Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

problem loading pages first time, second, sometimes 3x fail


  • This topic is locked This topic is locked
21 replies to this topic

#1 wpetti

wpetti

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 08 July 2015 - 11:39 AM

Hello. I have had much trouble loading pages that are standard for me and should not cause a problem. On secure sites at my office I will log in and once in try to navigate the site by opening, for example, a research report from a third party. I will get an error screen that says page Did Not Load. if I hit Refresh sometimes it will load correctly, but sometimes I need to hit Refresh 3x to get page to load, and then it loads but is unstable.

 

I have run Malwarebytes Free Version and it did not show any malware but oddly when I go into Malwarebytes History file the last entry shown is 12/24/2014 when it found a PUP.Optional.BrowserExtensions.A malware. In fact, I ran a scan about a week ago and malwarebytes found a PUP issue so something seems wrong there.  

 

Also, I visit DrudgeReport.com maybe once a day and I have been suspicious that this aggregator is a source of malware. ditto for some other aggregators like blaze.com and even breitbart.com... I never used to have trouble with these sites but I do now and they have loads of annoying pop-up ads...legit sources like Toyota but the sites seem really bogged down!

 

I called my tech guy and he said he could run some deep cleaning programs that go "deeper than CCleaner" and maybe I have some incorrect browser settings that are interfering with our security settings.

 

I just had a hunch what might really be going on is some sort of virus. We run latest version of Norton Internet Security.  

 

Those page loads are symptom of some larger issue I think.

 

Any help greatly appreciated!

 

wpetti



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:33 AM

Posted 12 July 2015 - 07:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Wait for further instructions.

#3 wpetti

wpetti
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 13 July 2015 - 11:52 AM

thank you. here are the logs:

 

# AdwCleaner v4.208 - Logfile created 13/07/2015 at 11:07:37
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : w00t Pro - W00TPC-THINK2
# Running from : C:\Users\w00t Pro\Downloads\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17377

-\\ Mozilla Firefox v39.0 (x86 en-US)

-\\ Google Chrome v43.0.2357.132

[C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NS&chn=retail&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869

*************************

AdwCleaner[R1].txt - [908 bytes] - [13/07/2015 11:07:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [966 bytes] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by w00t Pro (administrator) on W00TPC-THINK2 on 13-07-2015 11:21:04
Running from C:\Users\w00t Pro\Downloads
Loaded Profiles: w00t Pro (Available Profiles: w00t Pro)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(Lenovo) C:\Program Files\Lenovo\LBAI\LBAEvent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Livedrive Internet Ltd) C:\Program Files (x86)\Livedrive\Livedrive.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKLE.EXE
(Dell) C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Users\w00t Pro\Downloads\adwcleaner_4.208.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Farbar) C:\Users\w00t Pro\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-01-28] (Lenovo Group Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DellNSCST_GRNCH] => C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe [278528 2008-07-16] (Dell)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [503400 2013-07-05] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-07-05] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1067072 2013-07-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [ihccontrol] => C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe [2006080 2014-10-18] (Instant Housecall)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\Run: [Livedrive] => C:\Program Files (x86)\Livedrive\Livedrive.exe [1842840 2014-07-24] (Livedrive Internet Ltd)
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKLE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\MountPoints2: {b64b9743-1cd0-11e4-92e1-806e6f6e6963} - D:\SETUP.exe
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\logon.scr
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [BackupOverlay] -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002 -> {81E0BFB1-CAFE-4AAD-9F5F-A27D59431BCE} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{0CD01375-D34E-4961-8291-9BA5E1F65B8D}: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{407E8522-6CE9-4A6D-B80C-96D457569557}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4A78F57E-E80F-44F0-882E-7CEF1F1DE4C6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4EAF7262-D950-4132-AADC-B691FF7F5A45}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7CB80628-6D6F-4A1F-AA0B-2CDAAF1044B5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B43BCA8C-6208-4F15-BD36-B4E763E0EBC9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DDB1F0DF-0D8F-45BC-9398-4B0370A2223A}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\w00t Pro\AppData\Roaming\Mozilla\Firefox\Profiles\vcpogcqm.default-1436545091195
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-17] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4271722370-1150792674-1538857754-1002: @citrixonline.com/appdetectorplugin -> C:\Users\w00t Pro\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-10] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn [2015-07-12]

Chrome:
=======
CHR Profile: C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-09]
CHR Extension: (Norton Identity Safe) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-08]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-08-10] (Advanced Micro Devices, Inc.) [File not signed]
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2013-08-26] (AOMEI Tech Co., Ltd.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [610888 2015-06-10] (Citrix Systems, Inc.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-16] (SurfRight B.V.)
R2 IHCserver; C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe [2006080 2014-10-18] (Instant Housecall)
R2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [15520 2012-03-23] (Lenovo) [File not signed]
S2 LivedriveVSSService; C:\Program Files (x86)\Livedrive\VSSService.exe [210584 2014-07-24] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe [282016 2015-06-17] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
S3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63816 2013-02-26] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186696 2013-02-26] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 Unchecky; C:\program files\Unchecky\bin\Unchecky_svc.exe [164600 2015-07-13] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] () [File not signed]
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605000.07C\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-07-10] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150710.001\IDSvia64.sys [692984 2015-07-08] (Symantec Corporation)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-08] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150712.022\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150712.022\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 rccfg; C:\Windows\system32\drivers\rccfg.sys [21680 2013-03-28] (AMD, Inc.)
S3 rcraid; C:\Windows\system32\drivers\rcraid.sys [526000 2013-03-28] (AMD, Inc.)
R2 RtDashPt; C:\Windows\System32\DRIVERS\RtDashPt.sys [29256 2013-04-29] (Realtek semiconductor corp)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605000.07C\SRTSP64.SYS [917720 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605000.07C\SRTSPX64.SYS [42200 2015-06-04] (Symantec Corporation)
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-07-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605000.07C\Ironx64.SYS [288984 2015-06-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605000.07C\SYMNETS.SYS [567512 2015-06-04] (Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S1 SASDIFSV; \??\E:\w00tTech\d7II\3rd Party Tools\SAS\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\E:\w00tTech\d7II\3rd Party Tools\SAS\SASKUTIL64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 11:21 - 2015-07-13 11:21 - 00049758 _____ C:\Users\w00t Pro\Downloads\FRST.txt
2015-07-13 11:20 - 2015-07-13 11:21 - 00000000 ____D C:\FRST
2015-07-13 11:20 - 2015-07-13 11:20 - 01636864 _____ (Farbar) C:\Users\w00t Pro\Downloads\FRST (1).exe
2015-07-13 11:19 - 2015-07-13 11:19 - 02133504 _____ (Farbar) C:\Users\w00t Pro\Downloads\FRST64 (1).exe
2015-07-13 11:19 - 2015-07-13 11:19 - 01636864 _____ (Farbar) C:\Users\w00t Pro\Downloads\FRST.exe
2015-07-13 11:18 - 2015-07-13 11:18 - 02133504 _____ (Farbar) C:\Users\w00t Pro\Downloads\FRST64.exe
2015-07-13 11:07 - 2015-07-13 11:07 - 02248704 _____ C:\Users\w00t Pro\Downloads\adwcleaner_4.208.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-10 13:08 - 2015-07-10 13:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-10 13:08 - 2015-07-10 13:08 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-10 13:08 - 2015-07-10 13:08 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-10 13:08 - 2015-07-10 13:08 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-07-10 13:08 - 2015-07-10 13:08 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-07-10 13:08 - 2015-07-10 13:08 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-10 13:08 - 2015-07-10 13:08 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-10 13:08 - 2015-07-10 13:08 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-10 13:08 - 2015-07-10 13:08 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-10 13:08 - 2015-07-10 13:08 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-07-10 13:05 - 2015-07-10 13:09 - 00006941 _____ C:\Windows\IE10_main.log
2015-07-10 13:05 - 2015-07-10 13:06 - 44335120 _____ (Microsoft Corporation) C:\Users\w00t Pro\Downloads\IE10-Windows6.1-x64-en-us.exe
2015-07-10 12:51 - 2015-07-10 13:18 - 00024189 _____ C:\Windows\IE11_main.log
2015-07-10 12:50 - 2015-07-10 12:51 - 55915216 _____ (Microsoft Corporation) C:\Users\w00t Pro\Downloads\IE11-Windows6.1-x64-en-us.exe
2015-07-10 12:48 - 2015-07-10 13:14 - 00001428 _____ C:\Users\w00t Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-10 11:56 - 2015-07-10 11:56 - 00000207 _____ C:\Windows\tweaking.com-regbackup-W00TPC-THINK2-Windows-7-Professional-(64-bit).dat
2015-07-10 11:56 - 2015-07-10 11:56 - 00000000 ____D C:\RegBackup
2015-07-10 11:37 - 2015-07-10 11:37 - 00000000 ____D C:\Users\w00t Pro\Documents\Add-in Express
2015-07-10 11:32 - 2015-07-10 11:32 - 00000000 _____ C:\Windows\EEventManager.INI
2015-07-10 11:29 - 2015-07-13 11:10 - 00000000 ____D C:\Windows\CryptoGuard
2015-07-10 11:29 - 2015-07-11 14:59 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2015-07-10 11:29 - 2015-07-10 11:29 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2015-07-10 11:29 - 2015-07-10 11:29 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2015-07-10 11:29 - 2015-07-10 11:29 - 00093144 _____ C:\Windows\system32\Drivers\hmpalert.sys
2015-07-10 11:29 - 2015-07-10 11:29 - 00053248 _____ C:\Windows\SysWOW64\zlib.dll
2015-07-10 11:29 - 2015-07-10 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2015-07-10 11:29 - 2015-07-10 11:29 - 00000000 ____D C:\ProgramData\Foolish IT
2015-07-10 11:18 - 2015-07-10 11:18 - 00000000 ____D C:\Users\w00t Pro\Desktop\Old Firefox Data
2015-07-10 11:10 - 2015-07-12 00:55 - 00000392 _____ C:\Windows\setupact.log
2015-07-10 11:10 - 2015-07-10 11:10 - 00000000 _____ C:\Windows\setuperr.log
2015-07-10 11:09 - 2015-07-10 12:05 - 00004694 _____ C:\Windows\PFRO.log
2015-07-10 11:09 - 2015-07-10 11:09 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-07-10 11:07 - 2015-07-13 11:10 - 00000000 ____D C:\AdwCleaner
2015-07-10 10:38 - 2015-07-10 10:38 - 00000847 _____ C:\Users\Public\Desktop\Unchecky.lnk
2015-07-10 10:38 - 2015-07-10 10:38 - 00000000 ____D C:\ProgramData\Unchecky
2015-07-10 10:38 - 2015-07-10 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-07-10 10:38 - 2015-07-10 10:38 - 00000000 ____D C:\Program Files\Unchecky
2015-07-10 10:37 - 2015-07-10 10:37 - 00073570 _____ C:\Users\w00t Pro\Documents\cc_20150710_103743.reg
2015-07-10 10:27 - 2015-07-10 10:27 - 00000000 ____D C:\PatchMyPCUpdates
2015-07-10 10:25 - 2015-07-10 10:25 - 00000000 ____D C:\Users\w00t Pro\AppData\Roaming\Hard Disk Sentinel
2015-07-10 10:09 - 2015-07-10 10:09 - 00001531 _____ C:\Users\Public\Desktop\w00t logs.lnk
2015-07-10 10:08 - 2015-06-17 15:31 - 06804480 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatAx-9.5.0-win32.dll
2015-07-10 10:08 - 2014-10-24 12:18 - 01993088 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Controls.Unicode.v16.4.0.ocx
2015-07-10 10:08 - 2004-03-09 01:00 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.ocx.f_upgrade
2015-07-10 10:08 - 2004-03-09 01:00 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2015-07-09 10:09 - 2015-07-09 10:09 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2015-07-09 10:01 - 2015-07-09 10:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-07-08 21:46 - 2015-07-08 21:46 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-01 12:36 - 2015-07-01 12:37 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-06-18 11:23 - 2015-06-18 11:23 - 00000043 _____ C:\Users\w00t Pro\Documents\Junxure backup.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 11:11 - 2014-04-16 13:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 11:09 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 11:09 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 11:03 - 2015-02-02 12:03 - 00000911 _____ C:\Windows\Tasks\EPSON WF-4630 Series Update {EDE125B6-94B7-4022-BAEF-F4F691D495DB}.job
2015-07-13 11:03 - 2015-02-02 12:03 - 00000725 _____ C:\Windows\Tasks\EPSON WF-4630 Series Invitation {EDE125B6-94B7-4022-BAEF-F4F691D495DB}.job
2015-07-13 11:03 - 2014-04-16 13:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 02:26 - 2014-08-08 15:13 - 00000000 ____D C:\Program Files (x86)\Instant Housecall
2015-07-12 00:56 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 14:59 - 2014-08-08 14:53 - 00000000 ____D C:\Program Files (x86)\Livedrive
2015-07-11 14:43 - 2014-08-05 14:07 - 00000000 ____D C:\Users\w00t Pro\AppData\Local\CrashDumps
2015-07-11 14:40 - 2014-10-19 19:51 - 01568775 _____ C:\Windows\WindowsUpdate.log
2015-07-10 14:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-07-10 13:14 - 2014-08-08 14:47 - 00000000 __SHD C:\Users\w00t Pro\PrivacIE
2015-07-10 13:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-10 12:47 - 2012-10-01 14:26 - 00000000 ____D C:\Windows\Panther
2015-07-10 12:23 - 2014-08-05 16:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-10 12:23 - 2014-04-16 13:04 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-07-10 12:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-10 12:02 - 2009-07-14 00:13 - 00786812 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-10 12:01 - 2009-07-13 21:34 - 00000514 _____ C:\Windows\win.ini
2015-07-10 11:58 - 2014-04-16 18:03 - 00786812 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-10 11:55 - 2014-08-25 00:02 - 00000000 ____D C:\Users\Wells Pettibone
2015-07-10 11:55 - 2014-04-16 11:41 - 00000000 ____D C:\Users\w00tPC
2015-07-10 11:54 - 2014-04-17 12:49 - 00000000 ____D C:\Users\w00t Pro
2015-07-10 11:54 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2015-07-10 11:35 - 2009-07-13 21:34 - 00001993 _____ C:\Windows\system32\Drivers\etc\hosts_bak_88
2015-07-10 11:24 - 2014-03-27 19:51 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2015-07-10 10:42 - 2014-08-08 15:03 - 00000013 _____ C:\Windows\BRVIDEO.INI
2015-07-10 10:42 - 2014-08-08 15:02 - 00000264 _____ C:\Windows\Brownie.ini
2015-07-10 10:25 - 2014-07-17 07:59 - 00000000 ____D C:\Users\w00t Pro\AppData\Roaming\Nitro PDF
2015-07-10 10:17 - 2014-07-16 16:29 - 00000172 _____ C:\Windows\zerobyte_files_deleted.txt
2015-07-10 10:17 - 2014-07-16 16:29 - 00000074 _____ C:\Windows\system32\zerobyte_files_deleted.txt
2015-07-10 10:17 - 2014-03-27 19:35 - 00000000 ____D C:\Program Files\Lenovo
2015-07-10 10:16 - 2014-08-05 13:59 - 00000000 ____D C:\Support
2015-07-09 10:07 - 2014-04-25 13:06 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-09 10:03 - 2014-08-08 14:57 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2015-07-09 10:02 - 2014-08-08 14:57 - 00003236 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-09 10:01 - 2014-08-08 14:57 - 00002445 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2015-07-09 10:01 - 2014-04-16 13:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-09 09:18 - 2014-08-08 14:51 - 00000000 ____D C:\Wagner Monte Carlo
2015-07-08 21:50 - 2014-08-08 14:57 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-08 21:50 - 2014-08-08 14:57 - 00008166 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-08 21:50 - 2014-08-08 14:57 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-08 21:50 - 2014-03-27 20:02 - 00000000 ____D C:\ProgramData\Norton
2015-07-08 10:38 - 2014-04-16 13:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 10:38 - 2014-04-16 13:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 10:38 - 2014-04-16 13:08 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-08 10:33 - 2014-04-16 13:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-08 10:33 - 2014-04-16 13:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-08 10:33 - 2014-04-16 13:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-07 12:31 - 2014-04-17 13:17 - 00001186 _____ C:\Users\w00t Pro\Desktop\Auslogics DiskDefrag.lnk
2015-07-07 12:30 - 2014-04-25 13:16 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-04 12:31 - 2014-04-16 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-03 18:00 - 2014-08-08 15:05 - 00001024 ____H C:\SYSTAG.BIN
2015-07-03 12:30 - 2014-09-02 22:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 12:30 - 2014-08-05 16:14 - 00001180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-03 12:30 - 2014-04-16 13:06 - 00001168 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-01 12:37 - 2015-01-29 13:36 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-07-01 12:37 - 2014-04-16 12:59 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-01 12:37 - 2014-04-16 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-01 12:37 - 2014-04-16 12:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-22 12:31 - 2014-12-03 13:30 - 00001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-22 12:31 - 2014-07-17 07:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-18 11:25 - 2014-08-08 15:03 - 00000426 _____ C:\Windows\BRWMARK.INI
2015-06-18 08:41 - 2014-04-16 12:59 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-04-16 12:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-04-16 12:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-16 15:14 - 2014-08-11 10:46 - 00000000 ____D C:\Users\w00t Pro\AppData\Local\Citrix
2015-06-15 08:59 - 2009-07-14 00:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-08-08 15:06 - 2014-08-08 15:06 - 0007162 _____ () C:\Users\w00t Pro\AppData\Roaming\DellFaxOptions.xml
2014-03-27 20:00 - 2014-03-27 20:00 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-03-27 19:57 - 2014-03-27 19:58 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-03-27 19:58 - 2014-03-27 19:59 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-03-27 19:59 - 2014-03-27 20:00 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some files in TEMP:
====================
C:\Users\w00t Pro\AppData\Local\Temp\IntResource.dll
C:\Users\w00t Pro\AppData\Local\Temp\Quarantine.exe
C:\Users\w00t Pro\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-13 00:13

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by w00t Pro at 2015-07-13 11:21:29
Running from C:\Users\w00t Pro\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4271722370-1150792674-1538857754-500 - Administrator - Disabled)
Guest (S-1-5-21-4271722370-1150792674-1538857754-501 - Limited - Disabled)
w00t Pro (S-1-5-21-4271722370-1150792674-1538857754-1002 - Administrator - Enabled) => C:\Users\w00t Pro

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{2F0E873B-1B60-FCC1-40B1-76E942EA5A56}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.0.0 - Auslogics Labs Pty Ltd)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Laser MFP 1815 Software Uninstall (HKLM-x32\...\Dell Laser MFP 1815) (Version:  - DELL Inc.)
Document Capture Pro (HKLM-x32\...\{1D707201-A58C-465E-869F-732DFEB4E306}) (Version: 1.02.0002 - Seiko Epson Corporation)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0FD15AD3-8505-49E6-984E-F863446652A7}) (Version: 3.10.0018 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.43.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-4630 Series Printer Uninstall (HKLM\...\EPSON WF-4630 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-4630 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-4630 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM-x32\...\{2CF484F9-A0CD-3AD9-84A6-DFFE749FC71F}) (Version: 66.77.16516 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToAssist Customer 2.3.0.818 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.3.0.818 - Citrix Online)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Instant Housecall (HKLM-x32\...\{B1566D09-03D9-4DDD-B3F3-759B22F3F053}) (Version: 6.2.0.0 - Instant Housecall)
Java 7 Update 79 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Junxure Desktop (HKLM-x32\...\{879FFED4-A41B-4486-8F9E-87CAE3B37516}) (Version: 9.5.1.0 - CRM Software, Inc.)
Junxure Outlook Addin (HKLM-x32\...\{0B0DFAB9-A3C8-489D-B1FC-8EBB606ED7B3}) (Version: 3.0.7 - CRM Software)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}) (Version: 1.0.0.6 - Lenovo)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
LibreOffice 4.4.4.3 (HKLM-x32\...\{5B6D82BB-CC1A-431E-8991-3E57855F99C5}) (Version: 4.4.4.3 - The Document Foundation)
Livedrive (HKLM\...\{7D2E0E90-3BBA-43B1-894D-EC39A4E18748}) (Version: 1.15.2.0 - Livedrive Internet Limited)
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.7122.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{07E55FB8-966C-4FA5-815D-D1F5AC8B1D87}) (Version: 8.5.5.2 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.0.124 - Symantec Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.01.0004 - Lenovo Group Limited)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (x32 Version: 10.0.1.2704 - CyberLink Corp.) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RtkWin7DashClientInstaller (HKLM-x32\...\{6F642DF6-F1BF-4A10-92B0-4A65CB04304C}) (Version: 2.0.9 - Realtek)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
SugarSync (HKLM-x32\...\SugarSync) (Version: 3.6.0.1.139445 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.42.0 - Lenovo)
Unchecky v0.3.8 (HKLM-x32\...\Unchecky) (Version: 0.3.8 - RaMMicHaeL)
Uninstall Dell PC Fax (HKLM-x32\...\{11A80E40-621F-489C-A626-58886B60FEAC}) (Version:  - Dell Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
View Management Utility (HKLM\...\View Management Utility_is1) (Version: 3.0.1.20120921 - Lenovo Inc.)
WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden
Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA  (03/01/2013 7.12.0.7714) (HKLM\...\A2B8CA78DDCBA880E65B4D457629D348383CDD38) (Version: 03/01/2013 7.12.0.7714 - Advanced Micro Devices)
Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display  (08/09/2013 12.105.4.7000) (HKLM\...\5E515D595973DD1148687B4DEC8CD1004845F807) (Version: 08/09/2013 12.105.4.7000 - Advanced Micro Devices, Inc.)
Windows Driver Package - Realtek (RTL8167) Net  (06/18/2013 7.073.0618.2013) (HKLM\...\9B4C750285F22B91D150CDF1E12F51BB50A8607F) (Version: 06/18/2013 7.073.0618.2013 - Realtek)
Windows Driver Package - Realtek Multifunction  (07/20/2009 1.0.0217.2009) (HKLM\...\8F81B9F75450D43F572A25DC9779ED5E57C91655) (Version: 07/20/2009 1.0.0217.2009 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602) (HKLM\...\88CB7AA478955801F99FBF6D2BCF739BEB87A7F3) (Version: 03/27/2012 6.0.1.6602 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

26-05-2015 08:38:42 Revo Uninstaller's restore point - K-Lite Codec Pack 11.1.0 Full
03-06-2015 00:00:01 Scheduled Checkpoint
06-06-2015 03:00:10 Windows Update
10-06-2015 03:00:17 Windows Update
17-06-2015 12:18:18 Scheduled Checkpoint
24-06-2015 12:36:49 Scheduled Checkpoint
06-07-2015 17:26:52 Scheduled Checkpoint
09-07-2015 09:39:27 Revo Uninstaller's restore point - DoNotTrackMe Add-on 4.9.1728
10-07-2015 10:16:50 Removed Lenovo Solution Center.
10-07-2015 11:29:35 Technician Created System Restore Point
10-07-2015 11:56:31 Tweaking.com - Windows Repair
10-07-2015 12:40:22 Windows Modules Installer
10-07-2015 12:53:22 Windows Modules Installer
10-07-2015 12:55:19 Windows Modules Installer
10-07-2015 13:02:15 Windows Modules Installer
10-07-2015 13:02:41 Windows Modules Installer
10-07-2015 13:07:47 Windows Modules Installer
10-07-2015 13:17:24 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-07-13 10:58 - 00002022 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com

There are 5 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08BA725F-DA85-4676-8CE6-1F914522BD8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)
Task: {3A059C78-1E40-4787-9A2E-694D7DA915AB} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {406227CD-9726-47E2-87E7-150E0F4149D8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\WSCStub.exe [2015-06-17] (Symantec Corporation)
Task: {4557F1B7-1294-4D42-989A-2944C59468EA} - System32\Tasks\EPSON WF-4630 Series Update {EDE125B6-94B7-4022-BAEF-F4F691D495DB} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {886D3455-0E21-4369-8FF9-B8CA57606284} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2013-02-26] (Lenovo Group Limited)
Task: {9CB7AFF1-18EB-477E-8F30-DF2AE8929D6F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A36D54D3-ED05-45D5-AF48-1EFC35238F8F} - System32\Tasks\EPSON WF-4630 Series Invitation {EDE125B6-94B7-4022-BAEF-F4F691D495DB} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {AF81BF92-18C2-4F1A-ABD5-746430E80E47} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-06] (CyberLink)
Task: {B47291C0-669E-45D4-B1D3-E98552BF88F9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {BE5C69FC-E971-4CB9-8307-2F2EC0FC7559} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {BF85DED5-6D32-42BA-9CF5-0A705877749C} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {C62B9B4E-7E6E-47D1-A37E-4C0320C62E5A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {C65B9640-5808-48D1-99C4-CFADFF9D4332} - System32\Tasks\w00tUP => C:\w00tUP\w00tUP.exe [2010-06-02] (Secure By Design Inc.)
Task: {F599EADA-87AC-47B4-A152-86F9FC415263} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON WF-4630 Series Invitation {EDE125B6-94B7-4022-BAEF-F4F691D495DB}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE
Task: C:\Windows\Tasks\EPSON WF-4630 Series Update {EDE125B6-94B7-4022-BAEF-F4F691D495DB}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE:/EXE:{EDE125B6-94B7-4022-BAEF-F4F691D495DB} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-08-08 15:04 - 2008-07-18 17:59 - 00027648 _____ () C:\Windows\System32\DELG1L6.DLL
2014-08-08 15:05 - 2007-08-30 10:57 - 00080896 _____ () C:\Windows\System32\DellFaxPort_x64.dll
2013-08-10 06:52 - 2013-08-10 06:52 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-07-13 11:07 - 2015-07-13 11:07 - 02248704 _____ () C:\Users\w00t Pro\Downloads\adwcleaner_4.208.exe
2014-08-08 15:04 - 2013-08-26 17:15 - 00196312 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00220888 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00171736 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00257752 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00368344 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00057048 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00167640 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00245464 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00073432 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00093912 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00043736 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2014-07-24 15:58 - 2014-07-24 15:58 - 00816128 _____ () C:\Program Files (x86)\Livedrive\Localisation.dll
2011-07-28 16:20 - 2011-07-28 16:20 - 00270336 _____ () C:\Program Files (x86)\Livedrive\AlphaFS.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-03-06 23:49 - 2013-03-06 23:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-06 23:52 - 2013-03-06 23:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-03-31 09:47 - 2011-03-31 09:47 - 00466944 _____ () C:\Program Files (x86)\CRM Software\Junxure Outlook Addin\adxloader.dll
2014-08-11 11:21 - 2014-08-11 11:21 - 00374008 _____ () C:\Users\w00t Pro\AppData\Local\assembly\dl3\BRY3NXEX.HTQ\H7QTNPGT.1HV\48989600\000a3f04_9056ca01\AddinExpress.MAPI.DLL
2014-08-11 11:21 - 2014-08-11 11:21 - 00286720 _____ () C:\Users\w00t Pro\AppData\Local\assembly\dl3\BRY3NXEX.HTQ\H7QTNPGT.1HV\f2fa5980\00880bfb_2938c701\Interop.Outlook.DLL
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2014-08-11 11:21 - 2014-08-11 11:21 - 00011264 _____ () C:\Users\w00t Pro\AppData\Local\assembly\dl3\BRY3NXEX.HTQ\H7QTNPGT.1HV\8f0fbef8\00148b5a_c4a0cc01\SharedInterface.DLL
2015-07-13 11:11 - 2015-07-13 11:11 - 00139776 _____ () C:\Users\w00t Pro\AppData\Local\Temp\IntResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IHCserver => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\advisorservices.com -> advisorservices.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\att.com -> hxxps://www.um.att.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\bamadvisorcenters.com -> hxxps://www.bamadvisorcenters.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\bamshare.com -> hxxps://www.bamshare.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\bexedhea.com -> bexedhea.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\incrediblecharts.com -> *.incrediblecharts.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\schwabinstitutional.com -> hxxps://si2.schwabinstitutional.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\wallst.com -> *.sim.wallst.com

IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\12-26.net -> user1.12-26.net

There are 6350 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\w00t Pro\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 71.10.216.1 - 71.10.216.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BrStsWnd => C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
MSCONFIG\startupreg: C: =>
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe -update activex
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\w00t Pro\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\w00t Pro\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BE38FBB4-D040-4D83-B593-95AA1D38308A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CA4A0833-A479-411E-9F83-C05935AF1F9B}] => (Allow) LPort=2869
FirewallRules: [{AC02DFA5-AF1F-4A72-9776-812736B56DFC}] => (Allow) LPort=1900
FirewallRules: [{5CE6D318-D8D4-4499-98E9-A5BD6C63BB21}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [TCP Query User{93642157-BF3E-4904-B550-4177B6552564}C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe] => (Allow) C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe
FirewallRules: [UDP Query User{E50E0C53-DCCF-4C46-BAB0-1D09B3615952}C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe] => (Allow) C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe
FirewallRules: [{F623E142-07BB-4310-8618-F0DED1315AE0}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{39611911-55F5-46A8-B560-F28EA9B15AAA}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{40A4B69B-8C97-4789-BD32-6ED6170FDAF1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{449DED0B-3F60-4CB0-B094-8A4D7D93A030}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A17AFBE-6F8F-4F85-AA6E-92DB94603C01}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{15AABFDD-6D57-41FB-969A-AC8386CC1307}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{1D67D594-2BD8-48B3-B5C6-FFD18413CEC1}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{F984B1D8-B9C6-4AB4-B558-3C31E803FC51}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{B79999CA-B671-436A-B914-57C583348F57}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9CF8605E-ED39-4EF0-B40D-D55B96ED2551}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F7B34D94-9DDF-438E-B4D1-F6BD58C04993}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{29827139-83DD-4E29-9AFE-0CB1134DA05D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8DEAB75D-13BD-433F-8FF2-FBF126BD32F6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3898CCEA-97DD-4598-9E94-C1DC67D55F35}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{458E6BE4-37E1-4605-82F1-1D54A99BC9C7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe

==================== Faulty Device Manager Devices =============

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2015 02:43:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17377, time stamp: 0x55663e2e
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636317
Exception code: 0xc0000005
Fault offset: 0x00022322
Faulting process id: 0x2004
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (07/10/2015 11:59:00 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL

Error: (07/10/2015 11:58:54 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF

Error: (07/10/2015 11:36:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bb0e431e-da23-4d6e-9d57-a801eb431580}

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (07/13/2015 11:04:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (07/13/2015 11:04:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (07/13/2015 11:04:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (07/13/2015 11:04:04 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (07/12/2015 03:51:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer W00TPC-THINK1
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0CD01375-D34E-4961-8291-9BA5E1F65B8D}.
The master browser is stopping or an election is being forced.

Error: (07/12/2015 03:39:24 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer W00TPC-THINK1
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0CD01375-D34E-4961-8291-9BA5E1F65B8D}.
The master browser is stopping or an election is being forced.

Error: (07/12/2015 03:27:23 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer W00TPC-THINK1
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0CD01375-D34E-4961-8291-9BA5E1F65B8D}.
The master browser is stopping or an election is being forced.

Error: (07/12/2015 01:00:02 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer W00TPC-THINK1
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0CD01375-D34E-4961-8291-9BA5E1F65B8D}.
The master browser is stopping or an election is being forced.

Error: (07/12/2015 12:58:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (07/12/2015 12:58:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-07-13 11:20:54.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-13 11:03:57.401
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-12 00:55:57.459
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-11 20:32:48.771
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-11 19:33:04.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-11 14:24:27.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-10 13:21:32.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-10 13:11:24.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-10 13:09:50.598
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-10 12:58:54.243
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A8-6500B APU with Radeon™ HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 7369.76 MB
Available physical RAM: 5256.54 MB
Total Virtual: 23751.97 MB
Available Virtual: 21215.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:452.56 GB) (Free:331.87 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (WF-4630) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS
Drive f: (On-Site Backup) (Fixed) (Total:149.05 GB) (Free:83.55 GB) NTFS
Drive p: () (Network) (Total:452.56 GB) (Free:339.85 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 53E109A8)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 0E171CDE)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:33 AM

Posted 13 July 2015 - 01:40 PM

Please run the AdwCleaner and clean this entry.
-\\ Google Chrome v43.0.2357.132

[C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NS&chn=retail&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869

This is a redirect to ask.com and is not required.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S1 SASDIFSV; \??\E:\w00tTech\d7II\3rd Party Tools\SAS\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\E:\w00tTech\d7II\3rd Party Tools\SAS\SASKUTIL64.SYS [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is the computer running now

#5 wpetti

wpetti
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 14 July 2015 - 12:04 PM

Sorry, I'm not to tech... From where inside AdwCleaner can I remove that file? When I run it and open the various tabs, not much is there. I found the file in Notepad, but that's not where to remove it I'm sure. On the C drive?

 

Thanks



#6 wpetti

wpetti
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 14 July 2015 - 12:09 PM

what I meant was when you instruct to clean the entry I assume I am to remove the file while inside AdwCleaner, and I'm not clear how to get to the file through that program



#7 wpetti

wpetti
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 14 July 2015 - 12:19 PM

Okay, I am a chicken but I went ahead and highlighted the files you said to clean in Notepad, then deleted them and saved the changes. I ran ran FRST as instructed and I am posting the log here. Will reboot and reset Internet Explorer as instructed. Thank you, NASDAQ.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by w00t Pro (administrator) on W00TPC-THINK2 on 14-07-2015 12:15:29
Running from C:\Users\w00t Pro\Downloads
Loaded Profiles: w00t Pro (Available Profiles: w00t Pro)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(Lenovo) C:\Program Files\Lenovo\LBAI\LBAEvent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Livedrive Internet Ltd) C:\Program Files (x86)\Livedrive\Livedrive.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKLE.EXE
(Dell) C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-01-28] (Lenovo Group Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DellNSCST_GRNCH] => C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe [278528 2008-07-16] (Dell)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [503400 2013-07-05] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-07-05] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1067072 2013-07-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [ihccontrol] => C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe [2006080 2014-10-18] (Instant Housecall)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\Run: [Livedrive] => C:\Program Files (x86)\Livedrive\Livedrive.exe [1842840 2014-07-24] (Livedrive Internet Ltd)
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKLE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\MountPoints2: {b64b9743-1cd0-11e4-92e1-806e6f6e6963} - D:\SETUP.exe
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\logon.scr
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [BackupOverlay] -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002 -> {81E0BFB1-CAFE-4AAD-9F5F-A27D59431BCE} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{0CD01375-D34E-4961-8291-9BA5E1F65B8D}: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{407E8522-6CE9-4A6D-B80C-96D457569557}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4A78F57E-E80F-44F0-882E-7CEF1F1DE4C6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4EAF7262-D950-4132-AADC-B691FF7F5A45}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7CB80628-6D6F-4A1F-AA0B-2CDAAF1044B5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B43BCA8C-6208-4F15-BD36-B4E763E0EBC9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DDB1F0DF-0D8F-45BC-9398-4B0370A2223A}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\w00t Pro\AppData\Roaming\Mozilla\Firefox\Profiles\vcpogcqm.default-1436545091195
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-17] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4271722370-1150792674-1538857754-1002: @citrixonline.com/appdetectorplugin -> C:\Users\w00t Pro\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-10] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn [2015-07-14]

Chrome:
=======
CHR Profile: C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-09]
CHR Extension: (Norton Identity Safe) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-08]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-08-10] (Advanced Micro Devices, Inc.) [File not signed]
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2013-08-26] (AOMEI Tech Co., Ltd.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [610888 2015-06-10] (Citrix Systems, Inc.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-16] (SurfRight B.V.)
R2 IHCserver; C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe [2006080 2014-10-18] (Instant Housecall)
R2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [15520 2012-03-23] (Lenovo) [File not signed]
S2 LivedriveVSSService; C:\Program Files (x86)\Livedrive\VSSService.exe [210584 2014-07-24] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe [282016 2015-06-17] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
S3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63816 2013-02-26] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186696 2013-02-26] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 Unchecky; C:\program files\Unchecky\bin\Unchecky_svc.exe [164600 2015-07-13] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] () [File not signed]
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605000.07C\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-07-10] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150712.001\IDSvia64.sys [692984 2015-07-08] (Symantec Corporation)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-08] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150713.033\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150713.033\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 rccfg; C:\Windows\system32\drivers\rccfg.sys [21680 2013-03-28] (AMD, Inc.)
S3 rcraid; C:\Windows\system32\drivers\rcraid.sys [526000 2013-03-28] (AMD, Inc.)
R2 RtDashPt; C:\Windows\System32\DRIVERS\RtDashPt.sys [29256 2013-04-29] (Realtek semiconductor corp)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1605000.07C\SRTSP64.SYS [917720 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605000.07C\SRTSPX64.SYS [42200 2015-06-04] (Symantec Corporation)
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-07-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605000.07C\Ironx64.SYS [288984 2015-06-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605000.07C\SYMNETS.SYS [567512 2015-06-04] (Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S1 SASDIFSV; \??\E:\w00tTech\d7II\3rd Party Tools\SAS\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\E:\w00tTech\d7II\3rd Party Tools\SAS\SASKUTIL64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 12:13 - 2015-07-14 12:13 - 00000965 _____ C:\Users\w00t Pro\Downloads\fixlist.txt
2015-07-13 11:21 - 2015-07-14 12:15 - 00049392 _____ C:\Users\w00t Pro\Downloads\FRST.txt
2015-07-13 11:21 - 2015-07-13 11:52 - 00041836 _____ C:\Users\w00t Pro\Downloads\Addition.txt
2015-07-13 11:20 - 2015-07-14 12:15 - 00000000 ____D C:\FRST
2015-07-13 11:19 - 2015-07-13 11:19 - 02133504 _____ (Farbar) C:\Users\w00t Pro\Downloads\FRST64 (1).exe
2015-07-13 11:18 - 2015-07-13 11:18 - 02133504 _____ (Farbar) C:\Users\w00t Pro\Downloads\FRST64.exe
2015-07-13 11:07 - 2015-07-13 11:07 - 02248704 _____ C:\Users\w00t Pro\Desktop\adwcleaner_4.208.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-10 13:08 - 2015-07-10 13:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-10 13:08 - 2015-07-10 13:08 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-10 13:08 - 2015-07-10 13:08 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-10 13:08 - 2015-07-10 13:08 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-07-10 13:08 - 2015-07-10 13:08 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-07-10 13:08 - 2015-07-10 13:08 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-10 13:08 - 2015-07-10 13:08 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-10 13:08 - 2015-07-10 13:08 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-10 13:08 - 2015-07-10 13:08 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-10 13:08 - 2015-07-10 13:08 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-07-10 13:05 - 2015-07-10 13:09 - 00006941 _____ C:\Windows\IE10_main.log
2015-07-10 13:05 - 2015-07-10 13:06 - 44335120 _____ (Microsoft Corporation) C:\Users\w00t Pro\Downloads\IE10-Windows6.1-x64-en-us.exe
2015-07-10 12:51 - 2015-07-10 13:18 - 00024189 _____ C:\Windows\IE11_main.log
2015-07-10 12:50 - 2015-07-10 12:51 - 55915216 _____ (Microsoft Corporation) C:\Users\w00t Pro\Downloads\IE11-Windows6.1-x64-en-us.exe
2015-07-10 12:48 - 2015-07-10 13:14 - 00001428 _____ C:\Users\w00t Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-10 11:56 - 2015-07-10 11:56 - 00000207 _____ C:\Windows\tweaking.com-regbackup-W00TPC-THINK2-Windows-7-Professional-(64-bit).dat
2015-07-10 11:56 - 2015-07-10 11:56 - 00000000 ____D C:\RegBackup
2015-07-10 11:37 - 2015-07-10 11:37 - 00000000 ____D C:\Users\w00t Pro\Documents\Add-in Express
2015-07-10 11:32 - 2015-07-10 11:32 - 00000000 _____ C:\Windows\EEventManager.INI
2015-07-10 11:29 - 2015-07-14 11:57 - 00000000 ____D C:\Windows\CryptoGuard
2015-07-10 11:29 - 2015-07-11 14:59 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2015-07-10 11:29 - 2015-07-10 11:29 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2015-07-10 11:29 - 2015-07-10 11:29 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2015-07-10 11:29 - 2015-07-10 11:29 - 00093144 _____ C:\Windows\system32\Drivers\hmpalert.sys
2015-07-10 11:29 - 2015-07-10 11:29 - 00053248 _____ C:\Windows\SysWOW64\zlib.dll
2015-07-10 11:29 - 2015-07-10 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2015-07-10 11:29 - 2015-07-10 11:29 - 00000000 ____D C:\ProgramData\Foolish IT
2015-07-10 11:18 - 2015-07-10 11:18 - 00000000 ____D C:\Users\w00t Pro\Desktop\Old Firefox Data
2015-07-10 11:10 - 2015-07-14 11:48 - 00000448 _____ C:\Windows\setupact.log
2015-07-10 11:10 - 2015-07-10 11:10 - 00000000 _____ C:\Windows\setuperr.log
2015-07-10 11:09 - 2015-07-10 12:05 - 00004694 _____ C:\Windows\PFRO.log
2015-07-10 11:09 - 2015-07-10 11:09 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-07-10 11:07 - 2015-07-14 11:57 - 00000000 ____D C:\AdwCleaner
2015-07-10 10:38 - 2015-07-10 10:38 - 00000847 _____ C:\Users\Public\Desktop\Unchecky.lnk
2015-07-10 10:38 - 2015-07-10 10:38 - 00000000 ____D C:\ProgramData\Unchecky
2015-07-10 10:38 - 2015-07-10 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-07-10 10:38 - 2015-07-10 10:38 - 00000000 ____D C:\Program Files\Unchecky
2015-07-10 10:37 - 2015-07-10 10:37 - 00073570 _____ C:\Users\w00t Pro\Documents\cc_20150710_103743.reg
2015-07-10 10:27 - 2015-07-10 10:27 - 00000000 ____D C:\PatchMyPCUpdates
2015-07-10 10:25 - 2015-07-10 10:25 - 00000000 ____D C:\Users\w00t Pro\AppData\Roaming\Hard Disk Sentinel
2015-07-10 10:09 - 2015-07-10 10:09 - 00001531 _____ C:\Users\Public\Desktop\w00t logs.lnk
2015-07-10 10:08 - 2015-06-17 15:31 - 06804480 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatAx-9.5.0-win32.dll
2015-07-10 10:08 - 2014-10-24 12:18 - 01993088 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Controls.Unicode.v16.4.0.ocx
2015-07-10 10:08 - 2004-03-09 01:00 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.ocx.f_upgrade
2015-07-10 10:08 - 2004-03-09 01:00 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2015-07-09 10:09 - 2015-07-09 10:09 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2015-07-09 10:01 - 2015-07-09 10:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-07-08 21:46 - 2015-07-08 21:46 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-01 12:36 - 2015-07-01 12:37 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-06-18 11:23 - 2015-06-18 11:23 - 00000043 _____ C:\Users\w00t Pro\Documents\Junxure backup.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 12:11 - 2014-04-16 13:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 12:04 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 12:04 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 12:03 - 2015-02-02 12:03 - 00000911 _____ C:\Windows\Tasks\EPSON WF-4630 Series Update {EDE125B6-94B7-4022-BAEF-F4F691D495DB}.job
2015-07-14 12:03 - 2015-02-02 12:03 - 00000725 _____ C:\Windows\Tasks\EPSON WF-4630 Series Invitation {EDE125B6-94B7-4022-BAEF-F4F691D495DB}.job
2015-07-14 11:54 - 2014-10-19 19:51 - 01588850 _____ C:\Windows\WindowsUpdate.log
2015-07-14 11:54 - 2014-08-05 16:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 11:53 - 2014-04-16 13:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 11:53 - 2014-04-16 13:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 11:53 - 2014-04-16 13:08 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 11:53 - 2014-04-16 13:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 11:52 - 2014-04-25 13:16 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 11:49 - 2014-04-16 13:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-14 11:48 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 05:50 - 2014-08-08 15:13 - 00000000 ____D C:\Program Files (x86)\Instant Housecall
2015-07-14 05:50 - 2014-08-08 14:53 - 00000000 ____D C:\Program Files (x86)\Livedrive
2015-07-11 14:43 - 2014-08-05 14:07 - 00000000 ____D C:\Users\w00t Pro\AppData\Local\CrashDumps
2015-07-10 14:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-07-10 13:14 - 2014-08-08 14:47 - 00000000 __SHD C:\Users\w00t Pro\PrivacIE
2015-07-10 13:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-10 12:47 - 2012-10-01 14:26 - 00000000 ____D C:\Windows\Panther
2015-07-10 12:23 - 2014-04-16 13:04 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-07-10 12:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-10 12:02 - 2009-07-14 00:13 - 00786812 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-10 12:01 - 2009-07-13 21:34 - 00000514 _____ C:\Windows\win.ini
2015-07-10 11:58 - 2014-04-16 18:03 - 00786812 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-10 11:55 - 2014-08-25 00:02 - 00000000 ____D C:\Users\Wells Pettibone
2015-07-10 11:55 - 2014-04-16 11:41 - 00000000 ____D C:\Users\w00tPC
2015-07-10 11:54 - 2014-04-17 12:49 - 00000000 ____D C:\Users\w00t Pro
2015-07-10 11:54 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2015-07-10 11:35 - 2009-07-13 21:34 - 00001993 _____ C:\Windows\system32\Drivers\etc\hosts_bak_88
2015-07-10 11:24 - 2014-03-27 19:51 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2015-07-10 10:42 - 2014-08-08 15:03 - 00000013 _____ C:\Windows\BRVIDEO.INI
2015-07-10 10:42 - 2014-08-08 15:02 - 00000264 _____ C:\Windows\Brownie.ini
2015-07-10 10:25 - 2014-07-17 07:59 - 00000000 ____D C:\Users\w00t Pro\AppData\Roaming\Nitro PDF
2015-07-10 10:17 - 2014-07-16 16:29 - 00000172 _____ C:\Windows\zerobyte_files_deleted.txt
2015-07-10 10:17 - 2014-07-16 16:29 - 00000074 _____ C:\Windows\system32\zerobyte_files_deleted.txt
2015-07-10 10:17 - 2014-03-27 19:35 - 00000000 ____D C:\Program Files\Lenovo
2015-07-10 10:16 - 2014-08-05 13:59 - 00000000 ____D C:\Support
2015-07-09 10:07 - 2014-04-25 13:06 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-09 10:03 - 2014-08-08 14:57 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2015-07-09 10:02 - 2014-08-08 14:57 - 00003236 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-09 10:01 - 2014-08-08 14:57 - 00002445 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2015-07-09 09:18 - 2014-08-08 14:51 - 00000000 ____D C:\Wagner Monte Carlo
2015-07-08 21:50 - 2014-08-08 14:57 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-08 21:50 - 2014-08-08 14:57 - 00008166 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-08 21:50 - 2014-08-08 14:57 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-08 21:50 - 2014-03-27 20:02 - 00000000 ____D C:\ProgramData\Norton
2015-07-08 10:33 - 2014-04-16 13:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-08 10:33 - 2014-04-16 13:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-08 10:33 - 2014-04-16 13:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-07 12:31 - 2014-04-17 13:17 - 00001186 _____ C:\Users\w00t Pro\Desktop\Auslogics DiskDefrag.lnk
2015-07-04 12:31 - 2014-04-16 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-03 18:00 - 2014-08-08 15:05 - 00001024 ____H C:\SYSTAG.BIN
2015-07-03 12:30 - 2014-09-02 22:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 12:30 - 2014-08-05 16:14 - 00001180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-03 12:30 - 2014-04-16 13:06 - 00001168 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-01 12:37 - 2015-01-29 13:36 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-07-01 12:37 - 2014-04-16 12:59 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-01 12:37 - 2014-04-16 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-01 12:37 - 2014-04-16 12:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-22 12:31 - 2014-12-03 13:30 - 00001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-22 12:31 - 2014-07-17 07:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-18 11:25 - 2014-08-08 15:03 - 00000426 _____ C:\Windows\BRWMARK.INI
2015-06-18 08:41 - 2014-04-16 12:59 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-04-16 12:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-04-16 12:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-16 15:14 - 2014-08-11 10:46 - 00000000 ____D C:\Users\w00t Pro\AppData\Local\Citrix
2015-06-15 08:59 - 2009-07-14 00:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-08-08 15:06 - 2014-08-08 15:06 - 0007162 _____ () C:\Users\w00t Pro\AppData\Roaming\DellFaxOptions.xml
2014-03-27 20:00 - 2014-03-27 20:00 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-03-27 19:57 - 2014-03-27 19:58 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-03-27 19:58 - 2014-03-27 19:59 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-03-27 19:59 - 2014-03-27 20:00 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some files in TEMP:
====================
C:\Users\w00t Pro\AppData\Local\Temp\IntResource.dll
C:\Users\w00t Pro\AppData\Local\Temp\Quarantine.exe
C:\Users\w00t Pro\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-13 00:13

==================== End of log ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:33 AM

Posted 15 July 2015 - 07:50 AM

My suggested fix for the Farbar tool did not work correctly.

Download the Fixlist.txt attached.

Save the in the downloads folder listed in bold C:\Users\w00t Pro\Downloads

Run FRST (Farbar tool) and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Attached Files



#9 wpetti

wpetti
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 16 July 2015 - 09:15 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by w00t Pro (administrator) on W00TPC-THINK2 on 16-07-2015 09:12:56
Running from C:\Users\w00t Pro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8CMHIFRY
Loaded Profiles: w00t Pro (Available Profiles: w00t Pro)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(Lenovo) C:\Program Files\Lenovo\LBAI\LBAEvent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Livedrive Internet Ltd) C:\Program Files (x86)\Livedrive\Livedrive.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKLE.EXE
(Dell) C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Instant Housecall) C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-01-28] (Lenovo Group Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DellNSCST_GRNCH] => C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe [278528 2008-07-16] (Dell)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [503400 2013-07-05] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-07-05] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1067072 2013-07-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [ihccontrol] => C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe [2006080 2014-10-18] (Instant Housecall)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\Run: [Livedrive] => C:\Program Files (x86)\Livedrive\Livedrive.exe [1842840 2014-07-24] (Livedrive Internet Ltd)
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKLE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\MountPoints2: {b64b9743-1cd0-11e4-92e1-806e6f6e6963} - D:\SETUP.exe
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\logon.scr
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [BackupOverlay] -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers: [LivedriveDownloadOverlay] -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSharedOverlay] -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveSyncedOverlay] -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [LivedriveUploadOverlay] -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Livedrive\Extensions.dll [2014-07-24] (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-04-30] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002 -> {81E0BFB1-CAFE-4AAD-9F5F-A27D59431BCE} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{0CD01375-D34E-4961-8291-9BA5E1F65B8D}: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{407E8522-6CE9-4A6D-B80C-96D457569557}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4A78F57E-E80F-44F0-882E-7CEF1F1DE4C6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4EAF7262-D950-4132-AADC-B691FF7F5A45}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7CB80628-6D6F-4A1F-AA0B-2CDAAF1044B5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B43BCA8C-6208-4F15-BD36-B4E763E0EBC9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DDB1F0DF-0D8F-45BC-9398-4B0370A2223A}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\w00t Pro\AppData\Roaming\Mozilla\Firefox\Profiles\vcpogcqm.default-1436545091195
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-17] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4271722370-1150792674-1538857754-1002: @citrixonline.com/appdetectorplugin -> C:\Users\w00t Pro\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-10] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn [2015-07-15]

Chrome:
=======
CHR Profile: C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-09]
CHR Extension: (Norton Identity Safe) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-07-08]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-08-10] (Advanced Micro Devices, Inc.) [File not signed]
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2013-08-26] (AOMEI Tech Co., Ltd.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\818\g2ax_service.exe [610888 2015-06-10] (Citrix Systems, Inc.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-16] (SurfRight B.V.)
R2 IHCserver; C:\Program Files (x86)\Instant Housecall\InstantHousecall.exe [2006080 2014-10-18] (Instant Housecall)
R2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [15520 2012-03-23] (Lenovo) [File not signed]
S2 LivedriveVSSService; C:\Program Files (x86)\Livedrive\VSSService.exe [210584 2014-07-24] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\NIS.exe [282016 2015-06-17] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
S3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63816 2013-02-26] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186696 2013-02-26] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 Unchecky; C:\program files\Unchecky\bin\Unchecky_svc.exe [164600 2015-07-13] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] () [File not signed]
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-22] (Symantec Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605000.07C\ccSetx64.sys [165080 2015-06-04] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-06-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-16] (Symantec Corporation)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-07-10] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150715.001\IDSvia64.sys [692984 2015-07-08] (Symantec Corporation)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-08] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150715.041\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150715.041\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 rccfg; C:\Windows\system32\drivers\rccfg.sys [21680 2013-03-28] (AMD, Inc.)
S3 rcraid; C:\Windows\system32\drivers\rcraid.sys [526000 2013-03-28] (AMD, Inc.)
R2 RtDashPt; C:\Windows\System32\DRIVERS\RtDashPt.sys [29256 2013-04-29] (Realtek semiconductor corp)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1605000.07C\SRTSP64.SYS [917720 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605000.07C\SRTSPX64.SYS [42200 2015-06-04] (Symantec Corporation)
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-07-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605000.07C\Ironx64.SYS [288984 2015-06-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605000.07C\SYMNETS.SYS [567512 2015-06-04] (Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 09:03 - 2015-07-16 09:05 - 00000997 _____ C:\Users\w00t Pro\Downloads\fixlist.txt
2015-07-14 20:17 - 2015-07-02 15:31 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 20:17 - 2015-07-02 14:15 - 14384640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 20:17 - 2015-07-02 13:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 20:17 - 2015-07-02 13:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 20:17 - 2015-06-29 08:30 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 20:17 - 2015-06-29 08:27 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 20:16 - 2015-07-09 12:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 20:16 - 2015-07-09 12:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 20:16 - 2015-07-09 12:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 20:16 - 2015-07-09 12:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 20:16 - 2015-07-09 12:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 20:16 - 2015-07-09 12:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 20:16 - 2015-07-09 12:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 20:16 - 2015-07-09 12:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 20:16 - 2015-07-09 12:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 20:16 - 2015-07-09 12:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 20:16 - 2015-07-09 12:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 20:16 - 2015-07-09 12:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 20:16 - 2015-07-09 12:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 20:16 - 2015-07-09 12:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 20:16 - 2015-07-09 12:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 20:16 - 2015-07-09 12:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 20:16 - 2015-07-04 13:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 20:16 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 20:16 - 2015-07-01 15:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 20:16 - 2015-07-01 15:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 20:16 - 2015-07-01 15:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 20:16 - 2015-07-01 15:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 20:16 - 2015-07-01 15:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 20:16 - 2015-07-01 15:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 20:16 - 2015-07-01 15:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 20:16 - 2015-07-01 15:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 20:16 - 2015-07-01 15:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 20:16 - 2015-07-01 15:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 20:16 - 2015-07-01 15:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 20:16 - 2015-07-01 15:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 20:16 - 2015-07-01 15:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 20:16 - 2015-07-01 15:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 20:16 - 2015-07-01 15:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 20:16 - 2015-07-01 15:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 20:16 - 2015-07-01 15:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 20:16 - 2015-07-01 15:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 20:16 - 2015-07-01 15:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 20:16 - 2015-07-01 15:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 20:16 - 2015-07-01 15:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 20:16 - 2015-07-01 15:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 20:16 - 2015-07-01 15:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 20:16 - 2015-07-01 15:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 20:16 - 2015-07-01 15:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 20:16 - 2015-07-01 15:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 20:16 - 2015-07-01 15:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 20:16 - 2015-07-01 15:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 20:16 - 2015-07-01 15:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 20:16 - 2015-07-01 15:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 20:16 - 2015-07-01 15:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 20:16 - 2015-07-01 15:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 20:16 - 2015-07-01 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 20:16 - 2015-07-01 15:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 20:16 - 2015-07-01 15:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 20:16 - 2015-07-01 14:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 20:16 - 2015-07-01 14:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 20:16 - 2015-07-01 14:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 20:16 - 2015-06-25 03:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 20:16 - 2015-06-17 12:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 20:16 - 2015-06-17 12:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 13771264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 20:16 - 2015-06-17 08:28 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 20:16 - 2015-06-17 08:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 20:16 - 2015-06-17 08:27 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 20:16 - 2015-06-17 08:27 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 20:16 - 2015-06-17 08:27 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 20:16 - 2015-06-17 08:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 20:16 - 2015-06-17 08:26 - 15415296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 20:16 - 2015-06-17 08:26 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 20:16 - 2015-06-17 08:26 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 20:16 - 2015-06-15 16:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 20:16 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 20:16 - 2015-06-15 16:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 20:16 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 20:16 - 2015-06-15 16:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 20:16 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 20:16 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 20:16 - 2015-06-15 16:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 20:16 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 20:16 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 20:16 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 20:16 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 20:16 - 2015-06-11 13:03 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 20:16 - 2015-06-11 12:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-14 20:16 - 2015-06-11 12:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-14 20:16 - 2015-06-11 12:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-14 20:16 - 2015-06-11 12:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-14 20:16 - 2015-06-11 12:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-14 20:16 - 2015-06-11 12:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-14 20:16 - 2015-06-11 12:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 20:16 - 2015-06-11 12:38 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-07-14 20:16 - 2015-06-11 12:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-07-14 20:16 - 2015-06-11 08:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-14 20:16 - 2015-06-09 13:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-14 20:16 - 2015-06-09 13:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-14 20:16 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 20:16 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 20:16 - 2015-04-27 14:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-14 20:16 - 2015-04-27 14:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-14 20:16 - 2015-04-27 14:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-14 20:16 - 2015-04-27 14:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-14 20:16 - 2015-04-27 14:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-14 20:16 - 2015-04-27 14:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-14 20:16 - 2015-04-27 14:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-14 20:16 - 2015-04-27 14:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-14 20:14 - 2015-07-09 12:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 20:14 - 2015-07-09 12:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 20:14 - 2015-07-09 12:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 20:14 - 2015-07-09 12:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 20:14 - 2015-07-09 12:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 20:14 - 2015-07-09 12:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 20:14 - 2015-07-09 12:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 20:14 - 2015-07-09 12:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 20:14 - 2015-07-03 13:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-14 20:14 - 2015-07-03 13:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-14 20:14 - 2015-07-03 13:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-14 20:14 - 2015-07-03 13:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-14 20:14 - 2015-07-03 12:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-14 20:14 - 2015-07-03 12:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-14 20:14 - 2015-07-03 12:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-14 20:14 - 2015-07-03 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-14 20:14 - 2015-07-03 11:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-14 20:14 - 2015-07-03 11:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-13 11:21 - 2015-07-14 12:16 - 00073681 _____ C:\Users\w00t Pro\Downloads\FRST.txt
2015-07-13 11:21 - 2015-07-13 11:52 - 00041836 _____ C:\Users\w00t Pro\Downloads\Addition.txt
2015-07-13 11:20 - 2015-07-16 09:12 - 00000000 ____D C:\FRST
2015-07-13 11:07 - 2015-07-13 11:07 - 02248704 _____ C:\Users\w00t Pro\Desktop\adwcleaner_4.208.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-07-10 13:08 - 2015-07-10 13:08 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-07-10 13:08 - 2015-07-10 13:08 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-10 13:08 - 2015-07-10 13:08 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-10 13:08 - 2015-07-10 13:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-07-10 13:08 - 2015-07-10 13:08 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-10 13:08 - 2015-07-10 13:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-07-10 13:05 - 2015-07-10 13:09 - 00006941 _____ C:\Windows\IE10_main.log
2015-07-10 13:05 - 2015-07-10 13:06 - 44335120 _____ (Microsoft Corporation) C:\Users\w00t Pro\Downloads\IE10-Windows6.1-x64-en-us.exe
2015-07-10 12:51 - 2015-07-10 13:18 - 00024189 _____ C:\Windows\IE11_main.log
2015-07-10 12:50 - 2015-07-10 12:51 - 55915216 _____ (Microsoft Corporation) C:\Users\w00t Pro\Downloads\IE11-Windows6.1-x64-en-us.exe
2015-07-10 12:48 - 2015-07-10 13:14 - 00001428 _____ C:\Users\w00t Pro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-10 11:56 - 2015-07-10 11:56 - 00000207 _____ C:\Windows\tweaking.com-regbackup-W00TPC-THINK2-Windows-7-Professional-(64-bit).dat
2015-07-10 11:56 - 2015-07-10 11:56 - 00000000 ____D C:\RegBackup
2015-07-10 11:37 - 2015-07-10 11:37 - 00000000 ____D C:\Users\w00t Pro\Documents\Add-in Express
2015-07-10 11:32 - 2015-07-10 11:32 - 00000000 _____ C:\Windows\EEventManager.INI
2015-07-10 11:29 - 2015-07-16 09:06 - 00000000 ____D C:\Windows\CryptoGuard
2015-07-10 11:29 - 2015-07-11 14:59 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2015-07-10 11:29 - 2015-07-10 11:29 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2015-07-10 11:29 - 2015-07-10 11:29 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2015-07-10 11:29 - 2015-07-10 11:29 - 00093144 _____ C:\Windows\system32\Drivers\hmpalert.sys
2015-07-10 11:29 - 2015-07-10 11:29 - 00053248 _____ C:\Windows\SysWOW64\zlib.dll
2015-07-10 11:29 - 2015-07-10 11:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2015-07-10 11:29 - 2015-07-10 11:29 - 00000000 ____D C:\ProgramData\Foolish IT
2015-07-10 11:18 - 2015-07-10 11:18 - 00000000 ____D C:\Users\w00t Pro\Desktop\Old Firefox Data
2015-07-10 11:10 - 2015-07-15 03:27 - 00000616 _____ C:\Windows\setupact.log
2015-07-10 11:10 - 2015-07-10 11:10 - 00000000 _____ C:\Windows\setuperr.log
2015-07-10 11:09 - 2015-07-15 03:21 - 00005358 _____ C:\Windows\PFRO.log
2015-07-10 11:09 - 2015-07-10 11:09 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-07-10 11:07 - 2015-07-14 11:57 - 00000000 ____D C:\AdwCleaner
2015-07-10 10:38 - 2015-07-10 10:38 - 00000847 _____ C:\Users\Public\Desktop\Unchecky.lnk
2015-07-10 10:38 - 2015-07-10 10:38 - 00000000 ____D C:\ProgramData\Unchecky
2015-07-10 10:38 - 2015-07-10 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-07-10 10:38 - 2015-07-10 10:38 - 00000000 ____D C:\Program Files\Unchecky
2015-07-10 10:37 - 2015-07-10 10:37 - 00073570 _____ C:\Users\w00t Pro\Documents\cc_20150710_103743.reg
2015-07-10 10:27 - 2015-07-10 10:27 - 00000000 ____D C:\PatchMyPCUpdates
2015-07-10 10:25 - 2015-07-10 10:25 - 00000000 ____D C:\Users\w00t Pro\AppData\Roaming\Hard Disk Sentinel
2015-07-10 10:09 - 2015-07-10 10:09 - 00001531 _____ C:\Users\Public\Desktop\w00t logs.lnk
2015-07-10 10:08 - 2015-06-17 15:31 - 06804480 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatAx-9.5.0-win32.dll
2015-07-10 10:08 - 2014-10-24 12:18 - 01993088 _____ (Codejock Software) C:\Windows\SysWOW64\Codejock.Controls.Unicode.v16.4.0.ocx
2015-07-10 10:08 - 2004-03-09 01:00 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.ocx.f_upgrade
2015-07-10 10:08 - 2004-03-09 01:00 - 00212240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2015-07-09 10:09 - 2015-07-09 10:09 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2015-07-09 10:01 - 2015-07-09 10:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-07-08 21:46 - 2015-07-08 21:46 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-01 12:36 - 2015-07-01 12:37 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-06-18 11:23 - 2015-06-18 11:23 - 00000043 _____ C:\Users\w00t Pro\Documents\Junxure backup.txt
2015-06-17 01:01 - 2015-06-17 01:01 - 01202856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 09:03 - 2015-02-02 12:03 - 00000911 _____ C:\Windows\Tasks\EPSON WF-4630 Series Update {EDE125B6-94B7-4022-BAEF-F4F691D495DB}.job
2015-07-16 09:03 - 2015-02-02 12:03 - 00000725 _____ C:\Windows\Tasks\EPSON WF-4630 Series Invitation {EDE125B6-94B7-4022-BAEF-F4F691D495DB}.job
2015-07-16 08:16 - 2014-04-16 13:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 07:14 - 2014-08-08 15:13 - 00000000 ____D C:\Program Files (x86)\Instant Housecall
2015-07-16 07:14 - 2014-08-08 14:53 - 00000000 ____D C:\Program Files (x86)\Livedrive
2015-07-15 21:56 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-15 21:56 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-15 18:16 - 2014-04-16 13:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-15 18:11 - 2014-04-16 13:07 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 18:11 - 2014-04-16 13:07 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 10:40 - 2015-01-22 20:13 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-15 10:39 - 2015-01-22 20:13 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-15 04:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-07-15 03:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-15 03:23 - 2009-07-13 23:45 - 00496344 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 03:20 - 2015-04-15 03:25 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 03:20 - 2014-10-19 19:51 - 01953153 _____ C:\Windows\WindowsUpdate.log
2015-07-15 03:20 - 2014-05-08 12:16 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 03:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 03:04 - 2014-08-08 14:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-14 12:22 - 2014-04-16 13:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 11:54 - 2014-08-05 16:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 11:53 - 2014-04-16 13:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 11:53 - 2014-04-16 13:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 11:53 - 2014-04-16 13:08 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 11:52 - 2014-04-25 13:16 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-11 14:43 - 2014-08-05 14:07 - 00000000 ____D C:\Users\w00t Pro\AppData\Local\CrashDumps
2015-07-10 13:14 - 2014-08-08 14:47 - 00000000 __SHD C:\Users\w00t Pro\PrivacIE
2015-07-10 12:47 - 2012-10-01 14:26 - 00000000 ____D C:\Windows\Panther
2015-07-10 12:23 - 2014-04-16 13:04 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-07-10 12:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-10 12:02 - 2009-07-14 00:13 - 00786812 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-10 12:01 - 2009-07-13 21:34 - 00000514 _____ C:\Windows\win.ini
2015-07-10 11:58 - 2014-04-16 18:03 - 00786812 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-10 11:55 - 2014-08-25 00:02 - 00000000 ____D C:\Users\Wells Pettibone
2015-07-10 11:55 - 2014-04-16 11:41 - 00000000 ____D C:\Users\w00tPC
2015-07-10 11:54 - 2014-04-17 12:49 - 00000000 ____D C:\Users\w00t Pro
2015-07-10 11:54 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2015-07-10 11:35 - 2009-07-13 21:34 - 00001993 _____ C:\Windows\system32\Drivers\etc\hosts_bak_88
2015-07-10 11:24 - 2014-03-27 19:51 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2015-07-10 10:42 - 2014-08-08 15:03 - 00000013 _____ C:\Windows\BRVIDEO.INI
2015-07-10 10:42 - 2014-08-08 15:02 - 00000264 _____ C:\Windows\Brownie.ini
2015-07-10 10:25 - 2014-07-17 07:59 - 00000000 ____D C:\Users\w00t Pro\AppData\Roaming\Nitro PDF
2015-07-10 10:17 - 2014-07-16 16:29 - 00000172 _____ C:\Windows\zerobyte_files_deleted.txt
2015-07-10 10:17 - 2014-07-16 16:29 - 00000074 _____ C:\Windows\system32\zerobyte_files_deleted.txt
2015-07-10 10:17 - 2014-03-27 19:35 - 00000000 ____D C:\Program Files\Lenovo
2015-07-10 10:16 - 2014-08-05 13:59 - 00000000 ____D C:\Support
2015-07-09 10:07 - 2014-04-25 13:06 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-09 10:03 - 2014-08-08 14:57 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2015-07-09 10:02 - 2014-08-08 14:57 - 00003236 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-07-09 10:01 - 2014-08-08 14:57 - 00002445 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2015-07-09 09:18 - 2014-08-08 14:51 - 00000000 ____D C:\Wagner Monte Carlo
2015-07-08 21:50 - 2014-08-08 14:57 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-07-08 21:50 - 2014-08-08 14:57 - 00008166 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-07-08 21:50 - 2014-08-08 14:57 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-07-08 21:50 - 2014-03-27 20:02 - 00000000 ____D C:\ProgramData\Norton
2015-07-08 10:33 - 2014-04-16 13:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-08 10:33 - 2014-04-16 13:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-08 10:33 - 2014-04-16 13:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-07 12:31 - 2014-04-17 13:17 - 00001186 _____ C:\Users\w00t Pro\Desktop\Auslogics DiskDefrag.lnk
2015-07-04 12:31 - 2014-04-16 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-03 18:00 - 2014-08-08 15:05 - 00001024 ____H C:\SYSTAG.BIN
2015-07-03 12:30 - 2014-09-02 22:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 12:30 - 2014-08-05 16:14 - 00001180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-03 12:30 - 2014-04-16 13:06 - 00001168 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-01 12:37 - 2015-01-29 13:36 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-07-01 12:37 - 2014-04-16 12:59 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-01 12:37 - 2014-04-16 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-01 12:37 - 2014-04-16 12:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-22 12:31 - 2014-12-03 13:30 - 00001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-22 12:31 - 2014-07-17 07:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-18 11:25 - 2014-08-08 15:03 - 00000426 _____ C:\Windows\BRWMARK.INI
2015-06-18 08:41 - 2014-04-16 12:59 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-04-16 12:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-04-16 12:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-16 15:14 - 2014-08-11 10:46 - 00000000 ____D C:\Users\w00t Pro\AppData\Local\Citrix

==================== Files in the root of some directories =======

2014-08-08 15:06 - 2014-08-08 15:06 - 0007162 _____ () C:\Users\w00t Pro\AppData\Roaming\DellFaxOptions.xml
2014-03-27 20:00 - 2014-03-27 20:00 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-03-27 19:57 - 2014-03-27 19:58 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-03-27 19:58 - 2014-03-27 19:59 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-03-27 19:59 - 2014-03-27 20:00 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some files in TEMP:
====================
C:\Users\w00t Pro\AppData\Local\Temp\IntResource.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-13 00:13

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by w00t Pro at 2015-07-16 09:13:23
Running from C:\Users\w00t Pro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8CMHIFRY
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4271722370-1150792674-1538857754-500 - Administrator - Disabled)
Guest (S-1-5-21-4271722370-1150792674-1538857754-501 - Limited - Disabled)
w00t Pro (S-1-5-21-4271722370-1150792674-1538857754-1002 - Administrator - Enabled) => C:\Users\w00t Pro

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{2F0E873B-1B60-FCC1-40B1-76E942EA5A56}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.0.0 - Auslogics Labs Pty Ltd)
Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Laser MFP 1815 Software Uninstall (HKLM-x32\...\Dell Laser MFP 1815) (Version:  - DELL Inc.)
Document Capture Pro (HKLM-x32\...\{1D707201-A58C-465E-869F-732DFEB4E306}) (Version: 1.02.0002 - Seiko Epson Corporation)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0FD15AD3-8505-49E6-984E-F863446652A7}) (Version: 3.10.0018 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.43.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-4630 Series Printer Uninstall (HKLM\...\EPSON WF-4630 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-4630 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-4630 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM-x32\...\{879FC63D-310A-3526-B4F4-D7139F94D7A6}) (Version: 66.77.16518 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GoToAssist Customer 2.3.0.818 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.3.0.818 - Citrix Online)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Instant Housecall (HKLM-x32\...\{B1566D09-03D9-4DDD-B3F3-759B22F3F053}) (Version: 6.2.0.0 - Instant Housecall)
Java 7 Update 79 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Junxure Desktop (HKLM-x32\...\{879FFED4-A41B-4486-8F9E-87CAE3B37516}) (Version: 9.5.1.0 - CRM Software, Inc.)
Junxure Outlook Addin (HKLM-x32\...\{0B0DFAB9-A3C8-489D-B1FC-8EBB606ED7B3}) (Version: 3.0.7 - CRM Software)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}) (Version: 1.0.0.6 - Lenovo)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
LibreOffice 4.4.4.3 (HKLM-x32\...\{5B6D82BB-CC1A-431E-8991-3E57855F99C5}) (Version: 4.4.4.3 - The Document Foundation)
Livedrive (HKLM\...\{7D2E0E90-3BBA-43B1-894D-EC39A4E18748}) (Version: 1.15.2.0 - Livedrive Internet Limited)
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.7122.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{07E55FB8-966C-4FA5-815D-D1F5AC8B1D87}) (Version: 8.5.5.2 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.0.124 - Symantec Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.01.0004 - Lenovo Group Limited)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (x32 Version: 10.0.1.2704 - CyberLink Corp.) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RtkWin7DashClientInstaller (HKLM-x32\...\{6F642DF6-F1BF-4A10-92B0-4A65CB04304C}) (Version: 2.0.9 - Realtek)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
SugarSync (HKLM-x32\...\SugarSync) (Version: 3.6.0.1.139445 - SugarSync, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.42.0 - Lenovo)
Unchecky v0.3.8 (HKLM-x32\...\Unchecky) (Version: 0.3.8 - RaMMicHaeL)
Uninstall Dell PC Fax (HKLM-x32\...\{11A80E40-621F-489C-A626-58886B60FEAC}) (Version:  - Dell Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
View Management Utility (HKLM\...\View Management Utility_is1) (Version: 3.0.1.20120921 - Lenovo Inc.)
WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden
Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA  (03/01/2013 7.12.0.7714) (HKLM\...\A2B8CA78DDCBA880E65B4D457629D348383CDD38) (Version: 03/01/2013 7.12.0.7714 - Advanced Micro Devices)
Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display  (08/09/2013 12.105.4.7000) (HKLM\...\5E515D595973DD1148687B4DEC8CD1004845F807) (Version: 08/09/2013 12.105.4.7000 - Advanced Micro Devices, Inc.)
Windows Driver Package - Realtek (RTL8167) Net  (06/18/2013 7.073.0618.2013) (HKLM\...\9B4C750285F22B91D150CDF1E12F51BB50A8607F) (Version: 06/18/2013 7.073.0618.2013 - Realtek)
Windows Driver Package - Realtek Multifunction  (07/20/2009 1.0.0217.2009) (HKLM\...\8F81B9F75450D43F572A25DC9779ED5E57C91655) (Version: 07/20/2009 1.0.0217.2009 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602) (HKLM\...\88CB7AA478955801F99FBF6D2BCF739BEB87A7F3) (Version: 03/27/2012 6.0.1.6602 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

03-06-2015 00:00:01 Scheduled Checkpoint
06-06-2015 03:00:10 Windows Update
10-06-2015 03:00:17 Windows Update
17-06-2015 12:18:18 Scheduled Checkpoint
24-06-2015 12:36:49 Scheduled Checkpoint
06-07-2015 17:26:52 Scheduled Checkpoint
09-07-2015 09:39:27 Revo Uninstaller's restore point - DoNotTrackMe Add-on 4.9.1728
10-07-2015 10:16:50 Removed Lenovo Solution Center.
10-07-2015 11:29:35 Technician Created System Restore Point
10-07-2015 11:56:31 Tweaking.com - Windows Repair
10-07-2015 12:40:22 Windows Modules Installer
10-07-2015 12:53:22 Windows Modules Installer
10-07-2015 12:55:19 Windows Modules Installer
10-07-2015 13:02:15 Windows Modules Installer
10-07-2015 13:02:41 Windows Modules Installer
10-07-2015 13:07:47 Windows Modules Installer
10-07-2015 13:17:24 Windows Modules Installer
14-07-2015 12:19:50 Restore Point Created by FRST
15-07-2015 03:00:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-07-15 03:28 - 00002022 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com

There are 5 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08BA725F-DA85-4676-8CE6-1F914522BD8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {3A059C78-1E40-4787-9A2E-694D7DA915AB} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {406227CD-9726-47E2-87E7-150E0F4149D8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\WSCStub.exe [2015-06-17] (Symantec Corporation)
Task: {4557F1B7-1294-4D42-989A-2944C59468EA} - System32\Tasks\EPSON WF-4630 Series Update {EDE125B6-94B7-4022-BAEF-F4F691D495DB} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {886D3455-0E21-4369-8FF9-B8CA57606284} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2013-02-26] (Lenovo Group Limited)
Task: {9CB7AFF1-18EB-477E-8F30-DF2AE8929D6F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A36D54D3-ED05-45D5-AF48-1EFC35238F8F} - System32\Tasks\EPSON WF-4630 Series Invitation {EDE125B6-94B7-4022-BAEF-F4F691D495DB} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {AF81BF92-18C2-4F1A-ABD5-746430E80E47} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-06] (CyberLink)
Task: {B47291C0-669E-45D4-B1D3-E98552BF88F9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {BE5C69FC-E971-4CB9-8307-2F2EC0FC7559} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)
Task: {BF85DED5-6D32-42BA-9CF5-0A705877749C} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {C62B9B4E-7E6E-47D1-A37E-4C0320C62E5A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {C65B9640-5808-48D1-99C4-CFADFF9D4332} - System32\Tasks\w00tUP => C:\w00tUP\w00tUP.exe [2010-06-02] (Secure By Design Inc.)
Task: {F599EADA-87AC-47B4-A152-86F9FC415263} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-16] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON WF-4630 Series Invitation {EDE125B6-94B7-4022-BAEF-F4F691D495DB}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE
Task: C:\Windows\Tasks\EPSON WF-4630 Series Update {EDE125B6-94B7-4022-BAEF-F4F691D495DB}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKLE.EXE:/EXE:{EDE125B6-94B7-4022-BAEF-F4F691D495DB} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-08-08 15:04 - 2008-07-18 17:59 - 00027648 _____ () C:\Windows\System32\DELG1L6.DLL
2014-08-08 15:05 - 2007-08-30 10:57 - 00080896 _____ () C:\Windows\System32\DellFaxPort_x64.dll
2013-08-10 06:52 - 2013-08-10 06:52 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00196312 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00220888 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00171736 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00257752 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00368344 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00057048 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00167640 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00245464 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00073432 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00093912 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2014-08-08 15:04 - 2013-08-26 17:15 - 00043736 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2014-07-24 15:58 - 2014-07-24 15:58 - 00816128 _____ () C:\Program Files (x86)\Livedrive\Localisation.dll
2011-07-28 16:20 - 2011-07-28 16:20 - 00270336 _____ () C:\Program Files (x86)\Livedrive\AlphaFS.dll
2014-07-24 16:05 - 2014-07-24 16:05 - 00068760 _____ () C:\Program Files (x86)\Livedrive\Native.dll
2013-03-06 23:49 - 2013-03-06 23:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-06 23:52 - 2013-03-06 23:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-03-31 09:47 - 2011-03-31 09:47 - 00466944 _____ () C:\Program Files (x86)\CRM Software\Junxure Outlook Addin\adxloader.dll
2014-08-11 11:21 - 2014-08-11 11:21 - 00374008 _____ () C:\Users\w00t Pro\AppData\Local\assembly\dl3\BRY3NXEX.HTQ\H7QTNPGT.1HV\48989600\000a3f04_9056ca01\AddinExpress.MAPI.DLL
2014-08-11 11:21 - 2014-08-11 11:21 - 00286720 _____ () C:\Users\w00t Pro\AppData\Local\assembly\dl3\BRY3NXEX.HTQ\H7QTNPGT.1HV\f2fa5980\00880bfb_2938c701\Interop.Outlook.DLL
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2014-08-11 11:21 - 2014-08-11 11:21 - 00011264 _____ () C:\Users\w00t Pro\AppData\Local\assembly\dl3\BRY3NXEX.HTQ\H7QTNPGT.1HV\8f0fbef8\00148b5a_c4a0cc01\SharedInterface.DLL
2015-07-16 09:07 - 2015-07-16 09:07 - 00139776 _____ () C:\Users\w00t Pro\AppData\Local\Temp\IntResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IHCserver => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\advisorservices.com -> advisorservices.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\att.com -> hxxps://www.um.att.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\bamadvisorcenters.com -> hxxps://www.bamadvisorcenters.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\bamshare.com -> hxxps://www.bamshare.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\bexedhea.com -> bexedhea.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\incrediblecharts.com -> *.incrediblecharts.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\schwabinstitutional.com -> hxxps://si2.schwabinstitutional.com
IE trusted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\wallst.com -> *.sim.wallst.com

IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\...\12-26.net -> user1.12-26.net

There are 6350 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\w00t Pro\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 71.10.216.1 - 71.10.216.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BrStsWnd => C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
MSCONFIG\startupreg: C: =>
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_206_ActiveX.exe -update activex
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\w00t Pro\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\w00t Pro\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{BE38FBB4-D040-4D83-B593-95AA1D38308A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CA4A0833-A479-411E-9F83-C05935AF1F9B}] => (Allow) LPort=2869
FirewallRules: [{AC02DFA5-AF1F-4A72-9776-812736B56DFC}] => (Allow) LPort=1900
FirewallRules: [{5CE6D318-D8D4-4499-98E9-A5BD6C63BB21}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [TCP Query User{93642157-BF3E-4904-B550-4177B6552564}C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe] => (Allow) C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe
FirewallRules: [UDP Query User{E50E0C53-DCCF-4C46-BAB0-1D09B3615952}C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe] => (Allow) C:\program files (x86)\dell\dell laser mfp 1815\networkscan\dnscst.exe
FirewallRules: [{F623E142-07BB-4310-8618-F0DED1315AE0}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{39611911-55F5-46A8-B560-F28EA9B15AAA}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{40A4B69B-8C97-4789-BD32-6ED6170FDAF1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{449DED0B-3F60-4CB0-B094-8A4D7D93A030}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A17AFBE-6F8F-4F85-AA6E-92DB94603C01}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{15AABFDD-6D57-41FB-969A-AC8386CC1307}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{1D67D594-2BD8-48B3-B5C6-FFD18413CEC1}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{F984B1D8-B9C6-4AB4-B558-3C31E803FC51}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{B79999CA-B671-436A-B914-57C583348F57}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9CF8605E-ED39-4EF0-B40D-D55B96ED2551}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F7B34D94-9DDF-438E-B4D1-F6BD58C04993}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{29827139-83DD-4E29-9AFE-0CB1134DA05D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{3898CCEA-97DD-4598-9E94-C1DC67D55F35}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{458E6BE4-37E1-4605-82F1-1D54A99BC9C7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{7B0079C7-29B0-4692-A355-5A0DFBFB917B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2015 02:43:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17377, time stamp: 0x55663e2e
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636317
Exception code: 0xc0000005
Fault offset: 0x00022322
Faulting process id: 0x2004
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (07/10/2015 11:59:00 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL

Error: (07/10/2015 11:58:54 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF

Error: (07/10/2015 11:36:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bb0e431e-da23-4d6e-9d57-a801eb431580}

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/10/2015 11:23:57 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (07/15/2015 10:38:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (07/15/2015 10:38:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (07/15/2015 10:38:14 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (07/15/2015 10:38:07 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (07/15/2015 03:29:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1058

Error: (07/15/2015 03:29:25 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (07/15/2015 03:29:25 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Instant Housecall Service service hung on starting.

Error: (07/15/2015 03:27:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Livedrive VSS Service service failed to start due to the following error:
%%1053

Error: (07/15/2015 03:27:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Livedrive VSS Service service to connect.

Error: (07/15/2015 03:26:50 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-07-16 09:05:48.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-16 08:00:37.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-16 07:01:14.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-16 06:38:47.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 22:34:36.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 17:52:15.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 16:37:41.876
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 16:07:43.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 14:13:20.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-15 13:24:28.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A8-6500B APU with Radeon™ HD Graphics
Percentage of memory in use: 29%
Total physical RAM: 7369.76 MB
Available physical RAM: 5178.02 MB
Total Virtual: 23751.97 MB
Available Virtual: 21264.58 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:452.56 GB) (Free:332.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (WF-4630) (CDROM) (Total:0.29 GB) (Free:0 GB) CDFS
Drive f: (On-Site Backup) (Fixed) (Total:149.05 GB) (Free:83.55 GB) NTFS
Drive p: () (Network) (Total:452.56 GB) (Free:332.45 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 53E109A8)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 0E171CDE)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of log ============================



#10 wpetti

wpetti
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 16 July 2015 - 09:40 AM

didn't know if fixlog should be posted before or after reboot, but here is fixlog after reboot:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by w00t Pro at 2015-07-16 09:26:36 Run:2
Running from C:\Users\w00t Pro\Downloads
Loaded Profiles: w00t Pro (Available Profiles: w00t Pro)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start

CloseProcesses:

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S1 SASDIFSV; \??\E:\w00tTech\d7II\3rd Party Tools\SAS\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\E:\w00tTech\d7II\3rd Party Tools\SAS\SASKUTIL64.SYS [X]

End

*****************

Processes closed successfully.
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-4271722370-1150792674-1538857754-1002\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
SASDIFSV => Service not found.
SASKUTIL => Service not found.
EmptyTemp: => 29.8 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 09:26:57 ====



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:33 AM

Posted 16 July 2015 - 10:14 AM

What are the remaining problems with this computer?

#12 wpetti

wpetti
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 21 July 2015 - 12:32 PM

Wow, Nadaq. You are one smart cookie. I tested loading several reports that prior to your fixes were horribly popping up as Cannot Load...now they open perfectly! Thank you so much!! I have a smaller question. When I open so-called agregator new sites, like Drudge, Daily Caller, etc., they really seem swamped with adware and pop ups and the sites often crash. I don't know if there is any way to at least slow down if not eliminate the pop ups...this is how the sites make a living...but it should not interfere with the reliable operation of the website and crash it...and ftr, it is not the agregator site that freezes up, but the sites after I hit a hyperlink to go to a story. This happens a lot or I would not bring it up, like almost every time. I think there are certain add-ons for Mozilla like Ad Stop but is there anything to help IE operate more smoothly across the net when pop ups are kind of invading the screen and if not completely crashing it, slowing it to a crawl?

 

Thanks so much for the other fixes!



#13 wpetti

wpetti
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 21 July 2015 - 01:13 PM

Update. Just now, while my computer was up and running normally, out of nowhere I got the dreaded Blue Screen. I was forced to reboot and everything came up normal but that Blue Screen is sneaky and can still be a bug in there after a reboot. I'm running maklwarebytes scan now and nothing has come up so far but scan in not complete. if anything comes up I will not delete and await your suggestions.

 

Thanks. wpetti



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:33 AM

Posted 21 July 2015 - 03:35 PM


Blue scree are not normally caused by malware.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

Next time you get a blue screen please note the exact error message and post the exact error message for my review.

#15 wpetti

wpetti
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 22 July 2015 - 11:28 AM

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by w00t Pro on Wed 07/22/2015 at 10:43:48.03.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\w00t Pro\Downloads\zoek(2).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

7/22/2015 10:47:58 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\InstantHousecall deleted successfully
C:\Users\w00t Pro\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\w00t Pro\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\w00t Pro\AppData\Local\EmieSiteList deleted successfully
C:\Users\w00t Pro\AppData\Local\EmieUserList deleted successfully
C:\Users\w00t Pro\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4271722370-1150792674-1538857754-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B6A4AD4-D6EE-47dd-B308-0E0930A43853} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\W00TPR~1\AppData\Roaming\Mozilla\Firefox\Profiles\326wxtdo.default

user.js not found
---- Lines isearch removed from prefs.js ----
user_pref("weboftrust.search.avg.url", "^http(s)?\\:\\/\\/isearch\\.avg\\.com\\/search\\?");
---- Lines ask.com removed from prefs.js ----
user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
---- Lines offers removed from prefs.js ----
user_pref("weboftrust.category.301", "{\"name\":\"301\",\"group\":\"4\",\"text\":\"Online tracking\",\"description\":\"Based on your experience the si
---- FireFox user.js and prefs.js backups ----

prefs_20150722_1119_.backup

ProfilePath: C:\Users\W00TPR~1\AppData\Roaming\Mozilla\Firefox\Profiles\vcpogcqm.default-1436545091195

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20150722_1119_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Support deleted
C:\Users\w00t Pro\Documents\Add-in Express deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\W00TPR~1\AppData\Roaming\Mozilla\Firefox\Profiles\326wxtdo.default
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn" [07/21/2015 01:45 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\W00TPR~1\AppData\Roaming\Mozilla\Firefox\Profiles\326wxtdo.default
- WOT - C:\Users\w00t Pro\AppData\Roaming\Mozilla\Firefox\Profiles\326wxtdo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\w00t Pro\AppData\Roaming\Mozilla\Firefox\Profiles\vcpogcqm.default-1436545091195
C92C7CA0E78F327951229F98BAEA15DB    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219159.dll -    Shockwave for Director / Shockwave for Director
FD82108FD60B63010325D9AF6F00AF99    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll -    Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\w00t Pro\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104


==== Chromium Look ======================

Google Chrome Version: 44.0.2403.89

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.0.124\Exts\Chrome.crx[06/05/2015 01:55 AM]
iikflkcanblccfahdhdonehdalibjnif - No path found[]

Norton Security Toolbar - w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
Norton Identity Safe - w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Chrome Hotword Shared Module - w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Chromium Startpages ======================

C:\Users\w00t Pro\AppData\Local\Google\Chrome\User Data\Default\Preferences
cation.twitter.com:443":{"supports_spdy":true},"t0.gstatic.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"t1.gstatic.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"t2.gstatic.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"t3.gstatic.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"themes.googleusercontent.com:443":{"supports_spdy":true},"tpc.googlesyndication.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":56673},"supports_spdy":true},"tpc.googlesyndication.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":44067}},"twitter.com:443":{"supports_spdy":true},"video-ad-stats.googlesyndication.com:443":{"supports_spdy":true},"www-sites-opensocial.googleusercontent.com:443":{"supports_spdy":true},"www.facebook.com:443":{"supports_spdy":true},"www.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":0.5,"protocol_str":"quic"}],"supports_spdy":true},"www.google-analytics.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":45980},"settings":{"4":100},"supports_spdy":true},"www.google.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":47875},"supports_spdy":true},"www.googletagmanager.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googletagservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":123125},"supports_spdy":true},"www.googletagservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":41740},"settings":{"4":100},"supports_spdy":true},"www.youtube-nocookie.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":41310},"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":122380}},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":113684},"supports_spdy":true}},"supports_quic":{"address":"192.168.1.100","used_quic":true},"version":3}},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{"https://[*.]www.bamadvisorcenters.com:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://[*.]www.bamadvisorcenters.com:443,*":{"popups":1}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"First user","password_manager_groups_for_domains":[null,null,null,null,null,null,4],"per_host_zoom_levels":{}},"protection":{"macs":{}},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13052002067559741"},"translate_blocked_languages":["en"],"translate_whitelists":{}}
manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076969739535543","lastpingday":"13080985190337179","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"en_US","default_locale":"en","description":"Google Wallet for digital goods","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Google Wallet","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13052002068136741","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\36.0.1985.125\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false}}},"homepage":"https://search.yahoo.com/?type=242154&fr=yo-yhp-ch","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"76B69C9E523C48C44E4B5BBF79F31F4C9FABA97860497EE68220BDB6B2C2EE8D"},"default_search_provider":{"keyword":"CF077A524D610D6DC04790B8301540CD4367F06DDD1C8703103BAA37E8D7CC27","name":"A9E2965A1A02E183E8ABF586BA5EF0A1F48F91F5F06563084619DC3B4DB6AB13","search_url":"70C930DC6F5EC7BEAD8654783D12F6047AF1D8FDBA13554F2F3B24A78EAE939E"},"default_search_provider_data":{"template_url_data":"B64D90754988A8F8CC312101DF13579E8CB5D86F9AE55B9CDC9B9CEA5F75569C"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"A7DDA06705E53E5204EDCA0B6B3A204B359D1BD2F0AC80159C123274AA9DFC16","bepbmhgboaologfdajaanbcjmnhjmhfn":"079046F9CABE579E2D77536943CF17BA4F48F6177BC1CDEC347D34368ACB4BE8","cjabmdjcfcfdmffimndhafhblfmpjdpe":"49C4683C36292107C1E92397BF96FB5E0BFDDEC5D847EB17F63662421FCFE3E0","dnhpdliibojhegemfjheidglijccjfmc":"25C36FA2E3F7DAFC60A4EBAE4E0F185CE43B2F585D940B6B7923A1312551DC5D","eemcgdkfndhakfknompkggombfjjjeno":"73B6C8CE0B735EA77ECD3E81464D350883B74AE11D3DB9C13F73B8CC6434C341","ennkphjdgehloodpbhlhldgbnhmacadg":"7F7790D248A0E99A4BDDC598C87234D5820E16D1A38D50F9C4C63A4E9C91A622","gfdkimpbcpahaombhbimeihdjnejgicl":"A1F1BCBB5A3CAF86D56989139EF77FA75DA76DD364B1A9CE96F433652C823B7B","iikflkcanblccfahdhdonehdalibjnif":"7C19731F8C14C4952EC906BC41CE60E1E5AA02D79CA97D0C424B24D06E4669BC","kmendfapggjehodndflmmgagdbamhnfd":"08817F6773B97ACACACEB2C7F7DFAF722BF01F6EC6AF39702CF31E25CCBDFC0B","lccekmodgklaepjeofjdjpbminllajkg":"3181ABC17F7CDD43882AADA475D4D47A63E227E08885593E3526779D7530D958","mfehgcgbbipciphmccgaenjidiccnmng":"E5BA0817E08672C758316032D1AFDF9B6D7F872DB4669C0A31A03022CF83CD06","mgndgikekgjfcpckkfioiadnlibdjbkf":"74A7D56D662D914F41B07EFFB8A9535799538F0350584F80B2D0CDDE828EB9DB","mhjfbmdgcfjbbpaeojofohoefgiehjai":"5749439F0759E24826F2F09A32B11BFE256D2F9BA6CD991D5F6F8A6637D75FD2","nbpagnldghgfoolbancepceaanlmhfmd":"2C8A004725BAF3E70EAA957954F5378F88F1564C622F1801B77E9E87939C40A8","neajdppkdcdipfabeoofebfddakdcjhd":"583250563787A92959014659244CA3114516F00765C575BFD553395B3563EFB5","nkeimhogjdpnpccoofpliimaahmaaome":"38A21D18AD06EBB5F1E64EB98E0D7D4953093997A8DB972EB9236CD99363F16E","nmmhkkegccagdldgiimedpiccmgmieda":"7BAB94547DDC3B86A09817A05D5189B79039110AC56F7C020F3A0A3FCB3F5AB5","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"C2474E961669CC16E3CC0FC8304E9D7EBF635893F6B9EEA84EB0ED67D2E7675C"}},"google":{"services":{"last_username":"5DFF02FA160537EE866A81799CB22C5FA1B1C16D99B696174C9A6203F6EAF58A","username":"A09B13BE075C7CB1648C5A724A087DB124726A0DCCD9B1BE8C6AA9E424F2FA28"}},"homepage":"15F54B0ED6F8FE1016B7487CB8C5B518A81A5C383947DBD8F12EEC6CC8CD924C","homepage_is_newtabpage":"B965BC10D17B7DC98D6B7AC1C90AC00543EF5D81C708C7D16617EA758710E4FE","pinned_tabs":"023793285B32D1963632F4D8E1181AA9E316E4A98A7A42B66C5DAE8AAF7695CD","prefs":{"preference_reset_time":"8CAC1A817418DDEEE9375C0B475D2B5B38B09370861459A0C005735B806B9AD3"},"profile":{"reset_prompt_memento":"9CCCA702EBFF08CF3D58395E673EF02B0CEE2F3AB289EC65EF92177A46F6F8BA"},"safebrowsing":{"incidents_sent":"A5B030D37ECF2D5F70179E02DE9771FBCDE636983FC1E68C06C75B9BE057F583"},"search_provider_overrides":"BCE6FA4737630103ACE5AA8A2D6440D0647135FB0D6E0AC5C57F72C9DB3FCF9C","session":{"restore_on_startup":"13E8A627FC21EB39B647BD6A64F0F6C5C5788B4F96B5A95E79673EFB39298EFC","startup_urls":"7C9D109F867F223A417AF35043E1C98524E59DF939F537135BF5D2F56319EFCD"},"software_reporter":{"prompt_reason":"9E3B8B3D3DFFF80FD507CDE682F4E83ADC11F8EEA09DF8F780E5DAEA247AC520","prompt_seed":"B4E8A8744D53C1283E367B101B3D779F031891EDFDB083955EAECA9D455A26F0","prompt_version":"F8E67426B075E1C3E4FA0F80CA5D3D6C208936E3BC1EF3EB181506E2225C1F93"},"sync":{"remaining_rollback_tries":"274264AAF377FC1B24C9F13AF2461BE3818F0A53A8CBA13C330C8589D1F3C659"}},"super_mac":"D338203C019A6D741EBCA28496F09A79934DBC5C7D1489AA7F306301BF81DF33"},"session":{"restore_on_startup":4,"startup_urls":["https://search.yahoo.com/?type=242154&fr=yo-yhp-ch"]},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{81E0BFB1-CAFE-4AAD-9F5F-A27D59431BCE} Unknown  Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4271722370-1150792674-1538857754-1002\Software\Microsoft\Internet Explorer\SearchScopes\{81E0BFB1-CAFE-4AAD-9F5F-A27D59431BCE} deleted successfully

==== Deleting CLSID Registry Values ======================
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users