Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows8.1 slowing down, AI_RecycleBin


  • Please log in to reply
10 replies to this topic

#1 shmish

shmish

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 25 April 2015 - 05:03 PM

Hello,

 

Over the past few months my computer has been slowing down. I've uninstalled programs I don't use, cleared out cache files (ccleaner type actions), and have tried to disable services I don't need. I say "tried" because even though I disable some services, a few still seem to show up as a running process.

 

I have 4gb of ram (this is a notebook), so more ram would help but I'd think 4gb ram would suffice.

 

The slowness is not particularly web oriented.  The notebook is slower to come out of sleep, slower to open explorer and display the file tree, etc.

 

I also have some folders created on my NAS shared drives that say "AI_RecycleBin".  This could be some malware, I'm not sure. But I think the computer was slowing down long before I first noticed the AI_RecycleBin.



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 25 April 2015 - 05:28 PM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install Ccleaner. Now that you have the program installed go ahead and run the cleaner function.
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 shmish

shmish
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 26 April 2015 - 06:39 PM

MWAV:

25 Apr 2015 20:42:25 [12e0] - **********************************************************
25 Apr 2015 20:42:25 [12e0] - MWAV - eScanAV AntiVirus Toolkit.
25 Apr 2015 20:42:25 [12e0] - Copyright © MicroWorld Technologies
25 Apr 2015 20:42:25 [12e0] - **********************************************************
25 Apr 2015 20:42:25 [12e0] - Source: C:\Users\dougw_000\Desktop\mwav.exe
25 Apr 2015 20:42:25 [12e0] - Version 14.0.178 (C:\USERS\DOUGW_000\APPDATA\LOCAL\TEMP\MEXE.COM)
25 Apr 2015 20:42:25 [12e0] - Log File: C:\Users\dougw_000\AppData\Local\Temp\MWAV.LOG
25 Apr 2015 20:42:25 [12e0] - MWAV Registered: TRUE
25 Apr 2015 20:42:25 [12e0] - User Account: dougw_000 (Administrator Mode)
25 Apr 2015 20:42:25 [12e0] - OS Type: Windows Workstation [InstallType: Client]
25 Apr 2015 20:42:25 [12e0] - OS: Windows 8.1 64-Bit [OS Install Date: 19 Oct 2013 14:11:19]
25 Apr 2015 20:42:25 [12e0] - Ver: Professional Build 9200
25 Apr 2015 20:42:25 [12e0] - System Up Time: 5 Days, 0 Hour, 39 Minutes, 46 Seconds


25 Apr 2015 20:42:25 [12e0] - Windows Root  Folder: C:\WINDOWS
25 Apr 2015 20:42:25 [12e0] - Windows Sys32 Folder: C:\WINDOWS\system32
25 Apr 2015 20:42:25 [12e0] - DHCP NameServer: 208.122.23.22 208.122.23.23
25 Apr 2015 20:42:25 [12e0] - Interface0 DHCPNameServer: 208.122.23.22 208.122.23.23
25 Apr 2015 20:42:25 [12e0] - Interface1 DHCPNameServer: 192.168.1.254
25 Apr 2015 20:42:25 [12e0] - Local Fixed Drives: c:\,q:\
25 Apr 2015 20:42:25 [12e0] - MWAV Mode(A): Scan and Clean files (for viruses, adware and spyware)
25 Apr 2015 20:42:25 [12e0] - [CREATED ZIP FILE: C:\Users\dougw_000\AppData\Local\Temp\pinfect.zip]
25 Apr 2015 20:42:25 [12e0] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
25 Apr 2015 20:42:29 [12e0] - ** Changed Value of "HKEY_CLASSES_ROOT\.scr" from "DWGTrueViewScriptFile" to "scrfile"
25 Apr 2015 20:42:29 [12e0] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\dougw_000\AppData\Local\Temp\ESCANDB.LOG]
25 Apr 2015 20:42:32 [12e0] - Loaded/Created FileScan Cache Database...
25 Apr 2015 20:42:32 [12e0] - Loading AV Library [DB]...
25 Apr 2015 20:45:51 [12e0] - ArchiveScan: DISABLED
25 Apr 2015 20:45:53 [12e0] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
25 Apr 2015 20:45:53 [12e0] - MWAV doing self scanning...
25 Apr 2015 20:45:54 [12e0] - MWAV files are clean.
25 Apr 2015 20:46:00 [12e0] - ArchiveScan: DISABLED
25 Apr 2015 20:46:01 [12e0] - Virus Database Date: 02 Mar 2015
25 Apr 2015 20:46:01 [12e0] - Virus Database Count: 6701505
25 Apr 2015 20:46:01 [12e0] - Sign Version: 7.59505 [518257]
25 Apr 2015 20:46:10 [12e0] - Downloading AntiVirus and Anti-Spyware Databases...
25 Apr 2015 20:52:07 [12e0] - Update Successful...
25 Apr 2015 20:52:21 [12e0] - Indexed Spyware Databases Successfully Created...
25 Apr 2015 20:52:22 [12e0] - Old Sign Version: 7.59505    New Sign Version: 7.60290
25 Apr 2015 20:52:40 [12e0] - Reload of AntiVirus Signatures successfully done.
25 Apr 2015 20:52:40 [12e0] - Virus Database Date: 25 Apr 2015
25 Apr 2015 20:52:40 [12e0] - Virus Database Count: 5719723
25 Apr 2015 20:52:40 [12e0] - Sign Version: 7.60290 [519042]
 
25 Apr 2015 20:53:06 [12e0] - **********************************************************
25 Apr 2015 20:53:06 [12e0] - MWAV - eScanAV AntiVirus Toolkit.
25 Apr 2015 20:53:06 [12e0] - Copyright © MicroWorld Technologies
25 Apr 2015 20:53:06 [12e0] -
25 Apr 2015 20:53:06 [12e0] - Support: support@escanav.com
25 Apr 2015 20:53:06 [12e0] - Web: http://www.escanav.com
25 Apr 2015 20:53:06 [12e0] - **********************************************************
25 Apr 2015 20:53:06 [12e0] - Version 14.0.178[DB] (C:\USERS\DOUGW_000\APPDATA\LOCAL\TEMP\MEXE.COM)
25 Apr 2015 20:53:06 [12e0] - Log File: C:\Users\dougw_000\AppData\Local\Temp\MWAV.LOG
25 Apr 2015 20:53:06 [12e0] - User Account: dougw_000 (Administrator Mode)
25 Apr 2015 20:53:06 [12e0] - Windows Root  Folder: C:\WINDOWS
25 Apr 2015 20:53:06 [12e0] - Windows Sys32 Folder: C:\WINDOWS\system32
25 Apr 2015 20:53:06 [12e0] - OS: Windows 8.1 64-Bit [OS Install Date: 19 Oct 2013 14:11:19]
25 Apr 2015 20:53:06 [12e0] - Ver: Professional Build 9200
25 Apr 2015 20:53:06 [12e0] - Latest Date of files inside MWAV: Mon Mar  2 17:13:53 2015.
 
25 Apr 2015 20:53:06 [098c] - Options Selected by User:
25 Apr 2015 20:53:06 [098c] - Memory Check: Enabled
25 Apr 2015 20:53:06 [098c] - Registry Check: Enabled
25 Apr 2015 20:53:06 [098c] - StartUp Folder Check: Enabled
25 Apr 2015 20:53:06 [098c] - System Folder Check: Enabled
25 Apr 2015 20:53:06 [098c] - Services Check: Enabled
25 Apr 2015 20:53:06 [098c] - Scan Spyware: Enabled
25 Apr 2015 20:53:06 [098c] - Scan Archives: Disabled
25 Apr 2015 20:53:06 [098c] - Drive Check: Enabled
25 Apr 2015 20:53:06 [098c] - All Drive Check :Disabled
25 Apr 2015 20:53:06 [098c] - Drive Selected = C:\
25 Apr 2015 20:53:06 [098c] - Folder Check: Disabled
25 Apr 2015 20:53:06 [098c] - SCAN: All_Files [ANSI]
25 Apr 2015 20:53:06 [098c] - MWAV Mode( B): Scan and Clean files (for viruses, adware and spyware)
 
25 Apr 2015 20:53:06 [098c] - Scanning DNS Records...
25 Apr 2015 20:53:06 [098c] - Scanning Master Boot Record (User)...
25 Apr 2015 20:53:06 [098c] - Scanning Logical Boot Records...
25 Apr 2015 20:53:08 [098c] - ***** Scanning For Hidden Rootkit Processes *****
25 Apr 2015 20:53:08 [098c] - ***** Scanning For Hidden Rootkit Services *****
 
25 Apr 2015 20:53:15 [098c] - ***** Scanning Memory Files *****
 
25 Apr 2015 20:53:32 [098c] - ***** Scanning Registry Files *****
25 Apr 2015 20:53:49 [098c] - ERROR(3)!!! Invalid Entry Akamai NetSession Interface = "C:\Users\dougw_000\AppData\Local\Akamai\netsession_win.exe" (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
25 Apr 2015 20:53:49 [098c] - ERROR(3)!!! Invalid Entry  Maintance = "C:\Program Files\\net1.exe" windowsStartup (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
 
25 Apr 2015 20:53:51 [098c] - ***** Scanning StartUp Folders *****
25 Apr 2015 20:54:23 [05cc] - ScanFile (C:\Users\dougw_000\AppData\Roaming\AdvertismentImages\html\1912146.html) took 5360 ms
25 Apr 2015 21:00:35 [0644] - ScanFile (C:\ProgramData\Microsoft\Windows\LocationProvider\edbres00002.jrs) took 6281 ms
25 Apr 2015 21:00:35 [09e4] - ScanFile (C:\ProgramData\Microsoft\Windows\LocationProvider\edbres00001.jrs) took 6297 ms
25 Apr 2015 21:01:13 [05cc] - C:\ProgramData\PASCO Scientific\ResourceFiles.rc not Scanned. Possibly password protected...
 
25 Apr 2015 21:01:30 [098c] - ***** Scanning Service Files *****
25 Apr 2015 21:02:19 [098c] - Giving rights(a) to [HKLM64\SYSTEM\CurrentControlSet\Services\TrkWks].
25 Apr 2015 21:02:25 [098c] - ERROR(2)!!! Invalid Entry \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\VBoxNetFlt.
 
25 Apr 2015 21:02:34 [098c] - ***** Scanning Registry and File system for Adware/Spyware *****
25 Apr 2015 21:02:34 [098c] - Loading Spyware Signatures from new External Database [Name: C:\Users\DOUGW_~1\AppData\Local\Temp\spydb.avs, Size: 464724]...
25 Apr 2015 21:02:34 [098c] - Indexed Spyware Databases Successfully Created...
 
25 Apr 2015 21:05:43 [098c] - Offending file found: C:\Users\dougw_000\Documents\v9\notes\add.php
25 Apr 2015 21:05:43 [098c] - System found infected with DSK Trojan Spyware/Adware (add.php)! Action taken: File Deleted.
25 Apr 2015 21:05:43 [098c] - Object "DSK Trojan Spyware/Adware" found in File System! Action Taken: File Deleted.

25 Apr 2015 21:05:43 [098c] - Offending file found: C:\Users\dougw_000\Documents\v9\search\add.php
25 Apr 2015 21:05:43 [098c] - System found infected with DSK Trojan Spyware/Adware (add.php)! Action taken: File Deleted.
25 Apr 2015 21:05:43 [098c] - Object "DSK Trojan Spyware/Adware" found in File System! Action Taken: File Deleted.

 
25 Apr 2015 21:05:57 [098c] - ***** Scanning Registry Files *****
25 Apr 2015 21:05:59 [098c] - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
25 Apr 2015 21:05:59 [098c] - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
25 Apr 2015 21:05:59 [098c] - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
25 Apr 2015 21:05:59 [098c] - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
25 Apr 2015 21:05:59 [098c] - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
25 Apr 2015 21:05:59 [098c] - ** Value in 64-bit HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
25 Apr 2015 21:05:59 [098c] - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
25 Apr 2015 21:05:59 [098c] - ** Value in 64-bit HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
 
25 Apr 2015 21:05:59 [098c] - ***** Scanning System32 Folders *****
 
25 Apr 2015 21:07:25 [15ac] - Scanning File C:\Users\dougw_000\AppData\Local\Temp\MWZ1768.tmp
 
25 Apr 2015 21:08:03 [098c] - ***** Scanning Drive C:\ *****
25 Apr 2015 21:08:04 [12e8] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R1NLR8E.40 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [05cc] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R07IAM4.jpg not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [1f38] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R187XTL.22 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [05cc] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R27OL82\The Battle for Skandia (113)\metadata.opf not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [1f38] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R27OL82\The Battle for Skandia (113)\cover.jpg not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [1f38] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R27OL82\The Icebound Land (112)\cover.jpg not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [12e8] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R27OL82\The Icebound Land (112)\The Icebound Land - John A. Flanagan.epub not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [09e4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R3IJSZC.27 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [21a4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R37A684.13 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [05cc] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R27OL82\The Icebound Land (112)\metadata.opf not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0644] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R4T3QNB.34 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0d28] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R5EPY63.9 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [15ac] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R460G3F.41 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [09e4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R7NJP76.36 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0644] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R95LZG9.35 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [05cc] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R8JKSTF.epub not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [1f38] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R6JC9OG.16 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [12e8] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R6ZSGIS.14 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [15ac] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R9UQP6B.19 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [21a4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R7UR10A.12 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0d28] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R99VDIJ.11 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [09e4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$R9XUU71.37 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0d28] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RDBWM84\Sarah's Key (115)\metadata.opf not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [21a4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RDBWM84\Sarah's Key (115)\Sarah's Key - Tatiana de Rosnay.epub not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0644] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RBHBNT3.1 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [05cc] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RCAA6OY.14 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [12e8] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RDTVRV8.3 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [09e4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$REBJQ10.28 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [15ac] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RDKTUI5.31 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [1f38] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RE3G95B.jpg not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [21a4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RHG5Y1W.43 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0d28] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RG7E8FJ.17 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0644] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RHLIHIA.jpg not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [05cc] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RHVWAVO.23 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [09e4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RLAYQAC.pdf not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0644] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RIZ63Q3\Emancipation Day (116)\Emancipation Day - Wayne Grady.epub not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [12e8] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RIO1BGL.26 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0d28] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RIZ63Q3\Emancipation Day (116)\metadata.opf not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [15ac] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RJZWKHF.21 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [21a4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RJ51X21.4 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [1f38] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RJU30G4.5 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0d28] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RQ5EYJN.29 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [09e4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RO3GYEU.18 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [15ac] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RQCCNYM.8 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0644] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$ROUCSWA.42 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [12e8] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RPOZE0M.17 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [21a4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RQEOMMT.39 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [05cc] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RN8C6RK.jpg not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [1f38] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RR5V6D7.10 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [15ac] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RRVADDD.15 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [09e4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RRJD7EB.30 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0644] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RRWGNP3.7 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [12e8] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RRYVI0A.32 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [05cc] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RV38EFZ.33 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [21a4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RUNCJY3.jpg not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0d28] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RRFY8DL.15 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [1f38] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RW9KN5D.38 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [15ac] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RXPVEVI.20 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [12e8] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RYJX91C.16 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0644] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RY30B9B.24 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [05cc] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RZ2DIHZ.6 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [09e4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RY08RMY.jpg not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [05cc] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RZ5OER2\Still Life (114)\Still Life - Louise Penny.epub not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [09e4] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RZ5OER2\Still Life (114)\metadata.opf not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [0644] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RZ6AHPZ.jpg not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [1f38] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RZXD3HU.2 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [15ac] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RZSUP26.25 not Scanned. Possibly password protected...
25 Apr 2015 21:08:04 [12e8] - C:\$Recycle.Bin\S-1-5-21-3830325116-2081136293-929780250-1000\$RZF953I.pdf not Scanned. Possibly password protected...
25 Apr 2015 21:08:37 [05cc] - C:\Autodesk\WI\Autodesk Inventor 2014\x64\Components\DWGVIEWER\Program Files\DWG TrueView 2014\pdfnet.res not Scanned. Possibly password protected...
25 Apr 2015 21:12:39 [09e4] - C:\Autodesk\WI\Autodesk Inventor 2014\x86\en-US\Components\adr2013\program files\Autodesk\Autodesk Design Review 2013\EComposite\pdfnet.res not Scanned. Possibly password protected...
25 Apr 2015 21:13:30 [21a4] - ScanFile (C:\DRIVERS\WIN\VIDEO\Graphics\igdfcl32.dll) took 8719 ms
25 Apr 2015 21:18:04 [0d28] - ScanFile (C:\Garmin\MapSource.exe) took 7500 ms
25 Apr 2015 21:18:22 [05cc] - ScanFile (C:\MuLab (32 bit)\MuLab.exe) took 5047 ms
25 Apr 2015 21:22:02 [0d28] - C:\Program Files\Autodesk\DWG TrueView 2014\pdfnet.res not Scanned. Possibly password protected...
25 Apr 2015 21:24:31 [21a4] - ScanFile (C:\Program Files\Autodesk\Vault Basic 2014\Explorer\msvcm90.dll) took 7703 ms
25 Apr 2015 21:24:32 [1f38] - ScanFile (C:\Program Files\Autodesk\Vault Basic 2014\Explorer\x32\FBPWrapper.dll) took 6375 ms
25 Apr 2015 21:26:45 [21a4] - ScanFile (C:\Program Files\IHMC CmapTools\bin\update.exe) took 9265 ms
25 Apr 2015 21:27:50 [0644] - ScanFile (C:\Program Files\Lenovo\Communications Utility\unins000.exe) took 6328 ms
25 Apr 2015 21:30:29 [15ac] - ScanFile (C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\DCF\Infragistics2.Win.UltraWinChart.v11.1.dll) took 5640 ms
25 Apr 2015 21:30:30 [0644] - ScanFile (C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\DCF\Infragistics2.Win.UltraWinGrid.v11.1.dll) took 5016 ms
25 Apr 2015 21:32:15 [0644] - ScanFile (C:\Program Files\WindowsApps\C27EB4BA.Dropbox_3.2.0.0_x86__xbfy0k16fey96\Dropbox.WindowsApp.exe) took 5641 ms
25 Apr 2015 21:37:39 [12e8] - ScanFile (C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\plug_ins\Preflight\PreflightLib.dll) took 7406 ms
25 Apr 2015 21:40:35 [09e4] - ScanFile (C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe) took 16906 ms
25 Apr 2015 21:40:50 [0644] - ScanFile (C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\FastCore.8BX) took 6515 ms
25 Apr 2015 21:43:35 [12e8] - ScanFile (C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe) took 8015 ms
25 Apr 2015 21:45:08 [05cc] - ScanFile (C:\Program Files (x86)\AstroPlanner\AstroPlanner Libs\RBScript.dll) took 6078 ms
25 Apr 2015 21:45:08 [12e8] - ScanFile (C:\Program Files (x86)\AstroPlanner\AstroPlanner.exe) took 6531 ms
25 Apr 2015 21:45:22 [1f38] - C:\Program Files (x86)\Autodesk\Autodesk Design Review 2013\EComposite\pdfnet.res not Scanned. Possibly password protected...
25 Apr 2015 21:52:57 [21a4] - ScanFile (C:\Program Files (x86)\LEGO Company\LEGO Digital Designer\LDD.exe) took 5172 ms
25 Apr 2015 22:00:18 [1f38] - ScanFile (C:\Program Files (x86)\Nettalk6\Nettalk.exe) took 10281 ms
25 Apr 2015 22:00:18 [09e4] - ScanFile (C:\Program Files (x86)\Native Instruments\Reaktor 5\Reaktor5.exe) took 10062 ms
25 Apr 2015 22:00:29 [12e8] - ScanFile (C:\Program Files (x86)\Poedit\Poedit.exe) took 5469 ms
25 Apr 2015 22:01:02 [15ac] - ScanFile (C:\Program Files (x86)\Spectrasonics\plug-ins\StylusRMX.dll) took 7156 ms
25 Apr 2015 22:05:17 [0d28] - ScanFile (C:\rtgui\RTGUI.exe) took 10203 ms
25 Apr 2015 22:07:50 [1f38] - ScanFile (C:\SWTOOLS\DRIVERS\CAMERA\Install.exe) took 5625 ms
25 Apr 2015 22:07:50 [12e8] - ScanFile (C:\SWTOOLS\DRIVERS\CAMERA\Silentinstall.exe) took 5625 ms
25 Apr 2015 22:08:52 [21a4] - Scanning File C:\System Volume Information\{ebe59a90-e536-11e4-bf08-f0def1865e17}{3808876b-c176-4e48-b7ae-04046e6cc752}
25 Apr 2015 22:08:52 [15ac] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
26 Apr 2015 08:54:35 [21a4] - ScanFile (C:\Users\dougw_000\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\b291576c6fa9bbca\120712-0049\Att\2000af2d\Science.odt) took 6578 ms
26 Apr 2015 08:57:29 [12e8] - ScanFile (C:\Users\dougw_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\56ebda90-170f7e74-n\OpenAL32.dll) took 5157 ms
26 Apr 2015 08:57:30 [05cc] - ScanFile (C:\Users\dougw_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\56ebda90-170f7e74-n\lwjgl.dll) took 5656 ms
26 Apr 2015 08:57:45 [0d28] - ScanFile (C:\Users\dougw_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\56ebda90-170f7e74-n\jinput-raw.dll) took 21203 ms
26 Apr 2015 08:57:45 [0d28] - Scanning of C:\Users\dougw_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\56ebda90-170f7e74-n\jinput-raw.dll Timed out!!!
26 Apr 2015 08:57:45 [21a4] - ScanFile (C:\Users\dougw_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\56ebda90-170f7e74-n\jinput-dx8.dll) took 21187 ms
26 Apr 2015 08:57:45 [21a4] - Scanning of C:\Users\dougw_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\56ebda90-170f7e74-n\jinput-dx8.dll Timed out!!!
26 Apr 2015 08:57:46 [0644] - ScanFile (C:\Users\dougw_000\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\56ebda90-170f7e74) took 21875 ms
26 Apr 2015 08:57:56 [1f38] - ScanFile (C:\Users\dougw_000\AppData\LocalLow\LastPass\LPPlugin.dll) took 38172 ms
26 Apr 2015 08:57:56 [1f38] - Scanning of C:\Users\dougw_000\AppData\LocalLow\LastPass\LPPlugin.dll Timed out!!!
26 Apr 2015 08:59:24 [21a4] - ScanFile (C:\Users\dougw_000\Documents\minecraft\runtime\jre-x64\1.8.0_25\lib\management\jmxremote.password.template) took 6937 ms
26 Apr 2015 08:59:24 [09e4] - ScanFile (C:\Users\dougw_000\Documents\minecraft\Minecraft.exe) took 16250 ms
26 Apr 2015 08:59:47 [0644] - ScanFile (C:\Users\dougw_000\destroy\Scripts\pythonw.exe) took 51015 ms
26 Apr 2015 08:59:47 [0644] - Scanning of C:\Users\dougw_000\destroy\Scripts\pythonw.exe Timed out!!!
26 Apr 2015 08:59:47 [15ac] - ScanFile (C:\Users\dougw_000\destroy\Lib\site-packages\pip\_vendor\distlib\w32.exe) took 58250 ms
26 Apr 2015 08:59:47 [15ac] - Scanning of C:\Users\dougw_000\destroy\Lib\site-packages\pip\_vendor\distlib\w32.exe Timed out!!!
26 Apr 2015 09:00:42 [05cc] - ScanFile (C:\Users\dougw_000\Downloads\Autodesk_Inventor_2014_Eng_64bit_wi_en-US_Setup.exe) took 6265 ms
26 Apr 2015 09:00:48 [09e4] - ScanFile (C:\Users\dougw_000\Downloads\setup_wipe.exe) took 6546 ms
26 Apr 2015 09:01:27 [15ac] - C:\Users\dougw_000\SkyDrive\03 Physics 11\Unit 0 Physics Skills\Lab Write-Ups_example.pdf not Scanned. Possibly password protected...
26 Apr 2015 09:01:27 [21a4] - C:\Users\dougw_000\SkyDrive\03 Physics 11\Unit 0 Physics Skills\Lab-writeup-format.pdf not Scanned. Possibly password protected...
26 Apr 2015 09:01:43 [0d28] - ScanFile (C:\Users\dougw_000\SkyDrive\03 Physics 11\Unit 2 - Dynamics\archive\Worksheet 3 - Force problems.docx) took 5125 ms
26 Apr 2015 09:01:43 [21a4] - ScanFile (C:\Users\dougw_000\SkyDrive\03 Physics 11\Unit 2 - Dynamics\archive\Worksheet 3-3 - Force problems.docx) took 5204 ms
26 Apr 2015 09:01:43 [05cc] - ScanFile (C:\Users\dougw_000\SkyDrive\03 Physics 11\Unit 2 - Dynamics\archive\Notes 5 - Friction.pdf) took 5500 ms
26 Apr 2015 09:01:43 [09e4] - ScanFile (C:\Users\dougw_000\SkyDrive\03 Physics 11\Unit 2 - Dynamics\archive\Notes 3 - N 2nd Law.pdf) took 5625 ms
26 Apr 2015 09:01:43 [1f38] - ScanFile (C:\Users\dougw_000\SkyDrive\03 Physics 11\Unit 2 - Dynamics\archive\Notes 4 - Universal Gravity.pdf) took 5718 ms
26 Apr 2015 09:01:43 [15ac] - ScanFile (C:\Users\dougw_000\SkyDrive\03 Physics 11\Unit 2 - Dynamics\archive\Notes 6 - Problems.pdf) took 5578 ms
26 Apr 2015 09:02:35 [1f38] - C:\Users\dougw_000\SkyDrive\config-freenas.local-20121111100427.xml not Scanned. Possibly password protected...
26 Apr 2015 09:02:35 [12e8] - C:\Users\dougw_000\SkyDrive\confignas4free.xml not Scanned. Possibly password protected...
26 Apr 2015 09:03:24 [21a4] - C:\Users\dougw_000\SkyDrive\Pictures\Camera Roll\T-054516750353 - WIN_20150419_201351.JPG not Scanned. Possibly password protected...
26 Apr 2015 09:05:03 [0644] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Math 10\resources\Prerequisite Skills\BLM_3_02_Chapter_3_Prerequisite_Skills.doc) took 5422 ms
26 Apr 2015 09:05:03 [21a4] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Math 10\resources\Prerequisite Skills\BLM_4_02_Chapter_4_Prerequisite_Skills.doc) took 5281 ms
26 Apr 2015 09:05:03 [0d28] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Math 10\resources\Prerequisite Skills\BLM_2_02_Chapter_2_Prerequisite_Skills.doc) took 5468 ms
26 Apr 2015 09:05:18 [05cc] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Math 10\resources\solutions Final Exam Review FPC 10.doc) took 10484 ms
26 Apr 2015 09:05:29 [0644] - C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 11\Unit 0 Physics Skills\Lab Write-Ups_example.pdf not Scanned. Possibly password protected...
26 Apr 2015 09:05:29 [09e4] - C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 11\Unit 0 Physics Skills\Lab-writeup-format.pdf not Scanned. Possibly password protected...
26 Apr 2015 09:05:58 [09e4] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 12\Nenzens\080409-Notes-BackEMF.PDF) took 5547 ms
26 Apr 2015 09:05:58 [15ac] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 12\Nenzens\080408-Motor_Project.pdf) took 5625 ms
26 Apr 2015 09:05:58 [0644] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 12\Nenzens\080328-Intro_to_Induction-complete.pdf) took 5937 ms
26 Apr 2015 09:05:58 [21a4] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 12\Nenzens\080407-Notes-Transformers1.PDF) took 5953 ms
26 Apr 2015 09:05:58 [0d28] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 12\Nenzens\080407-WS-Induction3-ans.PDF) took 6156 ms
26 Apr 2015 09:05:58 [05cc] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 12\Nenzens\080401-WS-Induction1-ans.PDF) took 6297 ms
26 Apr 2015 09:05:59 [1f38] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 12\Nenzens\080308_Pract_Test_ans.PDF) took 7359 ms
26 Apr 2015 09:06:03 [09e4] - C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 12\Nenzens\090203_WS_Sig_Figures.pdf not Scanned. Possibly password protected...
26 Apr 2015 09:06:09 [21a4] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 12\Nenzens\080530-WS-Force_Equilibrium.PDF) took 7422 ms
26 Apr 2015 09:06:10 [12e8] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 12\Physics 12 Reviews\Circular Motion Review.pdf) took 6234 ms
26 Apr 2015 09:06:19 [1f38] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\archive\Physics 12\Unit 1 Vectors Kinematics\Vectors ws1 solutions.pdf) took 7704 ms
26 Apr 2015 09:07:17 [21a4] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\jobs resume cover\lenovo doc backp\hjsplit.exe) took 13641 ms
26 Apr 2015 09:07:46 [1f38] - C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\DOCUMENTS\OTHER TESTS\FORCE CONCEPT INVENTORY.PDF not Scanned. Possibly password protected...
26 Apr 2015 09:07:46 [0644] - C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\DOCUMENTS\OTHER TESTS\MECHANICS BASELINE TEST.PDF not Scanned. Possibly password protected...
26 Apr 2015 09:07:58 [05cc] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\CHILLDEX-FROIDEX ENV CANADA.ZIP) took 8031 ms
26 Apr 2015 09:07:58 [09e4] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\CURVEEXPERT\HYAPI3.DLL) took 5297 ms
26 Apr 2015 09:07:59 [0d28] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\CURVEEXPERT\DIAGEXT3.DLL) took 7016 ms
26 Apr 2015 09:07:59 [12e8] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\GPAPER\GRAPHPAP.EXE) took 10297 ms
26 Apr 2015 09:08:02 [15ac] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\CURVEEXPERT\CURVRES3.DLL) took 11453 ms
26 Apr 2015 09:08:20 [15ac] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\ORBITX.EXE) took 13344 ms
26 Apr 2015 09:08:20 [0d28] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\SKY3D 20\SKY3D.EXE) took 7656 ms
26 Apr 2015 09:08:23 [1f38] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\CURVEEXPERT\HKLIB3.DLL) took 30046 ms
26 Apr 2015 09:08:23 [1f38] - Scanning of C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\CURVEEXPERT\HKLIB3.DLL Timed out!!!
26 Apr 2015 09:08:23 [0644] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\CURVEEXPERT\CVXPT32.EXE) took 32844 ms
26 Apr 2015 09:08:23 [0644] - Scanning of C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\CURVEEXPERT\CVXPT32.EXE Timed out!!!
26 Apr 2015 09:08:24 [21a4] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\HOMEPLANET\HPLANET.EXE) took 20438 ms
26 Apr 2015 09:08:24 [21a4] - Scanning of C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\HOMEPLANET\HPLANET.EXE Timed out!!!
26 Apr 2015 09:08:37 [05cc] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\AP\Physics AP (Panas)\SOFTWARE\MISCELLANEOUS\SPACE SCREENSAVER\ITMCLEAN.EXE) took 15625 ms
26 Apr 2015 09:09:12 [15ac] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\Matts Physics\Phys 11\crayon\SDL_image.dll) took 35704 ms
26 Apr 2015 09:09:12 [15ac] - Scanning of C:\Users\dougw_000\SkyDrive\Teaching\Physics\Matts Physics\Phys 11\crayon\SDL_image.dll Timed out!!!
26 Apr 2015 09:09:12 [1f38] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\Matts Physics\Phys 11\crayon\SDL_mixer.dll) took 35750 ms
26 Apr 2015 09:09:12 [1f38] - Scanning of C:\Users\dougw_000\SkyDrive\Teaching\Physics\Matts Physics\Phys 11\crayon\SDL_mixer.dll Timed out!!!
26 Apr 2015 09:09:13 [12e8] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\Matts Physics\Phys 11\crayon\SDL.dll) took 36781 ms
26 Apr 2015 09:09:13 [12e8] - Scanning of C:\Users\dougw_000\SkyDrive\Teaching\Physics\Matts Physics\Phys 11\crayon\SDL.dll Timed out!!!
26 Apr 2015 09:09:46 [09e4] - C:\Users\dougw_000\SkyDrive\Teaching\Physics\Physics 11\Alderman Physics 11\Tours\scienceofsnow_2004_fin.pdf not Scanned. Possibly password protected...
26 Apr 2015 09:09:46 [21a4] - C:\Users\dougw_000\SkyDrive\Teaching\Physics\Physics 11\Alderman Physics 11\Tours\Science_of_Snow_2005.pdf not Scanned. Possibly password protected...
26 Apr 2015 09:09:51 [09e4] - C:\Users\dougw_000\SkyDrive\Teaching\Physics\Physics 11\Nenzens\081008_Quiz_Const_a.pdf not Scanned. Possibly password protected...
26 Apr 2015 09:10:06 [12e8] - C:\Users\dougw_000\SkyDrive\Teaching\Physics\Physics 12\Nenzens\090203_WS_Sig_Figures.pdf not Scanned. Possibly password protected...
26 Apr 2015 09:10:23 [05cc] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\mechanics_videos\tracker.jar) took 44719 ms
26 Apr 2015 09:10:23 [05cc] - Scanning of C:\Users\dougw_000\SkyDrive\Teaching\Physics\mechanics_videos\tracker.jar Timed out!!!
26 Apr 2015 09:10:23 [1f38] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\Physics\Physics 11\Alderman Physics 11\Labs\moving-man.jar) took 43516 ms
26 Apr 2015 09:10:23 [1f38] - Scanning of C:\Users\dougw_000\SkyDrive\Teaching\Physics\Physics 11\Alderman Physics 11\Labs\moving-man.jar Timed out!!!
26 Apr 2015 09:10:39 [1f38] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\polls\32(6) - EM-2.html) took 9437 ms
26 Apr 2015 09:10:39 [05cc] - ScanFile (C:\Users\dougw_000\SkyDrive\Teaching\polls\34(6) - EM-4.html) took 9469 ms
26 Apr 2015 09:12:37 [1f38] - ScanFile (C:\Users\Public\Downloads\Adobe Premiere Pro CS6\Adobe CS6\payloads\AdobeBridge5-mul-x64\customaction.data) took 16547 ms
26 Apr 2015 09:12:39 [15ac] - ScanFile (C:\VSTPlugins\Ambience.dll) took 5422 ms
26 Apr 2015 09:13:03 [0644] - ScanFile (C:\VSTPlugins\stepchild.dll) took 5906 ms
26 Apr 2015 09:13:04 [09e4] - ScanFile (C:\VSTPlugins\StylusRMX.dll) took 5188 ms
26 Apr 2015 09:13:04 [0d28] - ScanFile (C:\Users\Public\Downloads\Adobe Premiere Pro CS6\Adobe CS6\Set-up.exe) took 33266 ms
26 Apr 2015 09:13:04 [0d28] - Scanning of C:\Users\Public\Downloads\Adobe Premiere Pro CS6\Adobe CS6\Set-up.exe Timed out!!!
26 Apr 2015 09:13:11 [05cc] - ScanFile (C:\VSTPlugins\Rapture\Rapture.exe) took 14641 ms
26 Apr 2015 09:13:51 [0d28] - ScanFile (C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\06405553932545cdcbe8f3c59bafc85d\System.Printing.ni.dll) took 5563 ms
26 Apr 2015 09:14:42 [0d28] - ScanFile (C:\Windows\ehome\MediaCenterWebLauncher.exe) took 7922 ms
26 Apr 2015 09:16:13 [12e8] - ScanFile (C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000040\9.0.0\guidebuilder.exe.A67F9E07_F8C7_4929_9C85_B964A40A1E78) took 7672 ms
26 Apr 2015 09:23:01 [12e8] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b85d89a9c3d546c2\igdfcl32.dll) took 6094 ms
26 Apr 2015 09:23:06 [21a4] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_421d83df5dec28db\igdde32.dll) took 16500 ms
26 Apr 2015 09:23:06 [05cc] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_b85d89a9c3d546c2\igdde32.dll) took 11828 ms
26 Apr 2015 09:23:06 [1f38] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\kit51261.inf_amd64_b6106d6729abc31a\igdde32.dll) took 5187 ms
26 Apr 2015 09:23:08 [09e4] - ScanFile (C:\Windows\System32\DriverStore\FileRepository\kit51261.inf_amd64_b6106d6729abc31a\igdfcl32.dll) took 6359 ms
26 Apr 2015 09:26:10 [15ac] - ScanFile (C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe) took 8484 ms
26 Apr 2015 09:33:50 [0d28] - ScanFile (C:\Windows\WinSxS\amd64_netfx-microsoft.visualbasic_b03f5f7f11d50a3a_6.3.9600.17226_none_166264d0cd10bb08\Microsoft.VisualBasic.dll) took 10344 ms
26 Apr 2015 09:39:44 [15ac] - ScanFile (C:\Windows\WinSxS\Manifests\amd64_faro.ls_1d23f5635ba800ab_1.1.501.0_none_347e88fb032f5788.manifest) took 13625 ms
26 Apr 2015 09:40:45 [0d28] - ScanFile (C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-font-truetype-dfkaisb_31bf3856ad364e35_6.3.9600.16384_none_64197e8030ec9283.manifest) took 5594 ms
26 Apr 2015 09:40:45 [1f38] - ScanFile (C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-font-truetype-consolas_31bf3856ad364e35_6.3.9600.17238_none_5ae7ab35791d01e8.manifest) took 5563 ms
26 Apr 2015 09:40:45 [0644] - ScanFile (C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-font-truetype-khmerui_31bf3856ad364e35_6.3.9600.16384_none_39c3f0bd3e7a1108.manifest) took 5485 ms
26 Apr 2015 09:40:45 [21a4] - ScanFile (C:\Windows\WinSxS\Manifests\amd64_microsoft-windows-font-truetype-marlett_31bf3856ad364e35_6.3.9600.16384_none_3f135777d347cab6.manifest) took 5500 ms
26 Apr 2015 09:45:16 [05cc] - ScanFile (C:\Windows\WinSxS\msil_microsoft-windows-workplacejoin_31bf3856ad364e35_6.3.9600.16384_none_6c98aaf16c52982b\AutoWorkplace.exe) took 7219 ms
26 Apr 2015 09:45:21 [12e8] - ScanFile (C:\Windows\WinSxS\msil_ehexthost_31bf3856ad364e35_6.3.9600.16384_none_538879ebda7166a6\ehexthost.exe) took 14922 ms
26 Apr 2015 09:45:37 [15ac] - ScanFile (C:\Windows\WinSxS\msil_microsoft.visualbasic_b03f5f7f11d50a3a_6.3.9600.17226_none_c8948f66c5463065\Microsoft.VisualBasic.dll) took 9781 ms
26 Apr 2015 09:45:39 [1f38] - ScanFile (C:\Windows\WinSxS\msil_microsoft.visualbasic.compatibility_b03f5f7f11d50a3a_6.3.9600.17226_none_086bb6f5594a484d\Microsoft.VisualBasic.Compatibility.dll) took 11719 ms
26 Apr 2015 09:46:36 [1f38] - ScanFile (C:\Windows\WinSxS\wow64_ehome-bdatunepia_31bf3856ad364e35_6.3.9600.16384_none_e8ba45eb55ac35e2\BDATunePIA.dll) took 17422 ms
26 Apr 2015 09:46:48 [05cc] - ScanFile (C:\Windows\WinSxS\wow64_desktop_shell-gettingstarted_31bf3856ad364e35_6.3.9600.17415_none_fa57a10190cc12a3\OobeFldr.dll) took 29985 ms
26 Apr 2015 09:46:48 [05cc] - Scanning of C:\Windows\WinSxS\wow64_desktop_shell-gettingstarted_31bf3856ad364e35_6.3.9600.17415_none_fa57a10190cc12a3\OobeFldr.dll Timed out!!!
26 Apr 2015 09:46:48 [15ac] - ScanFile (C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.17754_none_26d34ef771cf16a2\FlashUtil_ActiveX.dll) took 30547 ms
26 Apr 2015 09:46:48 [15ac] - Scanning of C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.17754_none_26d34ef771cf16a2\FlashUtil_ActiveX.dll Timed out!!!
26 Apr 2015 09:46:48 [09e4] - ScanFile (C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.17754_none_26d34ef771cf16a2\FlashPlayerCPLApp.cpl) took 30546 ms
26 Apr 2015 09:46:48 [09e4] - Scanning of C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.17754_none_26d34ef771cf16a2\FlashPlayerCPLApp.cpl Timed out!!!
26 Apr 2015 09:46:48 [0d28] - ScanFile (C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.17754_none_26d34ef771cf16a2\Flash.ocx) took 30797 ms
26 Apr 2015 09:46:48 [0d28] - Scanning of C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.17754_none_26d34ef771cf16a2\Flash.ocx Timed out!!!
26 Apr 2015 09:46:48 [21a4] - ScanFile (C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.17754_none_26d34ef771cf16a2\FlashUtil_ActiveX.exe) took 30906 ms
26 Apr 2015 09:46:48 [21a4] - Scanning of C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.17754_none_26d34ef771cf16a2\FlashUtil_ActiveX.exe Timed out!!!
26 Apr 2015 09:46:49 [12e8] - ScanFile (C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.17754_none_26d34ef771cf16a2\FlashPlayerApp.exe) took 31453 ms
26 Apr 2015 09:46:49 [12e8] - Scanning of C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_6.3.9600.17754_none_26d34ef771cf16a2\FlashPlayerApp.exe Timed out!!!
26 Apr 2015 09:46:49 [0644] - ScanFile (C:\Windows\WinSxS\wow64_eventviewersettings_31bf3856ad364e35_6.3.9600.17415_none_f0577d400bd158f9\eventvwr.exe) took 18734 ms
26 Apr 2015 09:47:06 [09e4] - ScanFile (C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.3.9600.17415_none_ac0768ee5056c655\dcomcnfg.exe) took 9203 ms
26 Apr 2015 09:47:15 [09e4] - ScanFile (C:\Windows\WinSxS\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_6.3.9600.17401_none_33f7939fa9ced19f\powershell_ise.exe) took 6343 ms
26 Apr 2015 09:52:09 [12e8] - ScanFile (C:\xampp\apache\bin\apr_dbd_odbc-1.dll) took 5125 ms
26 Apr 2015 09:53:15 [0d28] - ScanFile (C:\xampp\htdocs\moodle\filter\tex\mimetex.darwin) took 23000 ms
26 Apr 2015 09:53:15 [0d28] - Scanning of C:\xampp\htdocs\moodle\filter\tex\mimetex.darwin Timed out!!!
26 Apr 2015 09:56:25 [0d28] - ScanFile (C:\xampp\perl\bin\wperl.exe) took 13578 ms
 
26 Apr 2015 09:57:32 [098c] - ***** Checking for specific ITW Viruses *****
26 Apr 2015 09:57:34 [098c] - File Q:\AUTORUN.INF created by Fujack worm found and deleted.
26 Apr 2015 09:57:35 [098c] - File Q:\AUTORUN.INF infected by "Fujack" Virus! Action Taken: Deleted.

 
26 Apr 2015 09:57:35 [098c] - ***** Scanning complete. *****
 
26 Apr 2015 09:57:35 [098c] - Total Objects Scanned: 636142
26 Apr 2015 09:57:35 [098c] - Total Critical Objects: 2
26 Apr 2015 09:57:35 [098c] - Total Disinfected Objects: 0
26 Apr 2015 09:57:35 [098c] - Total Objects Renamed: 0
26 Apr 2015 09:57:35 [098c] - Total Deleted Objects: 3
26 Apr 2015 09:57:35 [098c] - Total Errors: 3
26 Apr 2015 09:57:35 [098c] - Time Elapsed: 02:24:35
26 Apr 2015 09:57:35 [098c] - Virus Database Date: 25 Apr 2015
26 Apr 2015 09:57:35 [098c] - Virus Database Count: 5719723
26 Apr 2015 09:57:35 [098c] - Sign Version: 7.60290 [519042]
 
26 Apr 2015 09:57:35 [098c] - Scan Completed.
 

 

Zemana:

Zemana AntiMalware 2.10.2.18 (Installed)
-------------------------------------------------------
Scan Result           : Completed
Scan Date             : 2015/4/26
Operating System      : Windows 8.1 64-bit
Processor             : 4X Intel® Core™ i5-2520M CPU @ 2.50GHz
BIOS Mode             : Legacy
CUID                  : 00901210C7FE0147510A23
Scan Type             : Deep Scan
Duration              : 64m 7s
Scanned Objects       : 120848
Detected Objects      : 3
Excluded Objects      : 0
Read Level            : Normal
Auto Upload           : Yes
Show All Extensions   : No
Scan Documents        : Yes
Engines               : Zemana, Avira, Eset, Bitdefender, AVG, Kaspersky


Detected Objects
-------------------------------------------------------
Internet Explorer Homepage
   Status             : Scanned
   Object             : http://www.pandora.com/inactive
   MD5                : -
   Publisher          : -
   Size               : -
   Version            : -
   Detections         : Suspicious Browser Setting
   Cleaning Action    : Repair
   Traces             :
                Browser Setting - Internet Explorer Homepage

AS Magic Player
   Status             : Scanned
   Object             : %localappdata%\google\chrome\user data\default\extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\init.js
   MD5                : 516D7959548650C2947309FF23E561C0
   Publisher          : -
   Size               : 18286
   Version            : -
   Detections         : Kaspersky: not-a-virus:AdWare.JS.Agent.as
   Cleaning Action    : Repair
   Traces             :
                File - %localappdata%\google\chrome\user data\default\extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim\1.0.2_0\init.js
                Extension - AS Magic Player

ninja-setup-3.0.6.exe
   Status             : Scanned
   Object             : %userprofile%\downloads\ninja-setup-3.0.6.exe
   MD5                : 24FE0BB7A85A866B487D15C0EB6E3A74
   Publisher          : -
   Size               : 2507200
   Version            : 0.0.0.0
   Detections         : Eset: Win32/OpenCandy potentially unsafe application
   Cleaning Action    : Quarantine
   Traces             :
                File - %userprofile%\downloads\ninja-setup-3.0.6.exe
 

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.4 (04.26.2015:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by dougw_000 on Sun 04/26/2015 at 16:17:50.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3830325116-2081136293-929780250-1000
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3830325116-2081136293-929780250-1014
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3830325116-2081136293-929780250-1015



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\dougw_000\AppData\Roaming\mozilla\firefox\profiles\1j65hpxl.default\prefs.js

user_pref(extensions.lastpass.5f886a7e662da61119209867229ddd9edb6460dd8ac30e9adbc738e866c832bb.searchforsiteswithinaddressbar, true);
user_pref(extensions.lastpass.searchforsiteswithinaddressbar, true);





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/26/2015 at 16:22:43.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

ADWCleaner

# AdwCleaner v4.202 - Logfile created 26/04/2015 at 16:26:44
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 8.1 Pro with Media Center  (x64)
# Username : dougw_000 - SLUGGO-LENOVO
# Running from : C:\Users\dougw_000\Desktop\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\MiniApp
Folder Deleted : C:\Users\dougw_000\Documents\v9
[!] Folder Deleted : C:\Users\dougw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
Folder Deleted : C:\Users\dougw_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao
Folder Deleted : C:\Users\dougw_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
File Deleted : C:\Users\dougw_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpphkkgodbfncbcpgopijlfakfgmclao_0.localstorage
File Deleted : C:\Users\dougw_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpphkkgodbfncbcpgopijlfakfgmclao_0.localstorage-journal
File Deleted : C:\Users\dougw_000\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.2 (x86 en-US)


-\\ Google Chrome v42.0.2311.90

[C:\Users\dougw_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [2314 bytes] - [14/07/2014 10:12:00]
AdwCleaner[R1].txt - [2277 bytes] - [26/04/2015 16:25:12]
AdwCleaner[S0].txt - [2397 bytes] - [14/07/2014 10:14:00]
AdwCleaner[S1].txt - [2156 bytes] - [26/04/2015 16:26:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2215  bytes] ##########
 

 

 

 

Thanks,

 



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 26 April 2015 - 06:44 PM

Adware Removal Tool.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

LOr0Gd7.png

Hit Ok.

sYFsqHx.png

Hit next make sure to leave all items checked, for removal.

8NcZjGc.png


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

Step 3: Security Check.

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

 

Step 4: Minitoolbox.

 

Please download [b]MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Eset Scan
 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

 
 
 esetonlinebtn.png
 

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


#5 shmish

shmish
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 27 April 2015 - 09:24 AM

Adware didn't give me a log file.

 

ZHP:

~ ZHPCleaner v2015.4.26.191 by Nicolas Coolman (26/04/2015)
~ Run by dougw_000 (Administrator)  (26/04/2015 18:37:26)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\dougw_000\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\dougw_000\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 64-bit  (Build 9600)


---\\  Services (0)
~ No malicious items found.


---\\  Browser internet (0)
~ No malicious items found.


---\\  Hosts file (0)
~ No malicious items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious items found.


---\\  Explorer ( File, Folder) (3)
MOVED file: C:\ProgramData\InstallMate\{BA83B8B6-778C-47EA-A501-3FAE61609A40}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup] (PUP.Tarma)
MOVED file^: C:\ProgramData\InstallMate\{BA83B8B6-778C-47EA-A501-3FAE61609A40}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library] (PUP.Tarma)
MOVED folder*: C:\ProgramData\InstallMate (PUP.Tarma)


---\\  Registry ( Key, Value, Data) (6)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ComposerEMV.SectionViewpointCmd [] (Adware.MetaStream)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ComposerEMV.SectionViewpointCmd.1 [] (Adware.MetaStream)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\EModelViewer.SectionViewpointCmd [] (Adware.MetaStream)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\EModelViewer.SectionViewpointCmd.1 [] (Adware.MetaStream)
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\276B9FFD0C906E14AB77E26C864B722F [LEGO MINDSTORMS NXT x64 Driver Support] (PUP.DriverSupport)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DFF9B672-09C0-41E6-BA77-2EC668B427F2} [LEGO MINDSTORMS NXT x64 Driver Support] (PUP.DriverSupport)


---\\ Result of repair
~ Repair carried out successfully
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 3724
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 9


End of clean at 18:37:37
===================
ZHPCleaner-[R]-26042015-18_37_37.txt
ZHPCleaner-[S]-26042015-18_36_50.txt
 

 

Security check:

 Results of screen317's Security Check version 1.00  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
ESET Smart Security 8.0   
Windows Defender          
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Zemana AntiMalware    
 Java 7 Update 67  
 Java™ 6 Update 16  
 Java version 32-bit out of Date!
 Adobe Flash Player     17.0.0.169  
 Mozilla Firefox (37.0.2)
 Google Chrome (41.0.2272.118)
 Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Zemana AntiMalware ZAM.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

Minitoolbox

MiniToolBox by Farbar  Version: 14-04-2015
Ran by dougw_000 (administrator) on 26-04-2015 at 19:52:54
Running from "C:\Users\dougw_000\Desktop"
Microsoft Windows 8.1 Pro with Media Center  (X64)
Model: 4294CTO Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6205 = Wi-Fi (Connected)
Intel® 82579LM Gigabit Network Connection = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Wi-Fi" forwarding=disabled advertise=disabled metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : sluggo-LENOVO
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 08-11-96-27-E1-31
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 0A-11-96-27-E1-30
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6205
   Physical Address. . . . . . . . . : 08-11-96-27-E1-30
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9546:6a6e:f568:67a7%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.100.108(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, April 26, 2015 6:39:51 PM
   Lease Expires . . . . . . . . . . : Thursday, June 3, 2151 2:21:12 AM
   Default Gateway . . . . . . . . . : 192.168.100.1
   DHCP Server . . . . . . . . . . . : 192.168.100.1
   DHCPv6 IAID . . . . . . . . . . . : 487068054
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-C4-1C-BE-F0-DE-F1-86-5E-17
   DNS Servers . . . . . . . . . . . : 208.122.23.22
                                       208.122.23.23
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : telus
   Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : F0-DE-F1-86-5E-17
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6F4EF2DE-CB20-42B9-942A-D969EF315CF3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2c66:2031:cda3:23a6(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2c66:2031:cda3:23a6%5(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 218103808
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-C4-1C-BE-F0-DE-F1-86-5E-17
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  208.122.23.22

Name:    google.com
Addresses:  2607:f8b0:4002:c03::8a
      173.194.219.102
      173.194.219.138
      173.194.219.101
      173.194.219.100
      173.194.219.139
      173.194.219.113


Pinging google.com [173.194.219.102] with 32 bytes of data:
Reply from 173.194.219.102: bytes=32 time=75ms TTL=45
Reply from 173.194.219.102: bytes=32 time=73ms TTL=45

Ping statistics for 173.194.219.102:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 73ms, Maximum = 75ms, Average = 74ms
Server:  UnKnown
Address:  208.122.23.22

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=17ms TTL=55
Reply from 206.190.36.45: bytes=32 time=16ms TTL=55

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 17ms, Average = 16ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...08 11 96 27 e1 31 ......Microsoft Wi-Fi Direct Virtual Adapter
  6...0a 11 96 27 e1 30 ......Microsoft Hosted Network Virtual Adapter
  4...08 11 96 27 e1 30 ......Intel® Centrino® Advanced-N 6205
  3...f0 de f1 86 5e 17 ......Intel® 82579LM Gigabit Network Connection
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.100.1  192.168.100.108     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
    192.168.100.0    255.255.255.0         On-link   192.168.100.108    281
  192.168.100.108  255.255.255.255         On-link   192.168.100.108    281
  192.168.100.255  255.255.255.255         On-link   192.168.100.108    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link   192.168.100.108    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link   192.168.100.108    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:6ab8:2c66:2031:cda3:23a6/128
                                    On-link
  4    281 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::2c66:2031:cda3:23a6/128
                                    On-link
  4    281 fe80::9546:6a6e:f568:67a7/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/26/2015 07:14:44 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cdc

Start Time: 01d0808f3684d92c

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 2a3c710e-ec83-11e4-bf0d-f0def1865e17

Faulting package full name: CAF9E577.Plex_2.0.0.5_x64__aam28m9va5cke

Faulting package-relative application ID: App

Error: (04/26/2015 07:14:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: QtCore_Ad_SyncNs_4.dll_unloaded, version: 4.8.2.0, time stamp: 0x50d3fca7
Exception code: 0xc0000005
Fault offset: 0x00000000000265fe
Faulting process id: 0x10b0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (04/26/2015 07:12:57 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11e4

Start Time: 01d0808b34a4e2c4

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: f1ce8f05-ec7e-11e4-bf0d-f0def1865e17

Faulting package full name:

Faulting package-relative application ID:

Error: (04/26/2015 06:59:54 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17ec

Start Time: 01d0808d1e242fb1

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 15a2fc70-ec81-11e4-bf0d-f0def1865e17

Faulting package full name: CAF9E577.Plex_2.0.0.5_x64__aam28m9va5cke

Faulting package-relative application ID: App

Error: (04/26/2015 06:59:51 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1798

Start Time: 01d0808cfa7228fd

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 12517160-ec81-11e4-bf0d-f0def1865e17

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/26/2015 06:53:37 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3a8

Start Time: 01d0808b8cb59fb7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 36e16c36-ec80-11e4-bf0d-f0def1865e17

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/26/2015 06:19:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1588
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (04/26/2015 04:50:39 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 93c

Start Time: 01d0807b161d9d1b

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 08ea4da0-ec6f-11e4-bf0c-f0def1865e17

Faulting package full name: CAF9E577.Plex_2.0.0.5_x64__aam28m9va5cke

Faulting package-relative application ID: App

Error: (04/26/2015 04:11:54 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 27cc

Start Time: 01d08075a9b87f3c

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 9f345ec1-ec69-11e4-bf0b-f0def1865e17

Faulting package full name: CAF9E577.Plex_2.0.0.5_x64__aam28m9va5cke

Faulting package-relative application ID: App

Error: (04/26/2015 03:56:56 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15ac

Start Time: 01d080739163277e

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 86bbb490-ec67-11e4-bf0b-f0def1865e17

Faulting package full name: CAF9E577.Plex_2.0.0.5_x64__aam28m9va5cke

Faulting package-relative application ID: App


System errors:
=============
Error: (04/26/2015 06:40:00 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/26/2015 06:19:21 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (04/26/2015 06:19:18 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/26/2015 04:29:04 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
%%3

Error: (04/26/2015 04:28:33 PM) (Source: DCOM) (User: SLUGGO-LENOVO)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/26/2015 04:28:04 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/26/2015 04:28:03 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (04/26/2015 04:28:03 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/26/2015 04:28:03 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).

Error: (04/26/2015 04:28:03 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 3 time(s).


Microsoft Office Sessions:
=========================
Error: (04/26/2015 07:14:44 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.17415cdc01d0808f3684d92c4294967295C:\WINDOWS\system32\backgroundTaskHost.exe2a3c710e-ec83-11e4-bf0d-f0def1865e17CAF9E577.Plex_2.0.0.5_x64__aam28m9va5ckeApp

Error: (04/26/2015 07:14:34 PM) (Source: Application Error)(User: )
Description: explorer.exe6.3.9600.1766754c6f7c2QtCore_Ad_SyncNs_4.dll_unloaded4.8.2.050d3fca7c000000500000000000265fe10b001d0808bc8588075C:\Windows\explorer.exeQtCore_Ad_SyncNs_4.dll24da9c9f-ec83-11e4-bf0d-f0def1865e17

Error: (04/26/2015 07:12:57 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.3.9600.1766711e401d0808b34a4e2c40C:\WINDOWS\Explorer.EXEf1ce8f05-ec7e-11e4-bf0d-f0def1865e17

Error: (04/26/2015 06:59:54 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.1741517ec01d0808d1e242fb14294967295C:\WINDOWS\system32\backgroundTaskHost.exe15a2fc70-ec81-11e4-bf0d-f0def1865e17CAF9E577.Plex_2.0.0.5_x64__aam28m9va5ckeApp

Error: (04/26/2015 06:59:51 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20689179801d0808cfa7228fd4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe12517160-ec81-11e4-bf0d-f0def1865e17microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/26/2015 06:53:37 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.206893a801d0808b8cb59fb74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe36e16c36-ec80-11e4-bf0d-f0def1865e17microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/26/2015 06:19:19 PM) (Source: Application Error)(User: )
Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa1158801d0807a96568f44C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6d10c97e-ec7b-11e4-bf0c-f0def1865e17

Error: (04/26/2015 04:50:39 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.1741593c01d0807b161d9d1b4294967295C:\WINDOWS\system32\backgroundTaskHost.exe08ea4da0-ec6f-11e4-bf0c-f0def1865e17CAF9E577.Plex_2.0.0.5_x64__aam28m9va5ckeApp

Error: (04/26/2015 04:11:54 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.1741527cc01d08075a9b87f3c4294967295C:\WINDOWS\system32\backgroundTaskHost.exe9f345ec1-ec69-11e4-bf0b-f0def1865e17CAF9E577.Plex_2.0.0.5_x64__aam28m9va5ckeApp

Error: (04/26/2015 03:56:56 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.1741515ac01d080739163277e4294967295C:\WINDOWS\system32\backgroundTaskHost.exe86bbb490-ec67-11e4-bf0b-f0def1865e17CAF9E577.Plex_2.0.0.5_x64__aam28m9va5ckeApp


CodeIntegrity Errors:
===================================
  Date: 2015-03-19 22:27:33.505
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-31 06:14:32.456
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-30 10:49:39.242
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-30 10:49:38.113
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-26 12:33:39.840
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-26 12:33:39.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-26 12:33:01.202
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-26 12:33:01.093
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-26 12:33:00.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-26 12:33:00.794
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.



=========================== Installed Programs ============================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AceMoney Lite (HKLM-x32\...\AceMoney Lite_is1) (Version:  - MechCAD Software)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.356 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Standard (HKLM-x32\...\{AE29D445-8164-4CD1-8824-FCE85C0BB179}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applied Acoustics Systems - Ultra Analog VA-1 v1.1.2 (HKLM-x32\...\Ultra Analog VA-1) (Version:  - )
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.6 - Arduino LLC)
ARIA Engine v1.6.6.9 (HKLM\...\ARIA Engine_is1) (Version: v1.6.6.9 - Plogue Art et Technologie, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AstroPlanner V2 (HKLM-x32\...\{DFD8FD0C-5AF4-454B-A126-317BF9352E7B}_is1) (Version:  - iLanga, Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DWG TrueView 2014 (HKLM\...\DWG TrueView 2014) (Version: 19.1.18.0 - Autodesk)
Autodesk Inventor Content Center Libraries 2014 (Desktop Content) (HKLM\...\{B46DECD1-1864-4EF1-0000-22D71E81877C}) (Version: 18.0.17000.0000 - Autodesk)
Autodesk Inventor Professional 2014 - English (HKLM\...\Autodesk Inventor Professional 2014) (Version: 18.2.24600.0000 - Autodesk)
Autodesk Inventor Professional 2014 (Version: 18.2.24600.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2014 English Language Pack (Version: 18.0.17000.0000 - Autodesk) Hidden
Autodesk Inventor Professional 2014 SP1 (HKLM\...\Autodesk Inventor Professional 2014 SP1) (Version: 18.2.24600.0000 - Autodesk)
Autodesk Inventor Professional 2014 SP2 (HKLM\...\Autodesk Inventor Professional 2014 SP2) (Version: 18.2.24600.0000 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.27 - Autodesk)
Autodesk ReCap (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.27 - Autodesk) Hidden
Autodesk Revit Interoperability for Inventor 2014 (HKLM\...\Autodesk Revit Interoperability for Inventor 2014) (Version: 13.02.15161 - Autodesk)
Autodesk Revit Interoperability for Inventor 2014 (Version: 13.02.15161 - Autodesk) Hidden
Autodesk Vault Basic 2014 (Client) (HKLM\...\Autodesk Vault Basic 2014 (Client)) (Version: 18.0.86.0 - Autodesk)
Autodesk Vault Basic 2014 (Client) (Version: 18.0.86.0 - Autodesk) Hidden
Autodesk Vault Basic 2014 (Client) English Language Pack (Version: 18.0.86.0 - Autodesk) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2170W (HKLM-x32\...\{18F8C7E3-3696-4F9B-82E2-44D1DE574BB5}) (Version: 1.00 - Brother)
calibre (HKLM-x32\...\{75EA944A-4C53-4A0A-8B3B-E195EDAA626C}) (Version: 2.12.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{EA927D74-9D01-4436-89AE-ACF7C893C845}) (Version: 2.3.0 - Kovid Goyal)
Camtasia Studio 8 (HKLM-x32\...\{474DFABF-E55B-4905-ABAA-40791A6AC77F}) (Version: 8.4.4.1859 - TechSmith Corporation)
Cartes du Ciel V3.10 (HKLM-x32\...\{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Circuit Diagram version 2.1 (HKLM\...\{7A2A8C3A-93F9-47D2-8EF4-23D7910099BB}_is1) (Version: 2.1 - Circuit Diagram)
ComicRack v0.9.155 (HKLM\...\ComicRack) (Version: v0.9.155 - cYo Soft)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.43.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DataStudio (HKLM-x32\...\InstallShield_{C1C47F92-0C96-408D-8E18-323F745E8A08}) (Version: 1.9.8.10 - PASCO scientific)
DataStudio (x32 Version: 1.9.8.10 - PASCO scientific) Hidden
discoDSP Discovery v2.6 (HKLM-x32\...\discoDSP Discovery v2.6_is1) (Version: 2.6 - discoDSP)
discoDSP Phantom v1.2 (HKLM-x32\...\discoDSP Phantom v1.2_is1) (Version: 1.2 - discoDSP)
discoDSP Vertigo v2.0 (HKLM-x32\...\vertigo2_is1) (Version: 2.0 - discoDSP)
Dropbox (HKCU\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk) Hidden
Eco Materials Adviser for Autodesk Inventor 2014 (64-bit) (HKLM\...\{530B8614-C5DE-475B-AF6F-71BED461552C}) (Version: 4.4.1.0 - Granta Design Limited)
ESET Smart Security (HKLM\...\{C082CDB9-D173-4740-AE0E-C685E6F44850}) (Version: 8.0.304.0 - ESET, spol s r. o.)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FreeFileSync 6.15 (HKLM-x32\...\FreeFileSync) (Version: 6.15 - www.FreeFileSync.org)
Garmin BaseCamp (HKLM-x32\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.7.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IHMC CmapTools v5.05.01 (HKLM\...\IHMC CmapTools v5.05.01) (Version: 5.0.5.1 - Institute for Human & Machine Cognition)
IK Multimedia Authorization Manager version 1.0.11 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.11 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Minihost Modular (HKLM-x32\...\IL Minihost Modular) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
IL Sytrus (HKLM-x32\...\IL Sytrus) (Version:  - Image-Line)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
LEGO MINDSTORMS NXT - English Language Pack (HKLM-x32\...\{9389A2A7-826F-484C-886C-835D658264C5}) (Version: 2.0.100.0 - The LEGO Group)
LEGO MINDSTORMS NXT Software v2.0 (HKLM-x32\...\{A1902990-45CF-44E2-B01A-88E721EF242B}) (Version: 2.0.132.0 - LEGO)
LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}) (Version: 1.20.115.0 - LEGO)
Lenovo HID HW Radio Driver 1.0.0.58 (HKLM\...\{E5325F32-D15A-4131-B029-4A5B7609E532}_is1) (Version: 1.0.0.58 - Lenovo)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.03.13 - )
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.5.0 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.13 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.1.35 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.85 - Lenovo)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.0.12 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.4 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0034 - Lenovo)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MapSource - Topo Canada v2 (HKLM-x32\...\InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}) (Version: 2.00 - Garmin Ltd. and its subsidiaries)
MapSource - Topo Canada v2 (x32 Version: 2.00 - Garmin Ltd. and its subsidiaries) Hidden
MapSource (HKLM-x32\...\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}) (Version: 5.4 - Garmin Ltd. and its subsidiaries)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Moveslink2 (HKCU\...\09caaf8ee8bfbd57) (Version: 1.3.17.5501 - Suunto)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSM32Installer (HKLM-x32\...\{55A75679-02D1-4C8C-85CA-B4E4DF4D775F}) (Version: 1.0.2 - Cakewalk)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Muon Tau Bassline Mk2 VSTi (HKLM-x32\...\Muon Tau Bassline Mk2 VSTi) (Version:  - )
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 2 DJ Driver (Version: 3.1.0.761 - Native Instruments) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.4.199 - Native Instruments)
Native Instruments Controller Editor (Version: 1.7.4.199 - Native Instruments) Hidden
Native Instruments Electronic Instruments Vol. 2 (HKLM-x32\...\Native Instruments Electronic Instruments Vol. 2) (Version:  - )
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version:  - )
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Service Center (Version: 2.6.0.137 - Native Instruments) Hidden
Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version:  - Native Instruments)
Native Instruments Traktor (Version: 1.2.7.9529 - Native Instruments) Hidden
Native Instruments Traktor Kontrol X1 (HKLM-x32\...\Native Instruments Traktor Kontrol X1) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 (Version: 2.9.4.433 - Native Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.201 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.201 - National Instruments) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
OhmForce Ohmboyz VST2 (HKLM-x32\...\Ohmboyz VST2) (Version:  - )
OhmForce Ohmygod VST2 (HKLM-x32\...\Ohmygod VST2) (Version:  - )
OneNote Ink Eraser (HKLM-x32\...\{9D94999D-95BA-4C14-B2B1-2DECE1DC31EE}) (Version: 1.0.0 - OneNote Power Toys)
Pasco USB Driver (HKLM-x32\...\PascoUSBDriver) (Version:  - )
PascoCommonFiles (HKLM-x32\...\PascoCommonFiles) (Version: 1.1.13 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plogue sforzando v1.669 (HKLM\...\__ARIA_1014___is1) (Version: v1.669 - Plogue)
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.6.5 - Vaclav Slavik)
Project5 Version 2 (HKLM-x32\...\Project5 Version 2) (Version:  - )
Project5 Version 2.5 (HKLM-x32\...\Project5 Version 2.5) (Version:  - )
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
quantum-fx 2 (HKLM-x32\...\db-audioware-quantum-fx-2) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapture 1.0 (HKLM-x32\...\Cakewalk Rapture_is1) (Version: 1.0 - Cakewalk Music Software)
Rapture 1.1 (HKLM\...\Cakewalk Rapture_is1) (Version: 1.1 - Cakewalk Music Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH_Media_Driver_v2.22.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.22.18.01 - RICOH)
SampleTank 2 (HKLM-x32\...\{6559654F-2F38-491F-8411-211517C3E635}) (Version: 2.5.4 - IK Multimedia)
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
Sublime Text Build 3065 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Sync (HKLM-x32\...\{96855E80-23DA-11E2-BDFB-09006188709B}) (Version: 0.8.16.890 - Sync)
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.06 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{68D50088-CE92-4FF0-A220-D875E2E73151}) (Version: 6.0.0.8102 - Authentec Inc.)
Tracker (HKLM-x32\...\OSP Tracker) (Version: 4.86 - Open Source Physics)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for Microsoft en-us Dictionary (Version: 16.1.1467.1 - Microsoft Corporation) Hidden
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - PASCO Scientific (WinUSB) Pasco Interface  (08/14/2008 1.0.0.0) (HKLM\...\AD4AD0F184940E4712E96652A58ADDC47894E622) (Version: 08/14/2008 1.0.0.0 - PASCO Scientific)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinSCP 5.1.2 (HKLM-x32\...\winscp3_is1) (Version: 5.1.2 - Martin Prikryl)
Wipe (HKLM\...\wipe) (Version: 2015.03 - PrivacyRoot.com)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-5 - Bitnami)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.10.2.18 - Zemana Ltd.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 3979.21 MB
Available physical RAM: 2062.96 MB
Total Pagefile: 4939.21 MB
Available Pagefile: 2993.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.92 MB

========================= Partitions: =====================================

1 Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:75.22 GB) NTFS
2 Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:0.72 GB) NTFS

========================= Users: ========================================

User accounts for \\SLUGGO-LENOVO

Administrator            dougw_000                Guest                    


**** End of log ****
 

 

Eset:

C:\Users\dougw_000\Downloads\ccsetup505.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\dougw_000\Downloads\ninja-setup-3.0.6.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\dougw_000\SkyDrive\physicsoflearning\etec533.zip    JS/Kryptik.ALB trojan    deleted - quarantined
C:\Users\dougw_000\SkyDrive\physicsoflearning\pbaventures.zip    JS/Kryptik.ALB trojan    deleted - quarantined
 



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 27 April 2015 - 01:31 PM

Boot into Safe Mode With Networking. The first tool that we will use is Emsisoft Emergency Kit. , download and save the application to your desktop. Right Click the jN5wn3A.png icon and select Run As Administrator. Click on Extract.

YvNQ89G.png

Another similar icon will appear on your desktop, right click this one and Run as Administrator as well. When the program opens then select Update.

g2dQLzX.png

After the update if you see the screen below then select yes.

Qnpw3Dt.png

Now Click on the Scan button, do not start the scan yet.

NWDLpr3.png

Make sure to click yes to detect Pups.

EyL1lzA.jpg

Select the On scan completion button, then quarantine detected objects, then hit OK.

M6NLlEF.png

Now click on the Smart Scan (Recommended)

xqcvGKt.png

Allow the scan to complete. Upon Completion select Quarantine Selected. Make Certain All Items are Ticked

KFlm13h.png

Click OK upon the completion, of the program removing the infected files.

xLHwX5a.png

Reboot if needed to remove infected files, post the log here in your next reply.

 

 

Download Malwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 27 April 2015 - 01:38 PM

You also need to disable windows defender, since you are running windows 8. :)

http://www.eightforums.com/tutorials/21962-windows-defender-turn-off-windows-8-a.html



#8 shmish

shmish
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 28 April 2015 - 11:16 PM

Emisoft didn't seem to want to delete/quarantine the file that it found.  Log:

Emsisoft Emergency Kit - Version 9.0
Last update: 4/28/2015 6:17:09 PM
User account: SLUGGO-LENOVO\dougw_000

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\WINDOWS\, C:\Program Files\, C:\Program Files (x86)\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    4/28/2015 6:22:24 PM
C:\WINDOWS\system32\fonts\     detected: Trojan-Spy.Win32.Agent (A)

Scanned    385444
Found    1

Scan end:    4/28/2015 8:04:40 PM
Scan time:    1:42:16


Quarantined    0


Quarantined    0


Quarantined    0
 

 

MBAR log:

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.28.08
  rootkit: v2015.04.21.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17728
dougw_000 :: SLUGGO-LENOVO [administrator]

4/28/2015 8:20:11 PM
mbar-log-2015-04-28 (20-20-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 439944
Time elapsed: 29 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

MBAR system.log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17728

Java version: 1.6.0_16

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.492000 GHz
Memory total: 4172509184, free: 2099232768

Downloaded database version: v2015.04.28.08
Downloaded database version: v2015.04.21.01
Downloaded database version: v2015.04.22.01
=======================================
------------ Kernel report ------------
     04/28/2015 20:19:51
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\edevmon.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\system32\DRIVERS\tdrpman.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\??\C:\Program Files\ESET\ESET Smart Security\em015_64.dat
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET Smart Security\em006_64.dat
C:\Program Files\ESET\ESET Smart Security\em018_64.dat
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\EpfwLWF.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\system32\DRIVERS\wstbtndb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\??\C:\EEK\bin\a2ddax64.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\system32\DRIVERS\e1i63x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwew00.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\risdxc64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\LnvHIDHW.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\MTConfig.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\epfw.sys
C:\Program Files\ESET\ESET Smart Security\em008_64.dat
\SystemRoot\System32\drivers\WinUsb.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.04.28.08
  rootkit: v2015.04.21.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00143550060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0014354fb20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0014354f040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffe00143550060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe00142596450, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe00141dfa060, DeviceName: \Device\0000002e\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
Volume is encrypted by BITLOCKER
<<<2>>>
<<<3>>>
Volume: C:
Volume is encrypted by BITLOCKER
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F8A9F100

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 2457600
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2459648  Numsec = 602200064

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 604659712  Numsec = 20480000

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 



#9 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 30 April 2015 - 04:42 PM

How are things running now?



#10 shmish

shmish
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 01 May 2015 - 08:54 AM

First of all, thank you for your help.

 

I think my computer is running slower/worse than before.  Startup takes longer (maybe that's the CCleaner startup routine), windows explorer is less responsive, the computer is just generally sluggish.  It seems to me that this is not a malware problem but maybe more of a Windows issue.  Perhaps I just need a fresh install of the OS.

 

If I wanted to, did one of the scanners that I ran save a registry file that I could safely restore?  I think I would prefer to go back to the state I was at before all of the scanning.

 

thanks



#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 AM

Posted 01 May 2015 - 03:18 PM

Nothing I had you run would slow your machine down, lets get you some help from more advanced tools. There is no need to take steps backwards. I have performed these steps on many many machines and you are the first to say it has slowed your machine, there must be something going on in the backround....

 

Follow the instructions in the link below and start a new thread.

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

Please post a link to your new thread here so I can follow it. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users