Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help me fix my computer.remove virus.


  • This topic is locked This topic is locked
8 replies to this topic

#1 liz8200

liz8200

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 27 June 2015 - 03:12 AM

my 8.1 laptop is freezing.  When I use Foxfire or chrome it keeps opening up my gmail as my homepage,i have to keep typing in google before it opens on google.  When  I do a search I'm not getting what I was looking for.  It's looking like this may fail my hard drive.  Heres my logs.  thanks so much. Liz. 

 

 Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by liz8200 at 2015-06-26 04:06:08
Running from C:\Users\liz8200\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1834206891-319191231-1371051150-500 - Administrator - Disabled)
Guest (S-1-5-21-1834206891-319191231-1371051150-501 - Limited - Disabled)
liz8200 (S-1-5-21-1834206891-319191231-1371051150-1001 - Administrator - Enabled) => C:\Users\liz8200
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.00.15.58233 - ABBYY) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Brother MFL-Pro Suite MFC-J4510DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Canon Utilities Uploader for CANON iMAGE GATEWAY Plugin (HKLM-x32\...\Uploader for CANON iMAGE GATEWAY Plugin) (Version: 1.1.3.9 - Canon Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.52.0 - Conexant)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.16.1 - ELAN Microelectronic Corp.)
FaceFilter Studio Brother Edition (HKLM-x32\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 1.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.6 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.6 (x86 en-US)) (Version: 38.0.6 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.6 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.2.612.2012 - Realtek)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.1.4 - Tweaking.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1834206891-319191231-1371051150-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
11-06-2015 17:14:54 Windows Update
18-06-2015 16:56:46 Windows Update
23-06-2015 16:54:23 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-05-06 16:31 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {19B6FCBA-1584-4D11-B58B-E2CDB2362913} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
Task: {2E723DDE-2108-4C99-B16F-BB6D4B5CE7DB} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {394F2696-61F8-4B3A-92BA-E09DF2AA484C} - System32\Tasks\DellPUDCTask => C:\Program Files\Dell\ProductUpdate\DKprodupdate.exe [2012-11-08] ()
Task: {39913741-8939-45E5-B5C4-1D34E5863100} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1834206891-319191231-1371051150-1001
Task: {3D0F3CDB-686A-45C1-B86F-30447223BF6A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {5EEB9B65-DDE0-4C7E-8BA0-ADB1E10BFB5A} - System32\Tasks\{84490BEC-F739-47CC-AF77-F9FCD421E533} => pcalua.exe -a "C:\Program Files (x86)\ChrisPC Free Anonymous Proxy\unins000.exe"
Task: {5F2D90C1-91C2-42FE-B046-E0992DA2A183} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)
Task: {61B160D1-296E-4779-8CC5-95299A4679B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)
Task: {64704F08-185D-4F0D-ADA6-53F8329C2D15} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {66061C07-09A7-435E-AAE1-7080B1C55685} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {7BA3BC8D-4AFD-4F8D-AEFB-C8952A938641} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {7C59C5A5-94C1-4126-8BFA-C1262D54B56B} - System32\Tasks\{54CBAB9B-FC1A-4219-88C2-CF87E75A4B4F} => pcalua.exe -a "C:\Program Files\Dell V520 Series\Install\x64\DKADGinstallgui.exe" -c /u OEMProductName="Dell V520 Series" OEMProductName="Dell V520 Series"
Task: {811F543E-E69F-44B5-A031-046EF5C33837} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-25] (Microsoft Corporation)
Task: {86065D38-42BB-4E6B-AF3C-322D26388C1E} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {88BACBAC-AB06-40A8-879F-82B496BCD939} - System32\Tasks\{C664F757-FF68-46EC-A7D7-D4D5DF9807D8} => pcalua.exe -a "C:\Program Files\My Dell\uninstaller.exe" -c /arp
Task: {89E8285D-632D-4E15-99A7-10BB310C39CE} - System32\Tasks\Google Updater and Installer => C:\Users\liz8200\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {E92194C9-DFE5-4E60-A5D9-03222A7D8572} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-01 01:15 - 2005-04-22 00:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2014-07-21 03:06 - 2013-09-12 12:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-04-26 17:45 - 2014-04-26 17:45 - 00000000 _____ () C:\WINDOWS\SYSTEM32\aticfx32.dll
2015-06-25 03:57 - 2015-06-20 01:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-25 03:57 - 2015-06-20 01:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2014-04-26 17:45 - 2014-04-26 17:45 - 00000000 _____ () C:\WINDOWS\SYSTEM32\igdusc32.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48054982.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48054982.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\liz8200\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Photo Gallery Wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Ginger.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "DKADGmon"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "DKADGmon"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SystemExplorerAutoStart"
HKLM\...\StartupApproved\Run32: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\StartupFolder: => "Epson scanner Registration.lnk"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\Run: => "DKab1err"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\Run: => "CAHeadless"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\Run: => "DKADGmon"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\Run: => "AdobeBridge"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_589F6D75D68862CE5CCD9C393A5E6B2D"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FCDD36B4-2932-45A1-876B-B6CDA5BF0A61}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKabscw.dll
FirewallRules: [{55E2976C-5A1D-47A7-9F0E-54F8989EB9AB}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKabscw.dll
FirewallRules: [{345ADE06-BBDC-42C7-BCB2-33110D2858C2}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGlscn.exe
FirewallRules: [{1CB3C4DA-04D7-4C10-B80F-5D35E37FC7F2}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGlscn.exe
FirewallRules: [{8FAD47F6-70FE-4DE7-98D4-6D8A149883F0}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
FirewallRules: [{B1F539F0-8CB8-41AF-AE10-E59CF582D3F9}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
FirewallRules: [{8B1002DD-DB4C-41DA-AD27-31309F1EFBB7}] => (Allow) C:\Program Files (x86)\Dell\WirelessSetup\DKwpss.exe
FirewallRules: [{C01022C5-577B-47EF-ADC5-22999FFB4F25}] => (Allow) C:\Program Files (x86)\Dell\WirelessSetup\DKwpss.exe
FirewallRules: [{1AB28961-1B61-448E-85D4-AD05DF4D34F5}] => (Allow) C:\Program Files (x86)\Dell\PSU\dkpsu.exe
FirewallRules: [{AF270610-CEC6-43EC-B594-2CA4C3BF7B3C}] => (Allow) C:\Program Files (x86)\Dell\PSU\dkpsu.exe
FirewallRules: [{882BB567-4C1F-46C7-925B-B2DE31AAC64E}] => (Allow) C:\Program Files (x86)\Dell\Status Center\dksmc.exe
FirewallRules: [{30348915-792C-4462-BEEE-EFF76DC80AA3}] => (Allow) C:\Program Files (x86)\Dell\Status Center\dksmc.exe
FirewallRules: [{92901FBE-20DC-4389-AB5B-7AE738009998}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5AB1BDA1-4994-4060-A498-F2C03DB7410E}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKZZZ_32__bc.dll
FirewallRules: [{E79AEE98-2516-4C0E-BCB5-EA7E7B7EBE59}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKZZZ_32__bc.dll
FirewallRules: [{8331FEC6-7856-4521-A806-44116DBA1151}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKzzz_32serv.dll
FirewallRules: [{A564F649-A036-445E-833B-E701F8A749A5}] => (Allow) C:\Program Files (x86)\Dell\Status Center\dksmc.exe
FirewallRules: [{98F48252-B114-4C81-BFC4-6EBEA0130331}] => (Allow) C:\Program Files (x86)\Dell\PSU\dkpsu.exe
FirewallRules: [{A7104BFD-3B41-4D21-BFF8-4A7BFA156AAD}] => (Allow) C:\Program Files (x86)\Dell\PSU\dkpsu.exe
FirewallRules: [{84FBAA86-66A0-4334-A359-995986FA659F}] => (Allow) C:\Program Files (x86)\Dell\WirelessSetup\DKwpss.exe
FirewallRules: [{3924829A-D804-4EB0-BBF7-2DDD2D041857}] => (Allow) C:\Program Files (x86)\Dell\WirelessSetup\DKwpss.exe
FirewallRules: [{FB35AC49-8582-48FB-8513-FD7CA6BAAC92}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
FirewallRules: [{5CEA476F-A670-4BBA-B707-38247883F69D}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
FirewallRules: [{2C3D01BD-0A84-4CC2-8EB6-7A919784EC72}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGlscn.exe
FirewallRules: [{F54FFC38-1A6C-43C1-82AC-3FB4F86BE5BB}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKADGlscn.exe
FirewallRules: [{CBC77441-3514-4CC2-83AA-D676E54718CA}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKabscw.dll
FirewallRules: [{A10E1C5C-4E2B-4777-8E8F-484F8B84A291}] => (Allow) C:\Program Files (x86)\Dell V520 Series\DKabscw.dll
FirewallRules: [{A89DDFD9-25D9-461C-8769-3DEC9A6FE8D3}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKZZZ_32__bc.dll
FirewallRules: [{1C0A55CC-8D56-4A8A-8940-F0AEC74C1F7A}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKZZZ_32__bc.dll
FirewallRules: [{15F32D53-7050-451D-AEAD-889877277336}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKzzz_32serv.dll
FirewallRules: [{C02186AB-AD5C-4301-9E9F-FBDF7E46BBEC}] => (Allow) C:\Program Files (x86)\Dell\NetworkTwain\DKzzz_32serv.dll
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{702CEBBB-4B29-4112-918F-8EB66EB83B87}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{FEF17BD6-56FD-46DC-A04A-D1F71B4D62D9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{AC3EFD41-5141-47A5-95F6-B252589D2B28}C:\users\liz8200\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\liz8200\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{E85CAF6D-A454-434D-8E75-AAA7D506AC68}C:\users\liz8200\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\liz8200\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{726FF238-FAA1-41C2-8D4E-BC5106ABE70B}] => (Block) C:\users\liz8200\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{A94FC350-397F-4A49-9F31-B47877732B06}] => (Block) C:\users\liz8200\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{95E89F7E-CB83-44E9-9B0D-BB0BD0C5EACE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8B0DA15C-4FE0-4E77-A420-D71F430C19E0}] => (Allow) LPort=2869
FirewallRules: [{A3F345BB-FE8B-4A95-BF9D-F330050F2B92}] => (Allow) LPort=1900
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{DD1CEF8E-FD82-405E-9529-37C0CF93E223}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe
FirewallRules: [{FB417FAE-8FC4-4AF0-8F3E-640ABDCAF6C3}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12b\FAXRX.exe
FirewallRules: [{9138A3D6-0873-46C2-B749-277CC41EDB15}] => (Allow) LPort=54925
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{4378F2F5-22C9-4AAA-9868-4D758CCBC000}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{900EAB89-02DD-46A0-AABD-FA2F2DCB6158}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{05F01CCC-4B51-41DC-8DBE-66DD43DA6309}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{68832A79-FE33-4AEB-A7B8-D8005B13F1A5}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{CBE3BACF-3A14-41CD-905C-F4490CA60F07}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{E25D6ECE-CF6A-4B38-BAB0-DA90C24C4164}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{53CF6C4F-1902-49F2-ACD9-92F3B288905E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{71B3B9D8-C969-49A1-8E03-FFE6E0438B8C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{AC58C626-5F95-45A3-8BDC-E00757FC0E58}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{15458B07-0EE9-46BC-ABC2-AACD071415FB}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [TCP Query User{D96083E5-928F-4442-91ED-2688FC747B1B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{159208B2-D95C-4623-94D7-F142AEEC9C3E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2328F5A1-8117-4C50-931A-37AA5BD54D52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{257DD78A-1543-49C4-A4C8-7EEE0C26739C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1948B27F-985C-40B8-9183-DBEB006007C7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/26/2015 03:19:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_64_2.0.50727C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_perf.dll8
 
Error: (06/26/2015 03:19:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
 
Error: (06/25/2015 02:26:57 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_64_2.0.50727C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_perf.dll8
 
Error: (06/25/2015 02:26:57 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
 
Error: (06/20/2015 05:55:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LACOMPUTER)
Description: Activation of app 47482Gr8Escape.Breinbrekers_tdkxbdjykrnnj!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/20/2015 05:53:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: delegate_execute.exe, version: 43.0.2357.81, time stamp: 0x555f5a4e
Faulting module name: delegate_execute.exe, version: 43.0.2357.81, time stamp: 0x555f5a4e
Exception code: 0xc0000005
Fault offset: 0x00029d42
Faulting process id: 0x11bc
Faulting application start time: 0xdelegate_execute.exe0
Faulting application path: delegate_execute.exe1
Faulting module path: delegate_execute.exe2
Report Id: delegate_execute.exe3
Faulting package full name: delegate_execute.exe4
Faulting package-relative application ID: delegate_execute.exe5
 
Error: (06/20/2015 05:50:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ec0
 
Start Time: 01d0ab3e77563016
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\Explorer.EXE
 
Report Id: d519d4b6-1731-11e5-8495-74867a12a53c
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/20/2015 03:06:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (06/20/2015 03:06:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (06/11/2015 04:55:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fc8
 
Start Time: 01d0a476e6c82330
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\Explorer.EXE
 
Report Id: 1fe6e587-107c-11e5-8478-74867a12a53c
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (06/26/2015 03:53:52 AM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT AUTHORITY)
Description: The time service has detected that the system time needs to be  changed by 80723 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->104.41.150.68:123) is working properly.
 
Error: (06/26/2015 03:19:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800736b3: Security Update for Microsoft .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2 for x64-based Systems (KB2978122).
 
Error: (06/26/2015 02:15:20 AM) (Source: DCOM) (EventID: 10010) (User: LACOMPUTER)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (06/25/2015 10:51:07 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
 
Error: (06/25/2015 10:51:07 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (06/25/2015 10:51:07 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (06/25/2015 10:38:35 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
 
Error: (06/25/2015 10:38:35 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (06/25/2015 10:38:35 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (06/25/2015 09:57:49 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
 
 
Microsoft Office:
=========================
Error: (06/26/2015 03:19:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_64_2.0.50727C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_perf.dll8
 
Error: (06/26/2015 03:19:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
 
Error: (06/25/2015 02:26:57 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_64_2.0.50727C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_perf.dll8
 
Error: (06/25/2015 02:26:57 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
 
Error: (06/20/2015 05:55:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LACOMPUTER)
Description: 47482Gr8Escape.Breinbrekers_tdkxbdjykrnnj!App-2147009284
 
Error: (06/20/2015 05:53:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe43.0.2357.81555f5a4edelegate_execute.exe43.0.2357.81555f5a4ec000000500029d4211bc01d0ab3ef77d9374C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\delegate_execute.exe36188dac-1732-11e5-8495-74867a12a53c
 
Error: (06/20/2015 05:50:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17667ec001d0ab3e775630164294967295C:\WINDOWS\Explorer.EXEd519d4b6-1731-11e5-8495-74867a12a53c
 
Error: (06/20/2015 03:06:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
 
Error: (06/20/2015 03:06:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
 
Error: (06/11/2015 04:55:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17667fc801d0a476e6c823304294967295C:\WINDOWS\Explorer.EXE1fe6e587-107c-11e5-8478-74867a12a53c
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-23 15:07:31.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-23 15:07:30.956
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-20 18:33:16.729
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-20 18:33:16.448
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-20 18:33:16.135
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-20 18:33:15.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-20 18:33:15.354
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-20 18:33:12.932
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-20 18:33:12.572
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-20 18:33:12.208
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 29%
Total physical RAM: 8061.27 MB
Available physical RAM: 5663.7 MB
Total Pagefile: 16253.27 MB
Available Pagefile: 13244.24 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:915.55 GB) (Free:656.36 GB) NTFS
Drive d: (KAV) (CDROM) (Total:0.48 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B31A9191)
 
Partition: GPT Partition Type.
 
==================== End of log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by liz8200 (administrator) on LACOMPUTER on 26-06-2015 04:04:42
Running from C:\Users\liz8200\Desktop
Loaded Profiles: liz8200 (Available Profiles: liz8200)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2878728 2014-04-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [DKADGmon] => C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe [951656 2012-11-08] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\MountPoints2: {c346b174-ce09-11e2-be66-806e6f6e6963} - "D:\autorun.exe" 
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\...\MountPoints2: {c477fba1-5ea8-11e3-beec-606c668a232e} - "E:\DVAP.exe" 
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-06-25]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1834206891-319191231-1371051150-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1834206891-319191231-1371051150-1001 -> {16F1C565-F9B8-4C4E-941F-DFF4E10CA2FC} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-06-26] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-25] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-25] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-06-26] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.33.1
 
FireFox:
========
FF ProfilePath: C:\Users\liz8200\AppData\Roaming\Mozilla\Firefox\Profiles\yitvtpf3.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-25] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-25] ()
FF Plugin-x32: @canon.com/UCPlugin -> C:\Program Files (x86)\Canon\Uploader for CANON iMAGE GATEWAY Plugin\\npUploaderForCiG.dll [2014-02-14] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-04-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-04-07] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-06-26] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-06-26] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-06-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-06-26]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2015-06-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-09]
CHR Extension: (Solitaire) - C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2014-12-14]
CHR Extension: (Adblock Plus) - C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-03]
CHR Extension: (Gingko App) - C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgfhngpppagnmfjocmhlioockncfgjn [2014-12-14]
CHR Extension: (Handcraft) - C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgpklhhhiiafnocfiikcpffkogjkdmki [2014-10-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Solitaire) - C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbhppfbabandkdmgjmifahoabeodiep [2014-12-14]
CHR Extension: (Google Drawings) - C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2014-10-03]
CHR Extension: (Google Wallet) - C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-03]
CHR Extension: (draw.io Pro) - C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlkggianjhjenigcpigpjehhpplldkc [2014-10-03]
CHR Extension: (The Outliner of Giants) - C:\Users\liz8200\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgooeakhpabfakhgeffedillidofnbcf [2014-12-14]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S4 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-06] (Conexant Systems, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2014-12-31] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10752 2013-08-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [50688 2014-06-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [46080 2014-06-21] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-12-31] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [9000256 2012-08-23] (Intel Corporation) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2015-06-26] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2015-06-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2014-12-31] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3346912 2013-10-31] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-18] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-26 04:04 - 2015-06-26 04:05 - 00032410 _____ C:\Users\liz8200\Desktop\FRST.txt
2015-06-26 03:08 - 2015-06-26 03:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-06-26 02:10 - 2015-06-26 02:10 - 00001157 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-06-26 02:10 - 2015-06-26 02:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-06-26 02:10 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-06-26 02:09 - 2015-06-26 03:23 - 00771272 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-06-26 02:09 - 2015-06-26 03:23 - 00142344 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2015-06-26 02:09 - 2015-06-26 03:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-26 02:09 - 2015-06-26 02:09 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-06-26 02:09 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
2015-06-25 04:28 - 2015-06-25 04:27 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-06-25 03:55 - 2015-06-25 03:55 - 00002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-06-25 03:55 - 2015-06-25 03:55 - 00002291 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-06-25 03:55 - 2015-06-25 03:55 - 00000000 ____D C:\Users\liz8200\AppData\Local\WinZip
2015-06-25 03:55 - 2015-06-25 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-06-25 03:55 - 2015-06-25 03:55 - 00000000 ____D C:\Program Files\WinZip
2015-06-25 03:02 - 2015-06-25 03:02 - 00003662 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-06-25 03:02 - 2015-06-25 03:02 - 00002177 _____ C:\Users\liz8200\Desktop\Tweaking.com - Windows Repair.lnk
2015-06-25 03:02 - 2015-06-25 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-24 19:52 - 2015-06-24 19:52 - 00000413 _____ C:\Users\liz8200\Desktop\CD Drive - Shortcut (2).lnk
2015-06-23 16:43 - 2015-06-23 16:43 - 00000000 ____D C:\Users\liz8200\Desktop\beach resized
2015-06-20 18:30 - 2015-06-23 15:26 - 00000000 ____D C:\Users\liz8200\Desktop\tIFF
2015-06-20 17:42 - 2015-06-25 21:13 - 00000000 ____D C:\Users\liz8200\Desktop\2015-06-19
2015-06-20 17:16 - 2015-06-20 17:16 - 02244096 _____ C:\Users\liz8200\Desktop\adwcleaner_4.207.exe
2015-06-20 04:19 - 2015-06-20 04:19 - 01401485 _____ C:\Users\liz8200\Elizabeth Armstrong Medications February 24.docx - lizarmstrong0@gmail.com - Gmail.html
2015-06-20 04:19 - 2015-06-20 04:19 - 00000000 ____D C:\Users\liz8200\Elizabeth Armstrong Medications February 24.docx - lizarmstrong0@gmail.com - Gmail_files
2015-06-11 18:35 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-11 18:35 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-11 18:35 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-11 18:35 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-11 18:35 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-11 18:35 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-11 18:35 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-11 18:35 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-11 18:35 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-11 18:35 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-11 18:35 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-11 18:35 - 2015-04-08 18:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-11 18:35 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-11 18:35 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-11 18:35 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-11 18:35 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-11 18:35 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-11 18:35 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-11 18:35 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-11 18:35 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-11 18:35 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-11 18:35 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-11 18:35 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-11 18:35 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-11 18:35 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-11 18:35 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-11 18:35 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-11 18:35 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-11 18:35 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-11 18:35 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-11 18:35 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-11 18:35 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-11 18:35 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-11 18:35 - 2014-10-28 22:48 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2015-06-11 18:35 - 2014-10-28 22:42 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdmat.dll
2015-06-11 18:35 - 2014-10-28 22:34 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rgb9rast.dll
2015-06-11 18:35 - 2014-10-28 22:34 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\uniplat.dll
2015-06-11 18:35 - 2014-10-28 22:24 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2015-06-11 18:35 - 2014-10-28 22:00 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2015-06-11 18:35 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdmat.dll
2015-06-11 18:35 - 2014-10-28 21:51 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uniplat.dll
2015-06-11 18:35 - 2014-10-28 21:43 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2015-06-11 18:35 - 2014-10-28 21:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2015-06-11 18:35 - 2014-10-28 21:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2015-06-11 18:35 - 2014-10-28 20:57 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-06-11 18:35 - 2014-10-28 20:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2015-06-11 18:35 - 2014-10-28 20:56 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2015-06-11 18:35 - 2014-10-28 20:46 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2015-06-11 18:35 - 2014-10-28 20:45 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2015-06-11 18:35 - 2014-10-28 20:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2015-06-11 18:35 - 2014-10-07 02:54 - 00189248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2015-06-11 18:34 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-11 18:34 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-11 18:34 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-11 18:34 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-11 18:34 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-11 18:34 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-11 18:34 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-11 18:34 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-11 18:34 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-11 18:34 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-11 18:34 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-11 18:34 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-11 18:34 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-11 18:34 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-11 18:34 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-11 18:34 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-11 18:34 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-11 18:34 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-11 18:34 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-11 18:34 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-11 18:34 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-11 18:34 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-11 18:34 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-11 18:34 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-11 18:34 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-11 18:34 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-11 18:34 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-11 18:34 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-11 18:34 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-11 18:34 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-11 18:34 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-11 18:34 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-11 18:34 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-11 18:34 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-11 18:34 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-11 18:34 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-11 18:34 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-11 18:34 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-11 18:34 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-11 18:34 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-11 15:25 - 2015-06-11 15:25 - 00000000 ____D C:\Users\liz8200\Desktop\new logssss
2015-06-10 17:16 - 2015-06-10 17:19 - 00000000 ____D C:\Users\liz8200\Desktop\june2015
2015-06-10 16:38 - 2015-06-10 17:05 - 00000000 ____D C:\Users\liz8200\Desktop\may20015pic
2015-06-09 00:58 - 2015-06-09 01:04 - 00000000 ____D C:\Users\liz8200\Desktop\TREES ACROSS THE STREET
2015-06-06 20:04 - 2015-06-06 20:05 - 1080708496 _____ C:\Users\liz8200\Desktop\2015-05-25-Recovered.psd
2015-06-06 20:00 - 2015-06-23 15:18 - 00000000 ____D C:\Users\liz8200\Desktop\2015-06-06
2015-06-06 15:42 - 2015-06-06 15:42 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-06 15:42 - 2015-06-06 15:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-06 15:42 - 2015-06-06 15:42 - 00002069 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-06 14:52 - 2015-06-06 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
2015-06-06 14:52 - 2015-06-06 15:16 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2015-06-06 13:03 - 2015-06-06 13:04 - 00123857 _____ C:\Users\liz8200\Desktop\displayDocument.aspx
2015-06-06 00:51 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-06 00:51 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-06 00:51 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-06 00:51 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-06 00:51 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-06 00:51 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-06 00:51 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-06 00:51 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-02 04:14 - 2015-06-24 19:45 - 00000000 ____D C:\Users\liz8200\Desktop\New folder (4)
2015-06-02 01:33 - 2015-06-02 01:33 - 23917768 _____ C:\Users\liz8200\Desktop\2015-05-25.tif
2015-06-01 22:08 - 2015-06-01 22:08 - 00000000 ____D C:\Users\liz8200\AppData\Local\GWX
2015-05-29 06:45 - 2015-05-29 06:55 - 00000000 ____D C:\Users\liz8200\Desktop\night photos
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-26 04:04 - 2015-03-24 03:48 - 00000000 ____D C:\FRST
2015-06-26 04:04 - 2015-02-17 04:07 - 00000000 ____D C:\Users\liz8200\Desktop\FRST-OlderVersion
2015-06-26 04:04 - 2015-02-03 19:15 - 02112512 _____ (Farbar) C:\Users\liz8200\Desktop\FRST64.exe
2015-06-26 04:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-26 03:58 - 2015-05-24 05:14 - 00003614 _____ C:\WINDOWS\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-1834206891-319191231-1371051150-1001
2015-06-26 03:46 - 2014-10-31 00:16 - 01607904 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-26 03:38 - 2013-09-22 00:41 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-26 03:26 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-26 03:19 - 2015-05-24 21:06 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1834206891-319191231-1371051150-1001
2015-06-26 03:14 - 2014-12-19 10:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-26 02:10 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-26 02:09 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2015-06-26 02:04 - 2014-10-03 01:32 - 00000000 ____D C:\Users\liz8200\AppData\Roaming\ClassicShell
2015-06-25 21:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-25 20:52 - 2013-09-22 00:41 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-25 20:51 - 2014-10-03 01:39 - 00002277 _____ C:\Users\liz8200\Desktop\Google Chrome.lnk
2015-06-25 20:49 - 2014-12-31 05:18 - 00069066 _____ C:\WINDOWS\DtcInstall.log
2015-06-25 20:49 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-25 04:42 - 2015-03-13 02:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-25 04:42 - 2014-10-31 11:51 - 00645936 _____ C:\WINDOWS\PFRO.log
2015-06-25 04:40 - 2014-06-05 01:51 - 00000000 ____D C:\AdwCleaner
2015-06-25 04:38 - 2014-12-31 05:40 - 00000000 ____D C:\Users\liz8200\Desktop\logss
2015-06-25 04:29 - 2012-07-26 01:37 - 00000000 ____D C:\Users\Default.migrated
2015-06-25 04:27 - 2014-10-22 00:12 - 00000000 ____D C:\Program Files\Java
2015-06-25 03:56 - 2015-05-17 02:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-25 03:56 - 2014-11-04 03:47 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-25 03:56 - 2014-11-04 03:47 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-25 03:55 - 2014-12-05 00:01 - 00000000 ____D C:\ProgramData\WinZip
2015-06-25 03:51 - 2014-12-19 10:55 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-25 02:29 - 2013-12-10 21:51 - 00000000 ____D C:\Users\liz8200
2015-06-25 02:29 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-25 02:28 - 2013-07-31 03:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-25 02:18 - 2013-07-05 19:32 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-24 19:06 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-23 15:11 - 2014-06-03 02:35 - 00000000 ____D C:\Users\liz8200\Desktop\photos
2015-06-23 15:02 - 2015-03-01 05:38 - 00000000 ____D C:\Users\liz8200\Desktop\Englewood buildings
2015-06-20 17:40 - 2013-09-30 00:04 - 00807844 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-20 17:36 - 2015-04-10 02:37 - 00000000 ____D C:\Users\liz8200\Desktop\frst
2015-06-20 05:54 - 2014-07-15 03:44 - 00000000 ____D C:\Users\liz8200\AppData\Local\CrashDumps
2015-06-20 03:39 - 2014-12-22 02:54 - 00002058 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-06-20 03:39 - 2014-12-22 02:54 - 00002048 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-06-20 03:39 - 2014-12-22 02:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-20 02:53 - 2013-08-22 10:44 - 05186112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-19 23:02 - 2015-05-14 13:27 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 23:02 - 2015-05-14 13:27 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 00:03 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-17 16:22 - 2013-08-22 09:25 - 01310720 ___SH C:\WINDOWS\system32\config\BBI
2015-06-12 01:32 - 2014-11-06 00:40 - 00018424 _____ C:\WINDOWS\setupact.log
2015-06-08 15:03 - 2015-04-20 16:14 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-08 15:03 - 2015-04-20 16:14 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-06 20:16 - 2014-11-22 05:39 - 00001456 _____ C:\Users\liz8200\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-06 20:16 - 2014-03-18 15:13 - 00000000 ____D C:\Users\liz8200\Desktop\Cregs
2015-06-06 15:45 - 2013-12-16 05:59 - 00000000 ____D C:\Users\liz8200\Desktop\liz's stuff
2015-06-06 15:44 - 2014-08-15 18:58 - 00000000 ____D C:\Users\liz8200\AppData\Local\Adobe
2015-06-06 15:42 - 2014-10-03 00:49 - 00000000 ____D C:\ProgramData\Adobe
2015-06-06 15:42 - 2013-07-05 19:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-03 12:12 - 2014-12-21 17:08 - 00000000 ____D C:\Users\liz8200\Desktop\All E-bay
2015-06-03 03:23 - 2015-05-17 02:46 - 00000000 ____D C:\Users\liz8200\Desktop\2nd alzheimers
2015-06-02 04:59 - 2015-05-26 17:24 - 00000000 ____D C:\Users\liz8200\Desktop\2015-05-25
2015-06-01 13:25 - 2015-04-12 11:13 - 00000000 ____D C:\Users\liz8200\Desktop\CNA 2015 CEUs
2015-05-30 00:42 - 2013-12-10 22:50 - 00000000 ____D C:\Users\liz8200\AppData\Local\Deployment
2015-05-30 00:35 - 2013-06-30 00:19 - 00008359 _____ C:\WirelessDiagLog.csv
 
==================== Files in the root of some directories =======
 
2014-11-22 05:39 - 2015-06-06 20:16 - 0001456 _____ () C:\Users\liz8200\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-05 19:20 - 2014-08-18 00:13 - 0114151 _____ () C:\Users\liz8200\AppData\Local\ars.cache
2014-03-05 19:20 - 2014-08-18 00:13 - 1356279 _____ () C:\Users\liz8200\AppData\Local\census.cache
2014-03-05 19:01 - 2014-03-05 19:01 - 0000036 _____ () C:\Users\liz8200\AppData\Local\housecall.guid.cache
2013-06-29 04:09 - 2014-08-05 04:44 - 0007631 _____ () C:\Users\liz8200\AppData\Local\Resmon.ResmonCfg
2014-04-26 17:38 - 2014-08-18 00:08 - 0000010 _____ () C:\Users\liz8200\AppData\Local\sponge.last.runtime.cache
2013-09-28 15:03 - 2013-09-28 15:05 - 0030794 _____ () C:\Users\liz8200\AppData\Local\WiDiSetupLog.20130928.140351.txt
2013-06-05 14:43 - 2013-06-05 14:44 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-05 14:39 - 2013-06-05 14:40 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-05 14:40 - 2013-06-05 14:42 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-06-05 14:38 - 2013-06-05 14:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-05 14:42 - 2013-06-05 14:43 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some files in TEMP:
====================
C:\Users\liz8200\AppData\Local\Temp\Quarantine.exe
C:\Users\liz8200\AppData\Local\Temp\sqlite3.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\aticfx32.dll
C:\Windows\System32\atidxx32.dll
C:\Windows\System32\atiuxpag.dll
C:\Windows\System32\igd10iumd32.dll
C:\Windows\System32\igdusc32.dll
C:\Windows\System32\olepro32.dll
C:\Windows\System32\VDMDBG.DLL
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-25 21:35
 
==================== End of log ============================
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 AM

Posted 01 July 2015 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

If the problem persists please run this tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#3 liz8200

liz8200
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 05 July 2015 - 05:19 AM

    Attached File  Addition.txt   39.72KB   1 downloads



#4 liz8200

liz8200
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 05 July 2015 - 05:46 AM

I CANT PASTeAttached File  hijackthis.log   6.51KB   2 downloads THE FILES.  My computer is freezing over, 5 opened chrome.  I cant get my virous  protection on.  I did both resets on the browsers, seems like it could worst. I can still try the other program you said to use.  Its freezing so much i dont know it will open.        My hijckt his is really crazy.  thank for your help. Liz

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 AM

Posted 05 July 2015 - 07:18 AM


The HijackThis tool is not ready for Windows 8.
It's reporting false positive.
I recommend you remove it using the Add/Remove Programs applet.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

EmptyTemp:
CloseProcesses:

FF user.js: detected! => C:\Users\liz8200\AppData\Roaming\Mozilla\Firefox\Profiles\yitvtpf3.default\user.js [2015-06-26]
Task: {66061C07-09A7-435E-AAE1-7080B1C55685} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {86065D38-42BB-4E6B-AF3C-322D26388C1E} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
C:\Program Files (x86)\Pro PC Cleaner

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

If the problem persists with Chrome and Firefox continue.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Before proceeding save your Bookmarks.
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
<<<>>>

Keep me posted.

#6 liz8200

liz8200
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:07:07 AM

Posted 06 July 2015 - 02:13 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:04-07-2015
Ran by liz8200 at 2015-07-05 04:36:11 Run:8
Running from C:\Users\liz8200\Desktop
Loaded Profiles: liz8200 (Available Profiles: liz8200)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
EmptyTemp:
CloseProcesses:
 
FF user.js: detected! => C:\Users\liz8200\AppData\Roaming\Mozilla\Firefox\Profiles\yitvtpf3.default\user.js [2015-06-26]
Task: {66061C07-09A7-435E-AAE1-7080B1C55685} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {86065D38-42BB-4E6B-AF3C-322D26388C1E} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
C:\Program Files (x86)\Pro PC Cleaner
 
End
*****************
 
Processes closed successfully.
C:\Users\liz8200\AppData\Roaming\Mozilla\Firefox\Profiles\yitvtpf3.default\user.js => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66061C07-09A7-435E-AAE1-7080B1C55685}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66061C07-09A7-435E-AAE1-7080B1C55685}" => key removed successfully
C:\Windows\System32\Tasks\ProPCCleaner_Start => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86065D38-42BB-4E6B-AF3C-322D26388C1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86065D38-42BB-4E6B-AF3C-322D26388C1E}" => key removed successfully
C:\Windows\System32\Tasks\ProPCCleaner_Popup => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key removed successfully
"C:\Program Files (x86)\Pro PC Cleaner" => File/Folder not found.
EmptyTemp: => 8.9 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 04:36:48 ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 AM

Posted 06 July 2015 - 08:38 AM

How is the computer running now?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 AM

Posted 12 July 2015 - 06:54 AM


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 AM

Posted 12 July 2015 - 06:54 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users