:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053
Error: (04/26/2016 05:42:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (04/26/2016 02:01:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (04/26/2016 01:52:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}
Error: (04/26/2016 01:18:21 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding740{D5641912-E47A-429C-879E-CFE13EAC7A13}
Error: (03/25/2016 11:14:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
Error: (03/25/2016 05:02:00 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.215.2627.0
Update Source: %NT AUTHORITY51
Update Stage: 4.9.0218.00
Source Path: 4.9.0218.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
CodeIntegrity:
===================================
Date: 2014-09-23 12:40:44.505
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-23 12:40:44.334
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-23 12:40:35.820
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-23 12:40:35.646
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-01-18 14:46:44.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.
Date: 2014-01-18 14:46:43.943
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.
Date: 2014-01-18 14:46:43.693
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\amd64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_4aab2ef0a7c319c5_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.
Date: 2014-01-18 14:46:29.856
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_cbaba9e478a137a8\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-18 14:46:29.591
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_cbaba9e478a137a8\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-01-18 14:46:29.326
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_cbaba9e478a137a8\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 52%
Total physical RAM: 4095.18 MB
Available physical RAM: 1934.36 MB
Total Virtual: 10235.37 MB
Available Virtual: 7660.29 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:581 GB) (Free:252.42 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:3.87 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
AdwCleaner
Run as administrator to run the programme.
Scan.
Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Clean.
ESET Online Scan
. If no threats were found, skip the next two bullet points.
and save the file to your Desktop, naming it something such as "MyEsetScan".
and click 
.
Garmin keygen was old and never used.
DelFix
