Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads Pop-Up Whenever I click in infected sites - blue circle


  • This topic is locked This topic is locked
11 replies to this topic

#1 RAGG

RAGG

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 03 July 2015 - 11:20 AM

I'm having an issue where I'm getting ads that pop up in a separate window on a few websites with IE and Firefox whenever I click within those sites.  I've also

noticed a blue spinning circle to the right of the cursor mouse arrow that I think may be related to the issue.  I have run the following list of suggestions to clean

electronic junk/temp files and various malware removal software that has found some things but the issue still happens.  Thanks

 

http://www.bleepingcomputer.com/forums/t/581305/ads-pop-up-whenever-a-link-is-opened-another-user/

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:07 PM

Posted 06 July 2015 - 08:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#3 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 06 July 2015 - 08:13 PM

still behaving the same way with ads in IE and Firefox

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by RichardGentry on Mon 07/06/2015 at 18:32:21.85.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\RichardGentry\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

7/6/2015 6:37:16 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\MicroWorld deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\ZoomBrowser deleted successfully
C:\Users\RichardGentry\AppData\Local\Adobe deleted successfully
C:\Users\RichardGentry\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3746683574-341478895-3308312309-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\Yahoo! deleted
C:\AdwCleaner.exe deleted
C:\AVSMediaPlayer.exe deleted
C:\ComboFix.exe deleted
C:\HitmanPro_x64.exe deleted
C:\JRT.exe deleted
C:\mbam-setup-1.70.0.1100.exe deleted
C:\msgr9us.exe deleted
C:\RunSanDiskSecureAccess_Win.exe deleted
C:\Users\RichardGentry\AppData\Roaming\ZoomBrowser EX deleted
C:\Users\RichardGentry\AppData\Roaming\Yahoo! deleted
C:\Users\RichardGentry\AppData\Roaming\ProductData deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\ProductData deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\RichardGentry\ZHPCleaner.exe deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\RICHAR~1\AppData\Roaming\Mozilla\Firefox\Profiles\rhys4xe0.default-1436221156691
user_pref("browser.startup.homepage", "google.com");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\RichardGentry\AppData\Roaming\Mozilla\Firefox\Profiles\rhys4xe0.default-1436221156691
2820FF3A306D6AEB8BFBBB753BD83EBE    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll -    Shockwave Flash


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{6A29FAB2-1B2F-430A-B6DB-B09269940206} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3746683574-341478895-3308312309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A29FAB2-1B2F-430A-B6DB-B09269940206} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A29FAB2-1B2F-430A-B6DB-B09269940206} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Maintance deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Companion deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\RichardGentry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\RichardGentry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\RichardGentry\AppData\Local\Mozilla\Firefox\Profiles\rhys4xe0.default-1436221156691\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=5 143574404 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\RichardGentry\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\RICHAR~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 07/06/2015 at 18:53:48.56 ======================
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:07 PM

Posted 07 July 2015 - 07:29 AM

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

#5 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 07 July 2015 - 12:28 PM

adwcleaner found nothing...

 

# AdwCleaner v4.207 - Logfile created 07/07/2015 at 12:20:48
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : RichardGentry - RICHARDSDELL
# Running from : C:\Users\RichardGentry\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2782 bytes] - [07/06/2015 11:52:13]
AdwCleaner[R1].txt - [1012 bytes] - [11/06/2015 15:36:48]
AdwCleaner[R2].txt - [1131 bytes] - [11/06/2015 16:43:12]
AdwCleaner[R3].txt - [1100 bytes] - [15/06/2015 11:47:14]
AdwCleaner[R4].txt - [1218 bytes] - [16/06/2015 18:56:04]
AdwCleaner[R5].txt - [1336 bytes] - [17/06/2015 11:23:59]
AdwCleaner[R6].txt - [1425 bytes] - [22/06/2015 15:03:56]
AdwCleaner[R7].txt - [1544 bytes] - [26/06/2015 20:31:52]
AdwCleaner[R8].txt - [1603 bytes] - [29/06/2015 18:54:02]
AdwCleaner[R9].txt - [1168 bytes] - [07/07/2015 12:20:48]
AdwCleaner[S0].txt - [2582 bytes] - [07/06/2015 11:55:10]
AdwCleaner[S1].txt - [1095 bytes] - [11/06/2015 15:59:35]
AdwCleaner[S2].txt - [1149 bytes] - [11/06/2015 16:45:57]
AdwCleaner[S3].txt - [1165 bytes] - [15/06/2015 11:48:29]
AdwCleaner[S4].txt - [1283 bytes] - [16/06/2015 18:57:45]
AdwCleaner[S5].txt - [1490 bytes] - [22/06/2015 15:04:44]
AdwCleaner[S6].txt - [1667 bytes] - [29/06/2015 18:55:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R9].txt - [1640 bytes] ##########
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:07 PM

Posted 07 July 2015 - 01:00 PM

Good.

Do the next tool.

#7 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 07 July 2015 - 06:53 PM

still getting ads popping up after farbar recovery scan tool 64 bit

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by RichardGentry (administrator) on RICHARDSDELL on 07-07-2015 12:44:07
Running from C:\Users\RichardGentry\Downloads
Loaded Profiles: RichardGentry (Available Profiles: RichardGentry)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12235120 2015-06-30] (Zemana Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3746683574-341478895-3308312309-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3746683574-341478895-3308312309-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3746683574-341478895-3308312309-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-03-03] (IObit)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-02] (Qualcomm®Atheros®)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8A1D4329-E53A-416A-B216-BEB7C48D6EE7}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\RichardGentry\AppData\Roaming\Mozilla\Firefox\Profiles\rhys4xe0.default-1436221156691
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-01] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows ® Win 7 DDK provider) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-16] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-03-03] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [164600 2015-06-28] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [81168 2015-05-17] (Reason Software Company Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-08-19] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12235120 2015-06-30] (Zemana Ltd.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-06-22] (BitDefender S.R.L.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [108920 2015-07-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [108920 2015-07-01] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 12:44 - 2015-07-07 12:44 - 00013794 _____ C:\Users\RichardGentry\Downloads\FRST.txt
2015-07-07 12:43 - 2015-07-07 12:44 - 00000000 ____D C:\FRST
2015-07-07 12:39 - 2015-07-07 12:39 - 02112512 _____ (Farbar) C:\Users\RichardGentry\Downloads\FRST64.exe
2015-07-07 10:56 - 2015-07-07 12:18 - 00000000 ____D C:\Users\RichardGentry\AppData\Local\CrashDumps
2015-07-07 10:42 - 2015-07-07 12:16 - 00031940 ____N C:\Windows\WindowsUpdate.log
2015-07-06 18:54 - 2015-07-06 18:54 - 00000000 ____D C:\Users\RichardGentry\AppData\Roaming\ProductData
2015-07-06 18:47 - 2015-07-06 18:32 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-06 18:37 - 2015-07-06 18:53 - 00008508 _____ C:\zoek-results.log
2015-07-06 18:32 - 2015-07-06 18:45 - 00000000 ____D C:\zoek_backup
2015-07-06 18:29 - 2015-07-06 18:29 - 01308672 _____ C:\Users\RichardGentry\Downloads\zoek.exe
2015-07-03 12:58 - 2015-07-05 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-07-01 10:46 - 2015-07-01 11:56 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-01 10:46 - 2015-07-01 10:46 - 00002902 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_RichardGentry
2015-07-01 10:45 - 2015-07-01 10:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-01 10:45 - 2015-07-01 10:45 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-07-01 10:45 - 2015-07-01 10:45 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-01 10:16 - 2015-07-06 17:19 - 00000000 ____D C:\Users\RichardGentry\Desktop\Old Firefox Data
2015-07-01 09:47 - 2015-07-01 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-06-30 15:08 - 2015-07-06 15:12 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-06-30 15:08 - 2015-06-30 15:09 - 00000000 ____D C:\Users\RichardGentry\AppData\Roaming\PCDr
2015-06-30 15:08 - 2015-06-30 15:08 - 00000000 ____D C:\ProgramData\PCDr
2015-06-30 14:00 - 2015-06-30 14:00 - 00000480 _____ C:\Users\RichardGentry\Desktop\ESETScan2.txt
2015-06-30 11:49 - 2015-07-02 11:57 - 00000000 ____D C:\Users\RichardGentry\AppData\Roaming\ZHP
2015-06-29 17:29 - 2015-06-29 17:29 - 00000972 _____ C:\Users\RichardGentry\Desktop\JRT.txt
2015-06-29 16:14 - 2015-06-29 16:14 - 00000000 ____D C:\Windows\rundll16.exe
2015-06-29 16:14 - 2015-06-29 16:14 - 00000000 ____D C:\Windows\logo1_.exe
2015-06-29 16:03 - 2015-06-29 16:03 - 158158304 _____ C:\Users\RichardGentry\Downloads\mwav(1).exe
2015-06-29 15:41 - 2015-06-29 15:41 - 00000000 ____D C:\Users\RichardGentry\AppData\Local\Macromedia
2015-06-29 15:21 - 2015-06-29 15:21 - 00062456 _____ C:\Users\RichardGentry\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-29 15:15 - 2015-06-29 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
2015-06-29 15:13 - 2015-06-29 15:13 - 00546456 _____ (www.privacyroot.com) C:\Users\RichardGentry\Downloads\setup_wipe(1).exe
2015-06-28 22:48 - 2015-06-28 23:09 - 00000000 ____D C:\Users\RichardGentry\Desktop\mbar
2015-06-28 22:44 - 2015-06-28 22:45 - 16502728 _____ (Malwarebytes Corp.) C:\Users\RichardGentry\Downloads\mbar-1.09.1.1004.exe
2015-06-28 22:06 - 2015-06-28 22:06 - 00000936 _____ C:\Users\Public\Desktop\Removal Tool.lnk
2015-06-28 22:06 - 2015-06-28 22:06 - 00000000 ____D C:\Users\RichardGentry\AppData\Roaming\9-lab
2015-06-28 22:06 - 2015-06-28 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-06-28 22:06 - 2015-06-28 22:06 - 00000000 ____D C:\ProgramData\9-lab
2015-06-28 22:06 - 2015-06-28 22:06 - 00000000 ____D C:\Program Files\9-lab
2015-06-28 22:05 - 2015-06-28 22:05 - 06254992 _____ C:\Users\RichardGentry\Downloads\rmtool-setup-x64.exe
2015-06-28 20:57 - 2015-06-28 20:57 - 00001035 _____ C:\Users\Public\Desktop\Crystal Security.lnk
2015-06-28 20:57 - 2015-06-28 20:57 - 00000000 ____D C:\Users\RichardGentry\AppData\Roaming\Crystal Security
2015-06-28 20:57 - 2015-06-28 20:57 - 00000000 ____D C:\Program Files (x86)\Crystal Security
2015-06-28 20:55 - 2015-06-28 20:55 - 00802816 _____ C:\Users\RichardGentry\Downloads\crystal_security_3.5.0.129_setup.msi
2015-06-28 20:20 - 2015-06-28 20:20 - 00003558 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2015-06-28 20:20 - 2015-06-28 20:20 - 00003460 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2015-06-28 20:20 - 2015-06-28 20:20 - 00000000 ____D C:\ProgramData\Reason
2015-06-28 20:18 - 2015-06-28 20:18 - 00000913 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2015-06-28 20:18 - 2015-06-28 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2015-06-28 20:18 - 2015-06-28 20:18 - 00000000 ____D C:\Program Files\Reason
2015-06-28 20:16 - 2015-06-28 20:16 - 04151848 _____ (Reason Software Company Inc.) C:\Users\RichardGentry\Downloads\reason-core-security-setup.exe
2015-06-28 20:09 - 2015-06-28 20:09 - 00001466 _____ C:\ESETScan.txt
2015-06-28 19:14 - 2015-06-28 19:14 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-28 19:13 - 2015-06-28 19:13 - 02870984 _____ (ESET) C:\Users\RichardGentry\Downloads\esetsmartinstaller_enu.exe
2015-06-28 18:56 - 2015-06-30 12:38 - 00033906 _____ C:\Users\RichardGentry\Downloads\Result.txt
2015-06-28 18:50 - 2015-06-28 18:50 - 01005568 _____ (Farbar) C:\Users\RichardGentry\Downloads\MiniToolBox.exe
2015-06-28 18:44 - 2015-06-28 18:44 - 00852662 _____ C:\Users\RichardGentry\Downloads\SecurityCheck.exe
2015-06-28 17:52 - 2015-06-30 12:19 - 00001210 _____ C:\Users\RichardGentry\Desktop\ZHPCleaner.txt
2015-06-28 17:15 - 2015-06-28 17:16 - 01843712 _____ C:\Users\RichardGentry\Downloads\ZHPCleaner.exe
2015-06-28 16:38 - 2015-06-30 13:51 - 00000000 ____D C:\Program Files\Adware-Removal-Tool
2015-06-28 16:38 - 2015-06-30 11:39 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-06-28 16:36 - 2015-06-28 16:37 - 00753184 _____ C:\Users\RichardGentry\Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-06-28 04:41 - 2015-06-28 04:41 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2015-06-27 11:39 - 2015-06-27 11:39 - 00001239 _____ C:\Users\RichardGentry\Desktop\AVS Video Converter.lnk
2015-06-27 11:35 - 2015-06-27 11:35 - 87075464 _____ (Online Media Technologies Ltd. ) C:\Users\RichardGentry\Downloads\AVSMediaPlayer.exe
2015-06-26 11:04 - 2015-06-26 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-26 11:04 - 2015-06-26 11:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-26 11:04 - 2015-06-26 11:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-26 11:03 - 2015-06-26 11:03 - 13095136 _____ (Microsoft Corporation) C:\Users\RichardGentry\Downloads\Silverlight_x64.exe
2015-06-22 15:02 - 2015-06-22 15:02 - 02244096 _____ C:\Users\RichardGentry\Downloads\AdwCleaner.exe
2015-06-22 14:49 - 2015-06-22 14:49 - 02950454 _____ (Thisisu) C:\Users\RichardGentry\Downloads\JRT.exe
2015-06-22 14:04 - 2015-07-01 11:42 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-06-22 14:04 - 2015-07-01 09:48 - 00108920 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2015-06-22 14:04 - 2015-07-01 09:47 - 00001078 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2015-06-22 14:03 - 2015-07-01 09:46 - 00108920 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2015-06-22 14:03 - 2015-06-22 14:03 - 00000000 ____D C:\Users\RichardGentry\AppData\Local\Zemana
2015-06-22 14:00 - 2015-06-22 14:00 - 05013792 _____ ( ) C:\Users\RichardGentry\Downloads\Zemana.AntiMalware.Setup.exe
2015-06-22 13:50 - 2015-06-22 13:50 - 00013244 _____ C:\MWAV.LOG
2015-06-22 13:21 - 2015-06-22 13:21 - 00000000 ____D C:\Windows\VDLL.DLL
2015-06-22 13:21 - 2015-06-22 13:21 - 00000000 ____D C:\Windows\SysWOW64\runouce.exe
2015-06-22 13:21 - 2015-06-22 13:21 - 00000000 ____D C:\Windows\RUNDL132.EXE
2015-06-22 13:21 - 2015-06-22 13:21 - 00000000 ____D C:\Windows\logo_1.exe
2015-06-22 13:21 - 2015-06-22 13:21 - 00000000 ____D C:\Users\RichardGentry\Downloads\TempBK
2015-06-22 13:17 - 2015-06-29 16:10 - 00000056 _____ C:\Windows\Lic.xxx
2015-06-22 13:16 - 2015-06-22 13:16 - 00655872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr90.dll
2015-06-22 13:16 - 2015-06-22 13:16 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2015-06-22 13:16 - 2015-06-22 13:16 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp90.dll
2015-06-22 13:16 - 2015-06-22 13:16 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2015-06-22 13:16 - 2015-06-22 13:16 - 00350160 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-06-22 13:16 - 2015-06-22 13:16 - 00156392 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2015-06-22 13:16 - 2015-06-22 13:16 - 00001066 _____ C:\Users\RichardGentry\Desktop\MWAVSCAN.lnk
2015-06-22 13:16 - 2015-06-22 13:16 - 00000000 ____D C:\ProgramData\MicroWorld
2015-06-22 13:14 - 2015-06-22 13:15 - 158158304 _____ C:\Users\RichardGentry\Downloads\mwav.exe
2015-06-22 12:45 - 2015-06-22 12:45 - 00003242 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-22 12:45 - 2015-06-22 12:45 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-06-22 12:45 - 2015-06-22 12:45 - 00000000 ____D C:\Program Files\Dell Support Center
2015-06-22 12:33 - 2015-06-29 15:38 - 00000000 ____D C:\Program Files (x86)\System Ninja
2015-06-22 12:33 - 2015-06-29 15:24 - 00001057 _____ C:\Users\Public\Desktop\System Ninja.lnk
2015-06-22 12:11 - 2015-06-29 15:15 - 00001761 _____ C:\Users\RichardGentry\Desktop\Wipe.lnk
2015-06-22 12:11 - 2015-06-29 15:15 - 00000000 ____D C:\Program Files\Wipe
2015-06-22 12:11 - 2015-06-29 14:54 - 00000000 ____D C:\Users\RichardGentry\AppData\Roaming\Wipe
2015-06-22 11:59 - 2015-06-22 11:59 - 00546456 _____ (www.privacyroot.com) C:\Users\RichardGentry\Downloads\setup_wipe.exe
2015-06-17 14:01 - 2015-06-17 14:01 - 00025407 _____ C:\ComboFix.txt
2015-06-15 13:41 - 2015-06-15 13:41 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-06-15 13:41 - 2015-06-15 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-06-15 13:41 - 2015-06-15 13:41 - 00000000 ____D C:\Program Files\HitmanPro
2015-06-15 13:39 - 2015-06-15 13:53 - 00000000 ____D C:\ProgramData\HitmanPro
2015-06-15 12:14 - 2015-06-15 12:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-RICHARDSDELL-Windows-7-Home-Premium-(64-bit).dat
2015-06-15 12:14 - 2015-06-15 12:14 - 00000000 ____D C:\RegBackup
2015-06-13 11:56 - 2015-06-13 11:56 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-06-12 11:31 - 2015-06-12 11:31 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-11 19:47 - 2015-06-29 15:45 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-11 19:47 - 2015-06-29 15:45 - 00000000 ____D C:\Program Files\CCleaner
2015-06-11 19:47 - 2015-06-11 19:47 - 00002814 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-10 11:30 - 2015-06-01 14:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 11:30 - 2015-06-01 13:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 11:30 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 11:30 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 11:30 - 2015-05-25 13:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 11:30 - 2015-05-25 13:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 11:30 - 2015-05-25 13:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 11:30 - 2015-05-25 13:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 11:30 - 2015-05-25 13:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 11:30 - 2015-05-25 13:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 11:30 - 2015-05-25 13:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 11:30 - 2015-05-25 13:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 11:30 - 2015-05-25 13:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 11:30 - 2015-05-25 13:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 11:30 - 2015-05-25 13:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 11:30 - 2015-05-25 13:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 11:30 - 2015-05-25 13:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 11:30 - 2015-05-25 13:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 11:30 - 2015-05-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 11:30 - 2015-05-25 13:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 11:30 - 2015-05-25 13:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 11:30 - 2015-05-25 13:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 11:30 - 2015-05-25 13:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 11:30 - 2015-05-25 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 13:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 11:30 - 2015-05-25 13:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 11:30 - 2015-05-25 13:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 11:30 - 2015-05-25 13:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 11:30 - 2015-05-25 13:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 11:30 - 2015-05-25 13:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 11:30 - 2015-05-25 13:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 11:30 - 2015-05-25 13:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 11:30 - 2015-05-25 13:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 11:30 - 2015-05-25 13:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 11:30 - 2015-05-25 13:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 11:30 - 2015-05-25 12:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 11:30 - 2015-05-25 12:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 11:30 - 2015-05-25 12:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 11:30 - 2015-05-25 12:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 11:30 - 2015-05-25 12:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 11:30 - 2015-05-25 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 12:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 11:30 - 2015-05-25 12:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 11:30 - 2015-05-25 11:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 11:30 - 2015-05-25 11:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 11:30 - 2015-05-25 11:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 11:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 11:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 11:30 - 2015-05-25 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 11:30 - 2015-05-22 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 11:30 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 11:30 - 2015-05-22 22:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 11:30 - 2015-05-22 22:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 11:30 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 11:30 - 2015-05-22 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 11:30 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 11:30 - 2015-05-22 22:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 11:30 - 2015-05-22 22:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 11:30 - 2015-05-22 22:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 11:30 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 11:30 - 2015-05-22 22:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 11:30 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 11:30 - 2015-05-22 21:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 11:30 - 2015-05-22 21:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 11:30 - 2015-05-22 21:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 11:30 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 11:30 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 11:30 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 11:30 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 11:30 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 11:30 - 2015-05-22 21:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 11:30 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 11:30 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 11:30 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 11:30 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 11:30 - 2015-05-22 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 11:30 - 2015-05-22 14:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 11:30 - 2015-05-22 14:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 11:30 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 11:30 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 11:30 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 11:30 - 2015-05-22 14:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 11:30 - 2015-05-22 13:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 11:30 - 2015-05-22 13:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 11:30 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 11:30 - 2015-05-22 13:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 11:30 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 11:30 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 11:30 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 11:30 - 2015-05-22 13:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 11:30 - 2015-05-22 13:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 11:30 - 2015-05-22 13:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 11:30 - 2015-05-22 13:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 11:30 - 2015-05-22 13:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 11:30 - 2015-05-22 13:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 11:30 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 11:30 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 11:30 - 2015-05-22 13:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 11:30 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 11:30 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 11:30 - 2015-05-22 13:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 11:30 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 11:30 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 11:30 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 11:30 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 11:30 - 2015-04-29 13:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 11:30 - 2015-04-29 13:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 11:30 - 2015-04-29 13:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 11:30 - 2015-04-29 13:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 11:30 - 2015-04-29 13:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 11:30 - 2015-04-29 13:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 11:30 - 2015-04-29 13:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 11:30 - 2015-04-29 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 11:30 - 2015-04-29 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 11:30 - 2015-04-29 13:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 11:30 - 2015-04-24 13:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 11:30 - 2015-04-24 12:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 11:30 - 2015-04-10 22:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-08 20:21 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-08 20:21 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-08 20:21 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-08 20:21 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-08 20:21 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-08 20:21 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-08 20:21 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-08 20:21 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-08 20:20 - 2015-06-17 14:01 - 00000000 ____D C:\Qoobox
2015-06-08 20:20 - 2015-06-08 20:27 - 00000000 ____D C:\Windows\erdnt
2015-06-08 10:29 - 2015-06-08 10:29 - 00000000 ___RD C:\Users\RichardGentry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-06-07 11:51 - 2015-07-07 12:21 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 12:21 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-07 12:21 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-07 12:20 - 2014-08-19 21:49 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-07 12:12 - 2015-03-05 16:21 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-07 12:12 - 2015-03-02 12:21 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2015-07-07 12:12 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-07 12:07 - 2014-08-19 21:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-07 10:44 - 2015-03-02 15:38 - 00000000 ____D C:\ProgramData\MFAData
2015-07-06 20:22 - 2015-03-03 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-07-06 18:45 - 2015-02-10 16:00 - 00000000 ____D C:\Users\RichardGentry
2015-07-06 15:12 - 2015-03-02 12:21 - 00078634 _____ C:\Windows\system32\lvcoinst.log
2015-07-05 10:15 - 2015-03-02 18:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-01 17:13 - 2015-03-05 16:21 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-01 17:13 - 2015-03-05 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-01 11:55 - 2014-08-19 21:48 - 00000000 ____D C:\ProgramData\Adobe
2015-07-01 10:42 - 2014-08-19 21:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-01 10:42 - 2014-08-19 21:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-01 10:42 - 2014-08-19 21:33 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-01 09:51 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-30 11:18 - 2009-07-13 21:34 - 00001993 _____ C:\Windows\system32\Drivers\etc\hosts.old
2015-06-29 16:07 - 2009-07-13 21:34 - 00000948 _____ C:\Windows\win.ini
2015-06-29 15:25 - 2015-03-02 18:21 - 00000000 ____D C:\Users\RichardGentry\AppData\Local\Mozilla
2015-06-29 15:19 - 2015-03-06 10:58 - 00000000 ____D C:\Users\RichardGentry\AppData\Roaming\AVS4YOU
2015-06-29 15:19 - 2015-03-03 16:22 - 00000000 ____D C:\Users\RichardGentry\AppData\Local\Apps\2.0
2015-06-29 15:19 - 2015-03-02 18:21 - 00000000 ____D C:\Users\RichardGentry\AppData\Roaming\Mozilla
2015-06-29 15:19 - 2015-03-02 15:38 - 00000000 ____D C:\Users\RichardGentry\AppData\Local\Avg2015
2015-06-29 15:19 - 2015-02-10 16:18 - 00000000 ____D C:\Users\RichardGentry\AppData\Local\VirtualStore
2015-06-27 11:39 - 2015-03-06 10:57 - 00000000 ____D C:\Users\RichardGentry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-06-27 11:39 - 2015-03-06 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-06-27 11:39 - 2015-03-06 10:56 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2015-06-27 11:38 - 2015-03-06 10:56 - 00001203 _____ C:\Users\RichardGentry\Desktop\AVS Media Player.lnk
2015-06-23 10:54 - 2015-03-02 15:42 - 00000967 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-23 10:54 - 2015-03-02 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-22 12:58 - 2015-03-02 16:31 - 00000000 ____D C:\Windows\pss
2015-06-22 12:45 - 2014-08-19 21:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2015_05_25
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2015_05_22
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2015_05_21
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2015_04_05
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2015_02_02
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2015_02_01
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2015_01_25
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2014_12_28
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2014_12_25
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2014_12_18
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2014_12_01
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2014_10_30
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2014_10_29
2015-06-22 12:37 - 2015-05-30 20:19 - 00000000 ____D C:\2014_10_28
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\QuickCam
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_10_24
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_10_09
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_09_26
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_09_25
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_08_17
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_06_14
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_05_27
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_05_23
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_05_22
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_05_01
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_04_24
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_03_04
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_03_03
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_02_28
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_02_27
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_02_26
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_02_24
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_02_08
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_02_05
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2014_01_30
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_12_24
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_12_14
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_12_13
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_10_19
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_10_18
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_10_07
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_09_23
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_09_22
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_07_28
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_06_30
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_05_31
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_05_24
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_05_23
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_05_22
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_05_15
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_05_07
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2013_03_05
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2012_12_25
2015-06-22 12:37 - 2015-03-02 19:36 - 00000000 ____D C:\2012_12_23
2015-06-22 12:36 - 2015-03-02 19:36 - 00000000 ____D C:\2012_12_22
2015-06-18 08:41 - 2015-03-05 16:21 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2015-03-05 16:21 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-03-05 16:21 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 13:52 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-06-16 13:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-13 11:55 - 2014-08-19 21:39 - 00000000 ____D C:\ProgramData\Dell
2015-06-11 19:58 - 2011-02-10 09:02 - 00000000 ____D C:\Windows\panther
2015-06-11 18:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-06-10 16:23 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-10 16:22 - 2009-07-13 23:45 - 00281376 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 16:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 16:19 - 2015-03-04 12:23 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 16:17 - 2015-03-04 12:23 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-08-19 21:38 - 2014-08-19 21:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 13:39

==================== End of log ============================

 

*********************

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by RichardGentry at 2015-07-07 12:44:37
Running from C:\Users\RichardGentry\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3746683574-341478895-3308312309-500 - Administrator - Disabled)
Guest (S-1-5-21-3746683574-341478895-3308312309-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3746683574-341478895-3308312309-1002 - Limited - Enabled)
RichardGentry (S-1-5-21-3746683574-341478895-3308312309-1000 - Administrator - Enabled) => C:\Users\RichardGentry

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version:  - )
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6037 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6037 - AVG Technologies) Hidden
AVS Media Player 4.2.4.107 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.4.107 - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM-x32\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.3.572 - Online Media Technologies Ltd.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Brother MFL-Pro Suite MFC-J410W (HKLM-x32\...\{31FD9031-FA28-4F73-9FD1-D7E9997C41CE}) (Version: 0.0.1.0 - Brother Industries, Ltd.)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Crystal Security (HKLM-x32\...\Crystal Security 3.5.0.129) (Version: 3.5.0.129 - Kardo Kristal)
Crystal Security (x32 Version: 3.5.0.129 - Kardo Kristal) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.0.7.0 - Reason Software Company Inc.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
System Ninja version 3.0.7 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.7 - SingularLabs)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wipe (HKLM\...\wipe) (Version: 2015.06 - PrivacyRoot.com)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.16.292 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-06-2015 04:41:11 Windows Update
29-06-2015 17:10:51 Zemana AntiMalware 6/29/2015 5:10:47 PM
29-06-2015 19:10:07 Zemana AntiMalware 6/29/2015 7:10:03 PM
06-07-2015 18:37:07 zoek.exe restore point

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0813B51D-7733-4EC0-89DB-4628CFB81941} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-05-17] (Reason Software Company Inc.)
Task: {12ED4C59-B35B-4BD0-9AAE-CEC0DB208D0F} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-05-17] (Reason Software Company Inc.)
Task: {1503ED80-CC51-4088-BCDB-9C983490596C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {1657B6D9-86D8-47C7-B8BF-0AE75AC08C6F} - System32\Tasks\Uninstaller_SkipUac_RichardGentry => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-03-03] (IObit)
Task: {5241495E-E3AB-493A-96B7-E50925DF115C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {6D6DA4C7-D242-47DB-B3C6-FCBB257A8AA6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-01] (Adobe Systems Incorporated)
Task: {6EDA4252-8372-4F89-BCD6-C3DF1E3AB0F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {92A22043-AE03-4703-A37C-616B5C02BAC7} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {9ED75632-EE23-4BAD-B9D6-7891D044FF89} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {A301C3C5-13AC-475F-82F6-04545280023D} - System32\Tasks\{816D4690-295A-4513-8097-2481A765BA7A} => pcalua.exe -a C:\msgr9us.exe -d C:\
Task: {A42B374C-FE1E-4A16-B8B2-B5D9E82021F0} - System32\Tasks\{971AC329-9237-4CB5-A665-42C317E308EB} => pcalua.exe -a D:\setup.exe -d D:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-08-19 21:49 - 2014-03-12 12:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-08-19 21:49 - 2014-03-12 12:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-08-19 21:49 - 2014-03-12 12:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2015-06-22 14:04 - 2015-07-01 09:47 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2015-06-28 20:20 - 2015-06-28 20:20 - 00164600 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2015-06-28 20:20 - 2015-06-28 20:20 - 00402168 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2015-04-14 11:46 - 2005-04-21 23:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2014-08-19 21:49 - 2014-04-30 10:35 - 00486880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-08-19 21:36 - 2013-12-09 17:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-08-19 21:49 - 2013-12-17 17:47 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-08-19 21:49 - 2012-11-25 23:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-08-19 21:49 - 2012-11-25 23:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-07-01 10:42 - 2015-07-01 10:42 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3746683574-341478895-3308312309-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RichardGentry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\startupfolder: C:^Users^RichardGentry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^RichardGentry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\Windows\pss\Microsoft Find Fast.lnk.Startup
MSCONFIG\startupfolder: C:^Users^RichardGentry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Office Startup.lnk => C:\Windows\pss\Office Startup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^RichardGentry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wipe Tray Agent.lnk => C:\Windows\pss\Wipe Tray Agent.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: Dell Registration => C:\Program Files (x86)\System Registration\prodreg.exe /boot
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PC-Doctor for Windows REBOOT =>
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4P1
MSCONFIG\startupreg: RtHDVBg_PushButton => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: Wipe Maintance => "C:\Program Files\Wipe\net1.exe" windowsStartup
MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DC43E54E-A21F-45A2-9D51-0BC6CD713CE2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8B8E7FE7-A915-417D-8038-9096E4F3609F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4F90B46A-BF99-465C-9E4D-99B2E389F6D0}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{A6FA27F7-473D-4757-8170-E136978CC8BB}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{890B39AD-6C55-4F81-9DDF-9ACC74F98537}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8AAD5EA8-A088-4A13-8D26-85404025738E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{12056545-A72C-4A61-910E-2A3C6647CD0C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{061628E0-8F67-45CC-B17C-1C96C55AB85A}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{7AD4C1C3-02A8-450C-A55B-A4697ECAE9AA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{628DCE76-0193-453F-8AD9-0A3E8B6B2301}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E67D54FD-5240-4183-91CC-55F76301AA2C}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{6B400A87-8119-456D-93C0-BB3231A910F8}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{409470E5-1EAC-4D70-8412-545F173F37FA}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{22FF802E-C1A7-404C-B015-92A7DA0635F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{184C5437-4F6D-44AB-ACC5-C15BD364B978}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{AE3720EB-5BC3-4FDC-AB84-4CE408C93070}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{58FD3A81-3CD3-4CB5-9CE4-B7D3A181FDC0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{67255DD6-0C5D-476C-B091-4FF8F8513A3C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{950E4CBD-CBFB-4D7D-9506-C58E0502CF3B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{CD6C48FB-C702-482D-A557-739A2500AAB4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{DA8CDDC8-F340-4F87-8EB8-8AD9CD60B368}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2015 00:12:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2015 00:11:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3d0

Start Time: 01d0b8cb663cd484

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/07/2015 10:56:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: Flash32_17_0_0_190.ocx, version: 17.0.0.190, time stamp: 0x55837cf9
Exception code: 0xc0000005
Fault offset: 0x006ab76a
Faulting process id: 0x1720
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (07/07/2015 10:39:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 06:53:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 06:37:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time stamp: 0x4acc50c4
Exception code: 0xc0000005
Fault offset: 0x0000000000007af2
Faulting process id: 0xa00
Faulting application start time: 0xLVPrcSrv.exe0
Faulting application path: LVPrcSrv.exe1
Faulting module path: LVPrcSrv.exe2
Report Id: LVPrcSrv.exe3

Error: (07/06/2015 06:30:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/06/2015 06:18:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 01:02:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d98

Start Time: 01d0b810a0725eca

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/06/2015 00:12:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 554

Start Time: 01d0b80af2125bf5

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:


System errors:
=============
Error: (07/07/2015 00:12:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/07/2015 00:12:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/07/2015 00:12:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/07/2015 00:12:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/07/2015 00:12:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/07/2015 10:39:26 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/07/2015 10:39:19 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/07/2015 10:39:16 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/06/2015 06:53:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/06/2015 06:53:11 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office:
=========================
Error: (07/07/2015 00:12:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2015 00:11:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.178403d001d0b8cb663cd4840C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/07/2015 10:56:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbFlash32_17_0_0_190.ocx17.0.0.19055837cf9c0000005006ab76a172001d0b8cb8376dc65C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_17_0_0_190.ocxb1da684d-24c0-11e5-9a65-9cad97afbea0

Error: (07/07/2015 10:39:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 06:53:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 06:37:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LVPrcSrv.exe12.10.1110.04acc50c4LVPrcSrv.exe12.10.1110.04acc50c4c00000050000000000007af2a0001d0b84209d5f0edC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeffc197e9-2437-11e5-b004-9cad97afbea0

Error: (07/06/2015 06:30:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\RichardGentry\Downloads\esetsmartinstaller_enu.exe

Error: (07/06/2015 06:18:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2015 01:02:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17840d9801d0b810a0725eca0C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/06/2015 00:12:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1784055401d0b80af2125bf50C:\Program Files\Internet Explorer\iexplore.exe


CodeIntegrity Errors:
===================================
  Date: 2015-06-17 13:52:12.440
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-17 13:52:12.415
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-17 13:52:12.389
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-17 13:52:12.364
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-11 16:08:40.906
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-11 16:08:40.875
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-11 16:08:40.859
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-11 16:08:40.828
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-08 20:26:18.427
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-08 20:26:18.402
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8108.95 MB
Available physical RAM: 5139.7 MB
Total Virtual: 16216.11 MB
Available Virtual: 12726.12 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:907.25 GB) (Free:566.41 GB) NTFS
Drive e: (2TB Samsung) (Fixed) (Total:1863.01 GB) (Free:1252.27 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:24.22 GB) (Free:13.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 655C6798)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=24.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=907.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: E3E0E3E0)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of log ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:07 PM

Posted 08 July 2015 - 07:20 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-3746683574-341478895-3308312309-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===


Error: (0) Failed to create a restore point.
Let see what we can find out about this.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

===

How is the computer running now?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:07 PM

Posted 14 July 2015 - 08:33 AM

Are you still with me?

#10 RAGG

RAGG
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 14 July 2015 - 02:44 PM

Hi Nasdaq - yea I'm still here.  Kind of nervous about running these coded scrips.  If something is off/wrong worry about not being able to boot.  I think I want to move my stuff

over to another drive and reload windows at this point.  These ads are being real difficult to remove.  I just hope they don't come back after I flush everything.  Thanks for your help.

Do you have any software you recommend I run with AVG after I come back up?  Thanks



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:07 PM

Posted 15 July 2015 - 07:52 AM

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:07 PM

Posted 21 July 2015 - 08:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users