Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help reading combo fix


  • This topic is locked This topic is locked
10 replies to this topic

#1 sgm825

sgm825

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 09 August 2015 - 02:53 AM

my kid screwed up our computer, then went on vacation! This is what I am left with. I don't know what site he got his info/help from, but I trust you guys. Here is the combo fix log as of this evening. (It was run once before, but not saved to desktop- I re-loaded it and ran it again) Lots of inaccessible HkYS.

 

ComboFix 15-08-08.01 - John 08/09/2015   3:12.3.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3071.1856 [GMT -4:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: Microsoft Security Essentials Prerelease *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials Prerelease *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-07-09 to 2015-08-09  )))))))))))))))))))))))))))))))
.
.
2015-08-09 07:25 . 2015-08-09 07:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2015-08-09 07:25 . 2015-08-09 07:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-09 07:25 . 2015-08-09 07:25 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-09 07:08 . 2015-08-09 07:08 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7AE5AC5-759F-49B5-B9FE-440D1E1537B2}\offreg.996.dll
2015-08-09 07:07 . 2015-07-15 01:33 9252608 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7AE5AC5-759F-49B5-B9FE-440D1E1537B2}\mpengine.dll
2015-08-09 06:25 . 2015-08-09 07:24 -------- d-----w- c:\users\John\AppData\Local\assembly
2015-08-09 06:25 . 2015-08-09 06:25 -------- d-----w- c:\users\John\AppData\Local\Apps
2015-08-09 06:25 . 2015-08-09 06:25 -------- d-----w- c:\users\John\AppData\Local\Deployment
2015-08-09 05:17 . 2015-08-09 05:17 -------- d-----w- c:\program files\ESET
2015-08-09 02:36 . 2015-08-09 02:36 105 ----a-w- c:\windows\system32\CCS.bat
2015-08-09 02:36 . 2015-08-09 02:36 14 ----a-w- c:\windows\system32\temp0004.bat
2015-08-09 02:36 . 2015-08-09 02:36 14 ----a-w- c:\windows\system32\del03.bat
2015-08-09 02:36 . 2015-08-09 02:36 14 ----a-w- c:\windows\system32\HandleIt.bat
2015-08-07 16:08 . 2015-07-15 01:33 9252608 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-06 21:58 . 2015-08-06 21:58 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-06 21:19 . 2015-08-06 21:36 -------- d-----w- C:\FRST
2015-08-06 20:57 . 2015-08-06 20:57 -------- d-----w- C:\TDSSKiller_Quarantine
2015-08-06 20:16 . 2015-08-09 05:14 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-06 20:14 . 2015-08-06 20:14 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-08-06 20:14 . 2015-06-18 12:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-06 20:14 . 2015-06-18 12:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-06 20:14 . 2015-06-18 12:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-06 12:45 . 2015-07-02 06:58 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E6F42B3-018C-4A12-9DE9-1ACD5185918E}\gapaengine.dll
2015-07-29 22:43 . 2015-06-29 19:02 606920 ----a-w- c:\windows\system32\nvStreaming.exe
2015-07-29 22:38 . 2015-06-29 22:46 907464 ----a-w- c:\windows\system32\NvIFR.dll
2015-07-29 22:38 . 2015-06-29 22:46 869064 ----a-w- c:\windows\system32\NvFBC.dll
2015-07-29 22:38 . 2015-06-29 22:46 24200520 ----a-w- c:\windows\system32\nvoglv32.dll
2015-07-29 22:38 . 2015-06-29 22:46 11272240 ----a-w- c:\windows\system32\nvopencl.dll
2015-07-29 22:38 . 2015-06-29 22:46 10704072 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-07-29 22:38 . 2015-06-29 22:46 911560 ----a-w- c:\windows\system32\nvdispgenco3234174.dll
2015-07-29 22:38 . 2015-06-29 22:46 3987600 ----a-w- c:\windows\system32\nvcuvid.dll
2015-07-29 22:38 . 2015-06-29 22:46 11209192 ----a-w- c:\windows\system32\nvcuda.dll
2015-07-29 22:38 . 2015-06-29 22:46 1059528 ----a-w- c:\windows\system32\nvdispco3234174.dll
2015-07-29 22:38 . 2015-06-29 22:46 15293128 ----a-w- c:\windows\system32\nvcompiler.dll
2015-07-29 22:26 . 2015-07-03 04:31 42344 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2015-07-28 20:53 . 2015-07-28 20:53 -------- d-----w- c:\users\John\AppData\Local\Pro Writing Aid
2015-07-28 20:53 . 2015-07-28 20:53 -------- d-----w- c:\users\John\AppData\Roaming\Pro Writing Aid
2015-07-28 20:44 . 2015-07-28 20:44 -------- d-----w- c:\program files\Pro Writing Aid
2015-07-28 20:44 . 2015-07-28 20:52 -------- d-----w- c:\programdata\Package Cache
2015-07-28 06:46 . 2015-07-25 17:47 587264 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 06:46 . 2015-07-25 17:46 342016 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 06:46 . 2015-07-25 17:46 924160 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 06:46 . 2015-07-25 17:46 58880 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 06:46 . 2015-07-25 17:47 628736 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 06:46 . 2015-07-25 17:40 932864 ----a-w- c:\windows\system32\aeinv.dll
2015-07-28 06:46 . 2015-07-25 17:51 15808 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 06:46 . 2015-07-25 17:46 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-07-25 19:56 . 2015-07-25 19:56 -------- d-----w- c:\program files\Common Files\Java
2015-07-25 19:56 . 2015-07-25 19:55 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-07-25 19:54 . 2015-07-25 19:54 -------- d-----w- c:\program files\Java
2015-07-25 06:53 . 2015-07-25 06:53 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-07-25 06:02 . 2015-08-09 06:09 -------- d-----w- c:\users\John\AppData\Local\Adobe
2015-07-24 10:17 . 2015-08-05 17:58 -------- d-----w- c:\users\John\AppData\Local\VirtualStore
2015-07-24 00:52 . 2015-07-24 01:26 -------- d-----r- c:\users\John\Creative Cloud Files
2015-07-22 16:04 . 2015-07-22 16:04 -------- d-----w- c:\program files\iPod
2015-07-22 16:04 . 2015-08-04 23:03 -------- d-----w- c:\program files\iTunes
2015-07-22 02:56 . 2015-07-22 02:56 -------- d-----w- c:\users\John\.thumbnails
2015-07-22 01:17 . 2015-07-22 01:21 -------- d-----w- c:\program files\GIMP 2
2015-07-21 19:18 . 2015-07-21 19:20 -------- d-----w- c:\users\John\AppData\Roaming\Canon
2015-07-21 19:18 . 2015-07-21 19:18 -------- d-----w- c:\program files\Canon
2015-07-21 15:42 . 2015-07-15 02:55 26624 ----a-w- c:\windows\system32\lpk.dll
2015-07-21 15:42 . 2015-07-15 02:55 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-07-21 15:42 . 2015-07-15 02:55 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-07-21 15:42 . 2015-07-15 02:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-07-21 15:42 . 2015-07-15 01:52 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-07-17 17:11 . 2015-08-06 04:18 -------- d-----w- c:\program files\Ginger
2015-07-15 07:52 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-07-15 07:51 . 2015-06-19 18:25 504320 ----a-w- c:\windows\system32\vbscript.dll
2015-07-11 02:33 . 2015-07-11 02:33 4587520 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-24 04:21 . 2014-06-02 14:20 1316000 ----a-w- c:\windows\system32\nvspbridge.dll
2015-07-24 04:21 . 2014-05-08 21:36 1423304 ----a-w- c:\windows\system32\nvspcap.dll
2015-07-05 10:11 . 2010-02-27 23:53 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-03 04:28 . 2014-05-08 21:28 65896 ----a-w- c:\windows\system32\nvaudcap32v.dll
2015-07-02 06:58 . 2013-03-12 17:28 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-29 22:46 . 2012-10-11 02:14 14497760 ----a-w- c:\windows\system32\nvd3dum.dll
2015-06-29 22:46 . 2010-03-01 08:32 2823992 ----a-w- c:\windows\system32\nvapi.dll
2015-06-29 22:46 . 2009-07-13 22:09 16128576 ----a-w- c:\windows\system32\nvwgf2um.dll
2015-06-29 20:39 . 2011-04-08 02:44 4388040 ----a-w- c:\windows\system32\nvcpl.dll
2015-06-29 20:39 . 2011-04-08 02:44 3060936 ----a-w- c:\windows\system32\nvsvc.dll
2015-06-29 20:39 . 2011-12-26 06:31 2553544 ----a-w- c:\windows\system32\nvsvcr.dll
2015-06-29 20:39 . 2011-04-08 02:45 670536 ----a-w- c:\windows\system32\nvvsvc.exe
2015-06-29 20:39 . 2011-04-08 02:45 375112 ----a-w- c:\windows\system32\nvmctray.dll
2015-06-29 20:39 . 2010-01-12 03:18 61768 ----a-w- c:\windows\system32\nvshext.dll
2015-06-27 19:16 . 2015-06-27 19:16 645120 ----a-w- c:\windows\system32\jsIntl.dll
2015-06-27 19:16 . 2015-06-27 19:16 194048 ----a-w- c:\windows\system32\elshyph.dll
2015-06-27 19:16 . 2015-06-27 19:16 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-06-27 19:16 . 2015-06-27 19:16 62464 ----a-w- c:\windows\system32\tdc.ocx
2015-06-27 19:16 . 2015-06-27 19:16 182272 ----a-w- c:\windows\system32\msls31.dll
2015-06-27 19:16 . 2015-06-27 19:16 24576 ----a-w- c:\windows\system32\licmgr10.dll
2015-06-27 19:16 . 2015-06-27 19:16 151552 ----a-w- c:\windows\system32\iexpress.exe
2015-06-27 19:16 . 2015-06-27 19:16 139264 ----a-w- c:\windows\system32\wextract.exe
2015-06-27 19:16 . 2015-06-27 19:16 36352 ----a-w- c:\windows\system32\imgutil.dll
2015-06-27 19:16 . 2015-06-27 19:16 13312 ----a-w- c:\windows\system32\mshta.exe
2015-06-27 19:16 . 2015-06-27 19:16 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-06-27 19:16 . 2015-06-27 19:16 86016 ----a-w- c:\windows\system32\iesysprep.dll
2015-06-27 19:16 . 2015-06-27 19:16 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-06-27 19:16 . 2015-06-27 19:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-06-27 02:51 . 2015-06-27 02:51 74768 ----a-w- c:\windows\system32\hcwxds.dll
2015-06-27 02:51 . 2015-06-27 02:51 66568 ----a-w- c:\windows\system32\hcw85CoInst.dll
2015-06-27 02:51 . 2015-06-27 02:51 1920896 ----a-w- c:\windows\system32\drivers\HCW85BDA.sys
2015-06-27 02:51 . 2015-06-27 02:51 149512 ----a-w- c:\windows\system32\hcw85enc.ax
2015-06-27 02:51 . 2015-06-27 02:51 147984 ----a-w- c:\windows\system32\hcwecppp.ax
2015-06-27 02:51 . 2015-06-27 02:51 124432 ----a-w- c:\windows\system32\hcw85prop.ax
2015-06-27 02:51 . 2015-06-27 02:51 121864 ----a-w- c:\windows\system32\hcwcp.ax
2015-06-24 05:29 . 2015-06-24 05:29 1217192 ----a-w- c:\windows\system32\FM20.DLL
2015-06-21 05:16 . 2013-11-21 03:55 47360 ----a-w- c:\users\John\AppData\Roaming\pcouffin.sys
2015-06-17 04:23 . 2015-06-17 04:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2015-06-17 04:23 . 2015-06-17 04:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
2015-06-11 03:08 . 2015-06-11 03:08 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2015-06-11 03:08 . 2015-06-11 03:08 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2015-06-05 21:22 . 2007-07-03 21:40 505416 ----a-w- c:\windows\system32\msvcp71.dll
2015-05-25 18:07 . 2015-06-10 18:28 3989440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 18:28 3934144 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 18:28 1307648 ----a-w- c:\windows\system32\ntdll.dll
2015-05-25 18:01 . 2015-06-10 18:28 853504 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:01 . 2015-06-10 18:28 635392 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:01 . 2015-06-10 18:28 400896 ----a-w- c:\windows\system32\srcore.dll
2015-05-25 18:01 . 2015-06-10 18:28 43008 ----a-w- c:\windows\system32\srclient.dll
2015-05-25 18:01 . 2015-06-10 18:28 92160 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:01 . 2015-06-10 18:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-05-25 18:01 . 2015-06-10 18:28 641536 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:00 . 2015-06-10 18:28 40448 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:00 . 2015-06-10 18:28 364544 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 18:28 69632 ----a-w- c:\windows\system32\smss.exe
2015-05-25 18:00 . 2015-06-10 18:28 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-05-25 18:00 . 2015-06-10 18:28 37888 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:00 . 2015-06-10 18:28 82944 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:00 . 2015-06-10 18:28 17408 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 17:55 . 2015-06-10 18:28 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-05-25 16:53 . 2015-06-10 18:28 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-05-21 13:20 . 2015-06-10 18:29 163840 ----a-w- c:\windows\system32\aepic.dll
2015-05-14 21:34 . 2015-02-05 17:36 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-14 21:34 . 2015-02-05 17:36 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-13 20:54 . 2011-12-13 20:54 4757312 ----a-w- c:\program files\procexp.exe
2010-04-06 01:10 . 2010-04-06 01:10 1896960 ----a-w- c:\program files\Amazon Unbox Video.msi
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A2A31FE0-CB70-409D-B4CC-40DCDF880732}"= "c:\program files\AOL\Shared\AolIEToolbar.dll" [2013-12-04 125944]
.
[HKEY_CLASSES_ROOT\clsid\{a2a31fe0-cb70-409d-b4cc-40dcdf880732}]
[HKEY_CLASSES_ROOT\TypeLib\{606F0DFA-61C2-4FCB-A41E-58E8CB8BF015}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-06-13 18:16 713888 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-06-13 18:16 713888 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-06-13 18:16 713888 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44 189464 ----a-w- c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-01-17 06:26 239272 ----a-w- c:\users\John\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-01-17 06:26 239272 ----a-w- c:\users\John\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-01-17 06:26 239272 ----a-w- c:\users\John\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2010-02-25 81920]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-07-17 6453528]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2015-06-27 110160]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 981688]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 2303256]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-12-11 12111576]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-07-24 2634896]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2015-07-24 1423304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-07-11 157992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2014-03-24 22:50 64280 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ginger.lnk]
backup=c:\windows\pss\Ginger.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ginger.lnk
.
[HKLM\~\startupfolder\C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-07-08 00:12 998104 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud]
2015-07-02 18:48 2303152 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2015-05-26 04:03 500936 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aimersoft Helper Compact.exe]
2014-10-31 21:43 2066432 ----a-w- c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
2011-09-24 01:51 580632 ----a-w- c:\program files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2015-04-26 18:02 43816 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-07-11 22:38 157992 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2015-07-24 04:22 2634896 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2015-02-28 03:26 366904 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2015-06-17 04:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
2015-07-24 04:21 1423304 ----a-w- c:\windows\System32\nvspcap.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-06-08 23:08 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"DACSMiniApp"=c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-06-19 102912]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2013-05-23 42264]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2013-05-23 10136]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w7.sys [2011-03-30 1092160]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2015-04-30 284504]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-08 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-12-24 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-12-24 25704]
R4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-03-21 42272]
S1 Eve;EVE Protocol Driver;c:\windows\system32\DRIVERS\eve.sys [2014-04-10 33624]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys [2015-05-05 28088]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-07-24 921232]
S2 GingerUpdateService;GingerUpdateService;c:\program files\Ginger\GingerUpdateService\GingerUpdateService.exe [2015-07-25 527360]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [2011-09-24 45592]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-07-24 1871504]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-07-24 4305040]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2014-12-11 252632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-06-29 410768]
S3 eapihdrv;eapihdrv;c:\users\John\AppData\Local\Temp\ehdrv.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2015-06-27 1920896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-07-24 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2015-07-03 42344]
S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys [2014-11-26 27496]
S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys [2014-11-26 27496]
S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys [2014-11-26 27496]
S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys [2014-11-26 27496]
S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys [2014-11-26 27496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EAPIHDRV
*NewlyCreated* - MPKSL1E3C38BF
*Deregistered* - hitmanpro37
*Deregistered* - MpKsl1e3c38bf
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ   HsfXAudioService
utcsvc REG_MULTI_SZ   DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-09 05:02 995144 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 21:34]
.
2015-08-09 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1804372364-3133945013-3808614069-1001Core.job
- c:\users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25 20:44]
.
2015-08-09 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1804372364-3133945013-3808614069-1001UA.job
- c:\users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25 20:44]
.
2015-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-09 05:02]
.
2015-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-08-09 05:02]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: RoboForm Options - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComOptions.html
IE: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-uTorrent - c:\users\John\AppData\Roaming\uTorrent\uTorrent.exe
AddRemove-Akamai - c:\users\John\AppData\Local\Akamai\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_129_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_129_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-09  03:29:34
ComboFix-quarantined-files.txt  2015-08-09 07:29
ComboFix2.txt  2015-08-06 19:24
.
Pre-Run: 50,757,611,520 bytes free
Post-Run: 50,898,046,976 bytes free
.
- - End Of File - - 05A9F21C18E09C716D2E1C960DF5ECBE
A36C5E4F47E84449FF07ED3517B43A31
 


BC AdBot (Login to Remove)

 


#2 sgm825

sgm825
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 09 August 2015 - 01:43 PM

Here is the Farber scan results I couldn't get posted this morning

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:08-08-2015 01
Ran by John (administrator) on JOHN-PC (09-08-2015 14:36:29)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(NTI Corporation) C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(NVIDIA) C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Siber Systems Inc.) C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-07-11] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-24] (Logitech, Inc.)
HKU\S-1-5-21-1804372364-3133945013-3808614069-1001\...\Run: [NVIDIA nTune] => C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [81920 2010-02-25] (NVIDIA)
HKU\S-1-5-21-1804372364-3133945013-3808614069-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1804372364-3133945013-3808614069-1001\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-27] (Siber Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-07-23] (Dropbox, Inc.)
BootExecute: autocheck
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1804372364-3133945013-3808614069-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1804372364-3133945013-3808614069-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1804372364-3133945013-3808614069-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-1804372364-3133945013-3808614069-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001 -> DefaultScope {7B94295C-BC81-46AC-A5DE-84BDAA20B921} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = 
SearchScopes: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001 -> {7B94295C-BC81-46AC-A5DE-84BDAA20B921} URL = https://www.google.com/search?q={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-06-27] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-06-27] (Siber Systems Inc.)
Toolbar: HKLM - AOL Toolbar - {A2A31FE0-CB70-409D-B4CC-40DCDF880732} - C:\Program Files\AOL\Shared\AolIEToolbar.dll [2013-12-04] (AOL)
Toolbar: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2015-06-27] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler: WSAMVCUchrome - No CLSID Value - 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{0536479E-07B3-47B0-95DC-3B86D9BDB3EC}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{9EC78CAA-81E6-4698-A818-4DC754067D76}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{A5F82FF3-2A20-409B-8139-E19CACE37F79}: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-04-08] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-29] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1804372364-3133945013-3808614069-1001: @tools.google.com/Google Update;version=3 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1804372364-3133945013-3808614069-1001: @tools.google.com/Google Update;version=9 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1804372364-3133945013-3808614069-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-13] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-02]
FF HKLM\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com
 
Chrome: 
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-05]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-05]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-05]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-05]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-05]
CHR Extension: (No Name) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\kidhjpmgjfbkmcfpfakmdddddgfbhahj [2015-06-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-05]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR Extension: (RoboForm Password Manager) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-06-05]
CHR HKLM\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Users\John\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ <not found>
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [921232 2015-07-24] (NVIDIA Corporation)
S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S4 LinksysUpdater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S4 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [642856 2008-12-12] (Cisco Systems, Inc.)
R2 NTI BackupNowEZSvr; C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
R2 nTuneService; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [131072 2007-09-04] (NVIDIA) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4305040 2015-07-24] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [252632 2014-12-11] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-20] (AVG Technologies)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [33624 2014-04-10] ()
R3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [94208 2013-11-20] (VSO Software)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w7.sys [1092160 2011-03-30] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKslec3730c0; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43ECCDB0-C13C-43BA-910D-0C9C57E7E8F5}\MpKslec3730c0.sys [39168 2015-08-09] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R3 NVR0Dev; C:\Windows\nvoclock.sys [29696 2007-09-04] (NVidia Corp.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [42344 2015-07-03] (NVIDIA Corporation)
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28088 2015-05-05] (EldoS Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113984 2015-02-27] (Power Software Ltd)
U3 Winsock; no ImagePath
R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [27496 2014-11-26] (Wondershare)
R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [27496 2014-11-26] (Wondershare)
R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [27496 2014-11-26] (Wondershare)
R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [27496 2014-11-26] (Wondershare)
R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [27496 2014-11-26] (Wondershare)
S3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 catchme; \??\C:\Users\John\AppData\Local\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S3 eapihdrv; \??\C:\Users\John\AppData\Local\Temp\ehdrv.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-09 14:36 - 2015-08-09 14:37 - 00024112 _____ C:\Users\John\Downloads\FRST.txt
2015-08-09 14:35 - 2015-08-09 14:35 - 01673216 _____ (Farbar) C:\Users\John\Downloads\FRST.exe
2015-08-09 05:11 - 2015-08-09 05:11 - 00000000 ____D C:\Users\John\AppData\Roaming\java
2015-08-09 03:40 - 2015-08-09 03:40 - 00000000 ____D C:\Users\John\AppData\Local\GWX
2015-08-09 03:34 - 2015-08-09 03:34 - 00032691 _____ C:\combo fix scan.txt
2015-08-09 03:29 - 2015-08-09 03:29 - 00032691 _____ C:\ComboFix.txt
2015-08-09 03:29 - 2015-08-09 03:29 - 00000000 ____D C:\Users\JACYBABY
2015-08-09 03:08 - 2015-08-09 03:29 - 00000000 ____D C:\ComboFix
2015-08-09 03:02 - 2015-08-09 03:02 - 05634368 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2015-08-09 02:59 - 2015-08-09 02:59 - 05634368 _____ (Swearware) C:\Users\John\Downloads\ComboFix.exe
2015-08-09 02:25 - 2015-08-09 08:15 - 00000000 ____D C:\Users\John\AppData\Local\Deployment
2015-08-09 02:25 - 2015-08-09 08:15 - 00000000 ____D C:\Users\John\AppData\Local\Apps\2.0
2015-08-09 01:17 - 2015-08-09 01:17 - 02870984 _____ (ESET) C:\Users\John\Downloads\esetsmartinstaller_enu.exe
2015-08-09 01:03 - 2015-08-09 01:03 - 00002167 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-09 01:03 - 2015-08-09 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-09 01:02 - 2015-08-09 14:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-09 01:02 - 2015-08-09 03:39 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 01:02 - 2015-08-09 01:02 - 00931408 _____ (Google Inc.) C:\Users\John\Downloads\ChromeSetup.exe
2015-08-08 22:36 - 2015-08-08 22:36 - 00006735 _____ C:\Windows\system32\LegacyFull
2015-08-08 22:36 - 2015-08-08 22:36 - 00005842 _____ C:\Windows\system32\SvcFull
2015-08-08 22:36 - 2015-08-08 22:36 - 00005575 _____ C:\Windows\system32\LegacyNoSvc
2015-08-08 22:36 - 2015-08-08 22:36 - 00000105 _____ C:\Windows\system32\CCS.bat
2015-08-08 22:36 - 2015-08-08 22:36 - 00000035 _____ C:\Windows\system32\temp0001
2015-08-08 22:36 - 2015-08-08 22:36 - 00000014 _____ C:\Windows\system32\temp0004.bat
2015-08-08 22:36 - 2015-08-08 22:36 - 00000014 _____ C:\Windows\system32\HandleIt.bat
2015-08-08 22:36 - 2015-08-08 22:36 - 00000014 _____ C:\Windows\system32\del03.bat
2015-08-08 22:36 - 2015-08-08 22:36 - 00000006 _____ C:\Windows\system32\ServiceFiles00
2015-08-08 22:36 - 2015-08-08 22:36 - 00000004 _____ C:\Windows\system32\WowErr.dat
2015-08-08 22:36 - 2015-08-08 22:36 - 00000003 _____ C:\Windows\system32\NULL
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\zhsvc.dat
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\Unhandled.dat
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\temp0103
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\temp0101
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\temp0100
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\temp000B
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\temp000A
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\temp0003
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\temp0002
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\temp0000
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\System.dump02
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\System.dump01
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\System.dump00
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\SvcDumpFull02
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\SvcDumpFull01
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\SvcDumpFull00
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\SvcDumpFull
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\SvcDumpB
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\SvcDump00
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\SvcDump
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\SvcDiff
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\SvcCovered
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\suspectSvc.dat
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\ServiceFiles_temp
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\ServiceFiles.dat
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\RustB00
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\LockedServiceFiles00
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\HandleList
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\Handle00
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\d-del_A.dat
2015-08-08 22:36 - 2015-08-08 22:36 - 00000000 _____ C:\Windows\system32\BootSvcs
2015-08-08 17:41 - 2015-08-08 17:41 - 110798128 _____ (Apple Inc.) C:\Users\John\Downloads\iTunesSetup.exe
2015-08-06 17:58 - 2015-08-06 17:58 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-06 17:57 - 2015-08-06 17:57 - 18718280 _____ C:\Users\John\Downloads\RogueKiller.exe
2015-08-06 17:37 - 2015-08-06 17:37 - 00347816 _____ (Microsoft Corporation) C:\Users\John\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.132362326283394403.2.1.Run.exe
2015-08-06 17:32 - 2015-08-06 17:32 - 00347816 _____ (Microsoft Corporation) C:\Users\John\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.132362326283394403.1.1.Run.exe
2015-08-06 17:22 - 2015-08-06 17:36 - 00056817 _____ C:\Users\John\Downloads\Addition.txt
2015-08-06 17:19 - 2015-08-09 14:36 - 00000000 ____D C:\FRST
2015-08-06 17:02 - 2015-08-06 17:04 - 00008276 _____ C:\Users\John\Downloads\hijackthis.log
2015-08-06 17:01 - 2015-08-06 17:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HijackThis.exe
2015-08-06 16:57 - 2015-08-06 16:57 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-08-06 16:54 - 2015-08-06 16:54 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller (1).exe
2015-08-06 16:49 - 2015-08-06 16:50 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2015-08-06 16:16 - 2015-08-09 01:14 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-06 16:14 - 2015-08-06 16:14 - 00001026 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-06 16:14 - 2015-08-06 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-06 16:14 - 2015-08-06 16:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-06 16:14 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-06 16:14 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-06 16:14 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-06 16:13 - 2015-08-06 16:13 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-06 14:55 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-06 14:55 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-06 14:55 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-06 14:55 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-06 14:55 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-06 14:55 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-06 14:55 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-06 14:49 - 2015-08-09 03:29 - 00000000 ____D C:\Qoobox
2015-08-06 14:20 - 2015-08-06 14:20 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill (2).exe
2015-08-04 19:03 - 2015-08-04 19:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_nnfwdk_01009.Wdf
2015-08-03 19:51 - 2015-08-03 19:51 - 02166416 _____ (Valassis) C:\Users\John\Downloads\P@H_prod308-Vc9l9cpp.exe
2015-07-29 18:47 - 2015-07-29 18:47 - 13663344 _____ (Google) C:\Users\John\Downloads\picasa39-setup.exe
2015-07-29 18:44 - 2015-07-29 18:45 - 13840560 _____ (Adobe Systems Inc.) C:\Users\John\Downloads\Shockwave_Installer_Full (2).exe
2015-07-29 18:43 - 2015-06-29 15:02 - 00606920 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2015-07-29 18:38 - 2015-06-29 18:46 - 24200520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-07-29 18:38 - 2015-06-29 18:46 - 15293128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-07-29 18:38 - 2015-06-29 18:46 - 11272240 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-29 18:38 - 2015-06-29 18:46 - 11209192 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-29 18:38 - 2015-06-29 18:46 - 10704072 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-29 18:38 - 2015-06-29 18:46 - 03987600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-29 18:38 - 2015-06-29 18:46 - 01059528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234174.dll
2015-07-29 18:38 - 2015-06-29 18:46 - 00911560 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234174.dll
2015-07-29 18:38 - 2015-06-29 18:46 - 00907464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2015-07-29 18:38 - 2015-06-29 18:46 - 00869064 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2015-07-29 18:26 - 2015-07-03 00:31 - 00042344 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad32v.sys
2015-07-28 20:11 - 2015-07-28 20:11 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-28 16:53 - 2015-07-28 16:53 - 00000000 ____D C:\Users\John\AppData\Roaming\Pro Writing Aid
2015-07-28 16:53 - 2015-07-28 16:53 - 00000000 ____D C:\Users\John\AppData\Local\Pro Writing Aid
2015-07-28 16:44 - 2015-07-28 16:52 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-28 16:44 - 2015-07-28 16:44 - 00000000 ____D C:\Program Files\Pro Writing Aid
2015-07-28 16:42 - 2015-07-28 16:43 - 41863288 _____ (Orpheus Technology) C:\Users\John\Downloads\ProWritingAidSetup.exe
2015-07-28 02:46 - 2015-07-25 13:51 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 02:46 - 2015-07-25 13:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 02:46 - 2015-07-25 13:47 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 02:46 - 2015-07-25 13:46 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 02:46 - 2015-07-25 13:46 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 02:46 - 2015-07-25 13:46 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 02:46 - 2015-07-25 13:46 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 02:46 - 2015-07-25 13:40 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-26 00:19 - 2015-07-26 00:20 - 01585898 _____ C:\Users\John\Downloads\world-globe-Recovered.psd
2015-07-25 15:56 - 2015-07-25 15:56 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-25 15:56 - 2015-07-25 15:55 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-07-25 15:55 - 2015-07-25 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-25 15:54 - 2015-07-25 15:54 - 00000000 ____D C:\Program Files\Java
2015-07-25 15:39 - 2015-07-25 15:39 - 03744613 _____ C:\Users\John\Downloads\forge-1.8-11.14.3.1498-installer-win.exe
2015-07-25 02:53 - 2015-07-25 02:53 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-07-25 02:48 - 2015-07-25 02:48 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015 (32 Bit).lnk
2015-07-25 02:06 - 2015-07-25 02:06 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-07-25 02:06 - 2015-07-25 02:06 - 00001145 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-07-25 02:02 - 2015-08-09 02:09 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2015-07-25 02:02 - 2015-07-25 02:02 - 00673968 _____ (Adobe Systems Incorporated) C:\Users\John\Downloads\CreativeCloudSet-Up.exe
2015-07-24 22:24 - 2015-07-24 22:24 - 06639264 _____ (JAM Software ) C:\Users\John\Downloads\TreeSizeFreeSetup.exe
2015-07-24 22:01 - 2015-07-24 22:02 - 06609608 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup508.exe
2015-07-24 06:17 - 2015-08-05 13:58 - 00000000 ____D C:\Users\John\AppData\Local\VirtualStore
2015-07-24 01:40 - 2015-07-25 02:27 - 00000000 ____D C:\ProgramData\Adobe
2015-07-23 20:52 - 2015-07-23 21:26 - 00000000 ___RD C:\Users\John\Creative Cloud Files
2015-07-23 17:51 - 2015-07-23 17:51 - 04600858 _____ C:\Users\John\Downloads\textcoverglobe.xcf
2015-07-23 14:54 - 2015-07-23 14:54 - 00002352 _____ C:\Users\John\Downloads\tinyglobe.xcf
2015-07-23 12:58 - 2015-07-23 12:58 - 04411645 _____ C:\Users\John\Downloads\coverglobe.xcf
2015-07-23 04:50 - 2015-07-23 04:50 - 03394153 _____ C:\Users\John\Downloads\step 2.xcf
2015-07-23 04:48 - 2015-07-23 04:48 - 00067615 _____ C:\Users\John\Downloads\clearglobe.xcf
2015-07-23 03:36 - 2015-07-23 05:33 - 04445102 _____ C:\Users\John\Downloads\Photo-0610 (1).xcf
2015-07-22 23:58 - 2015-07-22 23:58 - 04687499 _____ C:\Users\John\Downloads\Photo-0610.xcf
2015-07-22 23:56 - 2015-07-22 23:56 - 00234526 _____ C:\Users\John\Downloads\world-globe.xcf
2015-07-22 23:42 - 2015-07-22 23:42 - 09890519 _____ C:\Users\John\Downloads\page.xcf
2015-07-22 12:05 - 2015-08-08 17:44 - 00001715 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-22 12:05 - 2015-08-08 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-22 12:04 - 2015-08-04 19:03 - 00000000 ____D C:\Program Files\iTunes
2015-07-22 12:04 - 2015-07-22 12:04 - 00000000 ____D C:\Program Files\iPod
2015-07-21 23:20 - 2015-08-09 12:57 - 01405035 _____ C:\Windows\WindowsUpdate.log
2015-07-21 22:56 - 2015-07-21 22:56 - 00000000 ____D C:\Users\John\.thumbnails
2015-07-21 21:21 - 2015-07-21 21:21 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-07-21 21:17 - 2015-07-21 21:21 - 00000000 ____D C:\Program Files\GIMP 2
2015-07-21 17:09 - 2015-07-21 17:10 - 01642282 _____ C:\Users\John\Downloads\rejhsapplication.zip
2015-07-21 15:18 - 2015-07-21 15:20 - 00000000 ____D C:\Users\John\AppData\Roaming\Canon
2015-07-21 15:18 - 2015-07-21 15:18 - 00002007 _____ C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
2015-07-21 15:18 - 2015-07-21 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-07-21 15:18 - 2015-07-21 15:18 - 00000000 ____D C:\Program Files\Canon
2015-07-21 15:17 - 2015-07-21 15:17 - 46722640 _____ C:\Users\John\Downloads\mpnx_1_0-win-1_08-ea23_2.exe
2015-07-21 11:42 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 11:42 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 11:42 - 2015-07-14 22:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 11:42 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 11:42 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-17 22:31 - 2015-07-17 22:34 - 00000011 _____ C:\Windows\cfwinlib.ini
2015-07-17 22:31 - 2015-07-17 22:31 - 04611619 _____ C:\Users\John\Downloads\setupcfw250.exe
2015-07-17 22:31 - 2015-07-17 22:31 - 00000015 _____ C:\Windows\cfwin.ini
2015-07-17 20:45 - 2015-07-29 18:48 - 00001030 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2015-07-17 20:41 - 2015-07-29 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-07-17 20:18 - 2015-07-17 20:18 - 00124946 _____ C:\Users\John\Downloads\amaranth.zip
2015-07-17 13:10 - 2015-08-09 07:35 - 00032125 _____ C:\GingerSetupHelper.log
2015-07-17 13:09 - 2015-07-17 13:09 - 00874984 _____ (Ginger Software) C:\Users\John\Downloads\Ginger.exe
2015-07-15 14:34 - 2015-07-15 14:34 - 00003198 _____ C:\Users\John\Desktop\Skylar Spence - _Fiona Coyne_.mp4 - Shortcut.lnk
2015-07-15 03:53 - 2015-07-01 16:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 03:53 - 2015-07-01 16:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 03:53 - 2015-07-01 16:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 03:53 - 2015-07-01 16:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 03:53 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 03:53 - 2015-07-01 16:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 03:53 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 03:53 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 03:53 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 03:53 - 2015-07-01 15:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 03:53 - 2015-07-01 15:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 03:53 - 2015-07-01 15:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 03:53 - 2015-06-25 04:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 03:53 - 2015-06-15 17:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 03:53 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 03:53 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 03:53 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 03:53 - 2015-06-15 17:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 03:53 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 03:53 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 03:53 - 2015-06-11 13:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 03:53 - 2015-06-11 13:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 03:53 - 2015-06-11 13:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 03:53 - 2015-06-11 11:20 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 03:52 - 2015-07-09 13:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 03:52 - 2015-07-09 13:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 03:52 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 03:52 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 03:52 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 03:52 - 2015-07-09 13:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 03:52 - 2015-07-09 13:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 03:52 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 03:52 - 2015-07-09 13:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 03:52 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 03:52 - 2015-07-09 13:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 03:52 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 03:52 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 03:52 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 03:52 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 03:52 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 03:52 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 03:52 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 03:52 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 03:52 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 03:52 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 03:52 - 2015-06-19 14:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 03:52 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 03:52 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 03:52 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 03:52 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 03:52 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 03:52 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 03:52 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 03:52 - 2015-06-19 14:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 03:52 - 2015-06-19 14:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 03:52 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 03:52 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 03:52 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 03:52 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 03:52 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 03:52 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 03:52 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 03:52 - 2015-06-19 13:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 03:52 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 03:52 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 03:52 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 03:52 - 2015-06-17 13:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 03:52 - 2015-06-09 15:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 03:52 - 2015-06-09 15:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 03:52 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 03:51 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 03:51 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 23:12 - 2015-07-14 23:12 - 00000116 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-07-14 23:05 - 2015-07-14 23:05 - 00486384 _____ () C:\Users\John\Downloads\perfectitsetup.exe
2015-07-14 17:42 - 2015-07-14 17:42 - 00005329 _____ C:\Users\John\Desktop\My Little Pony_ Friendship is Magic - The Cutie Mark Crusaders Theme Song.mp4 - Shortcut.lnk
2015-07-14 15:31 - 2015-07-14 15:31 - 02810448 _____ (Coupons.com Incorporated) C:\Users\John\Downloads\CouponPrinter.exe
2015-07-14 13:47 - 2015-07-14 13:47 - 00000440 _____ C:\Users\John\Downloads\debug.log
2015-07-11 15:33 - 2015-07-11 15:34 - 00491959 _____ C:\Users\John\Downloads\magda in NYC.jpeg
2015-07-11 02:32 - 2015-07-11 02:33 - 00491959 _____ C:\Users\John\Downloads\Attachment-1.jpeg
2015-07-10 22:33 - 2015-07-10 22:33 - 04587520 _____ (Google Inc.) C:\Windows\system32\GPhotos.scr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-09 13:55 - 2015-06-25 16:44 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1804372364-3133945013-3808614069-1001UA.job
2015-08-09 10:29 - 2007-11-18 12:03 - 00000000 ____D C:\Users\John\Documents\My RoboForm Data
2015-08-09 09:48 - 2009-07-14 00:34 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-09 09:48 - 2009-07-14 00:34 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-09 07:34 - 2010-02-27 22:02 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-09 05:13 - 2015-04-02 01:05 - 00000000 ____D C:\Users\John\AppData\Roaming\.minecraft
2015-08-09 03:39 - 2010-03-01 04:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-09 03:39 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 03:25 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
2015-08-09 01:04 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-08-09 01:02 - 2010-02-28 15:14 - 00000000 ____D C:\Users\John\AppData\Local\Google
2015-08-09 01:02 - 2007-11-07 06:10 - 00000000 ____D C:\Program Files\Google
2015-08-09 00:03 - 2010-02-27 20:01 - 00000000 ____D C:\Users\John
2015-08-08 23:59 - 2012-12-21 16:01 - 00000000 ____D C:\Users\John\AppData\Local\WinZip Courier
2015-08-08 23:47 - 2013-11-20 16:37 - 00032256 ___SH C:\Users\John\Thumbs.db
2015-08-08 23:33 - 2009-07-13 22:37 - 00000000 ___RD C:\Users\Public
2015-08-08 21:07 - 2015-06-25 16:44 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1804372364-3133945013-3808614069-1001Core.job
2015-08-06 17:40 - 2011-02-27 15:11 - 00000000 ____D C:\Windows\Panther
2015-08-06 15:12 - 2009-07-13 22:03 - 62390272 _____ C:\Windows\system32\config\software.bak
2015-08-06 15:12 - 2009-07-13 22:03 - 22544384 _____ C:\Windows\system32\config\system.bak
2015-08-06 15:12 - 2009-07-13 22:03 - 00786432 _____ C:\Windows\system32\config\default.bak
2015-08-06 15:12 - 2009-07-13 22:03 - 00102400 _____ C:\Windows\system32\config\sam.bak
2015-08-06 15:12 - 2009-07-13 22:03 - 00028672 _____ C:\Windows\system32\config\security.bak
2015-08-06 15:11 - 2012-09-03 11:59 - 00000000 ____D C:\Windows\erdnt
2015-08-06 10:22 - 2012-09-01 08:31 - 00000000 ____D C:\Windows\pss
2015-08-06 00:35 - 2012-03-07 01:34 - 00000000 ____D C:\Users\John\Documents\Outlook Files
2015-08-06 00:19 - 2012-08-04 10:34 - 00109280 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-08-02 13:57 - 2015-03-10 07:34 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2015-07-31 14:31 - 2014-12-04 15:49 - 00000000 ____D C:\ProgramData\vso
2015-07-29 18:43 - 2010-02-27 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-29 18:40 - 2010-02-27 22:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-07-29 18:28 - 2010-05-27 01:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-28 20:11 - 2014-12-04 13:03 - 00000000 ____D C:\Users\John\AppData\Roaming\Dropbox
2015-07-28 03:02 - 2014-04-29 16:44 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-25 15:58 - 2014-08-21 06:14 - 00000000 ____D C:\ProgramData\Oracle
2015-07-25 14:23 - 2015-05-18 03:06 - 00000000 ____D C:\Program Files\Minecraft
2015-07-25 02:57 - 2015-04-04 01:17 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-25 02:54 - 2010-02-27 21:38 - 00000000 ____D C:\Users\John\AppData\Roaming\Adobe
2015-07-25 02:51 - 2010-11-22 03:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-25 02:29 - 2010-02-27 22:19 - 00000000 ____D C:\Program Files\Adobe
2015-07-24 22:03 - 2010-10-28 17:10 - 00000931 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-24 22:03 - 2010-02-27 21:42 - 00000000 ____D C:\Program Files\CCleaner
2015-07-24 00:21 - 2014-06-02 10:20 - 01316000 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge.dll
2015-07-24 00:21 - 2014-05-08 17:36 - 01423304 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap.dll
2015-07-23 22:16 - 2015-05-10 13:12 - 00000000 ___RD C:\Users\John\Dropbox
2015-07-23 20:40 - 2015-06-28 02:54 - 00000000 ____D C:\Users\John\.gimp-2.8
2015-07-23 05:35 - 2013-05-23 05:39 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2015-07-22 12:04 - 2013-05-23 08:38 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-21 15:01 - 2011-11-21 03:10 - 00000000 ____D C:\Users\John\Documents\NURSING RESUME
2015-07-19 05:56 - 2010-09-22 01:57 - 00000000 ____D C:\Windows\Minidump
2015-07-18 08:52 - 2015-03-25 02:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-07-18 08:09 - 2009-07-14 03:50 - 00000000 ____D C:\Windows\CSC
2015-07-18 01:02 - 2013-05-23 21:00 - 00000000 ____D C:\Program Files\PowerISO
2015-07-17 14:30 - 2012-12-02 01:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 09:00 - 2011-12-15 16:52 - 00000000 ____D C:\Windows\rescache
2015-07-15 07:58 - 2014-12-09 20:50 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 04:51 - 2013-07-10 05:25 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 04:37 - 2010-03-03 17:30 - 00000000 ____D C:\ProgramData\Microsoft Help
 
==================== Files in the root of some directories =======
 
2010-04-05 21:10 - 2010-04-05 21:10 - 0006129 _____ () C:\Program Files\0x0409.ini
2010-04-05 21:10 - 2010-04-05 21:10 - 1896960 _____ () C:\Program Files\Amazon Unbox Video.msi
2012-01-09 12:02 - 2012-01-14 03:39 - 0018749 _____ () C:\Program Files\CS_Help.html
2011-12-13 16:54 - 2011-12-13 16:54 - 4757312 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp.exe
2013-11-20 23:59 - 2013-11-20 23:59 - 0007861 _____ () C:\Users\John\AppData\Roaming\ezplay.cat
2013-11-20 23:59 - 2013-11-20 23:59 - 0001103 _____ () C:\Users\John\AppData\Roaming\ezplay.inf
2013-11-20 23:59 - 2013-11-20 23:59 - 0000125 _____ () C:\Users\John\AppData\Roaming\ezplay.ini
2013-11-21 00:01 - 2013-11-21 00:01 - 0000034 _____ () C:\Users\John\AppData\Roaming\ezplay.log
2013-11-20 23:59 - 2013-11-20 23:59 - 0094208 _____ (VSO Software) C:\Users\John\AppData\Roaming\ezplay.sys
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\John\AppData\Roaming\NWJQQ
2013-11-20 23:55 - 2015-06-21 01:16 - 0007887 _____ () C:\Users\John\AppData\Roaming\pcouffin.cat
2013-11-20 23:55 - 2015-06-21 01:16 - 0001144 _____ () C:\Users\John\AppData\Roaming\pcouffin.inf
2013-11-20 23:55 - 2015-06-21 01:17 - 0000055 _____ () C:\Users\John\AppData\Roaming\pcouffin.log
2013-11-20 23:55 - 2015-06-21 01:16 - 0047360 _____ (VSO Software) C:\Users\John\AppData\Roaming\pcouffin.sys
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\John\AppData\Roaming\UFTQD
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\John\AppData\Roaming\WAFIXLE
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\John\AppData\Roaming\XTKWS
2015-07-14 23:12 - 2015-07-14 23:12 - 0000116 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
ZeroAccess:
C:\Windows\System32\config\systemprofile\AppData\Local\{606a4e3e-77ff-1bc1-cb99-503e25603724}
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-02 01:43
 
==================== End of log ============================


#3 sgm825

sgm825
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 09 August 2015 - 01:45 PM

Additional results 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-08-2015 01
Ran by John (2015-08-09 14:39:18)
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1804372364-3133945013-3808614069-500 - Administrator - Disabled)
Guest (S-1-5-21-1804372364-3133945013-3808614069-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1804372364-3133945013-3808614069-1002 - Limited - Enabled)
John (S-1-5-21-1804372364-3133945013-3808614069-1001 - Administrator - Enabled) => C:\Users\John
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials Prerelease (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials Prerelease (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 3.1.3.121 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.129 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.129 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (32 Bit) (HKLM\...\{2614BC86-757D-4293-9E25-E4E16F370A9E}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Aimersoft DRM Media Converter(Build 1.5.6.0) (HKLM\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
Amazon Unbox Video (HKLM\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (Version: 2.2.0.153 - Amazon.com) Hidden
AOL One Click version 1.1.25 (HKLM\...\{067D3897-1824-43BF-B900-734C4854D04F}_is1) (Version: 1.1.25 - AOL)
Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
BlindWrite 7 (HKLM\...\{C0775A40-9CBC-430A-B055-6367E3DFEB13}_is1) (Version: 7.0.0.0 - VSO Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MX300 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dora the Explorer: Swiper's Big Adventure! (HKLM\...\BFG-Dora the Explorer - Swiper's Big Adventure!) (Version:  - )
Doras Carnival 2: At the Boardwalk (HKLM\...\BFG-Doras Carnival 2 - At the Boardwalk) (Version:  - )
Doras Carnival Adventure (HKLM\...\BFG-Doras Carnival Adventure) (Version:  - )
Dora's World Adventure (HKLM\...\Dora's World Adventure) (Version: 32.0.0.0 - Shockwave.com)
Dropbox (HKU\S-1-5-21-1804372364-3133945013-3808614069-1001\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileHippo App Manager (HKLM\...\FileHippo.com) (Version:  - FileHippo.com)
Gardenscapes: Mansion Makeover (HKLM\...\Gardenscapes: Mansion Makeover) (Version: 32.0.0.0 - Shockwave.com)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Gutterball - Golden Pin Bowling (HKLM\...\Gutterball - Golden Pin Bowling) (Version: 32.0.0.0 - Shockwave.com)
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.64.0 - HP) Hidden
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{9DBBE7B8-EE7A-4FD9-9C7F-35E69A4C19D8}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kai-Lan's Great Trip to China (HKLM\...\Kai-Lan's Great Trip to China) (Version: 32.0.0.0 - Nick Jr. Arcade)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
LogonStudio (HKLM\...\LogonStudio) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1804372364-3133945013-3808614069-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials Prerelease (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Millennium: A New Hope (HKLM\...\Millennium: A New Hope) (Version: 32.0.0.0 - Shockwave.com)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Nick Jr. Bingo (HKLM\...\BFG-Nick Jr. Bingo) (Version:  - )
NTI Backup Now EZ (HKLM\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 2.5.2.36 - NTI Corporation)
NTI Backup Now EZ (Version: 2.5.2.36 - NTI Corporation) Hidden
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.74 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.74 - NVIDIA Corporation)
NVIDIA nTune (HKLM\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Peppa Pig - Puddles Of Fun (HKLM\...\{5AC35FBC-6E16-46DB-BD56-B4D988D8BC44}) (Version: 1.0.0 - GSP)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
POWERPREP II (HKLM\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.2.0000 - ETS)
Pro Writing Aid (Version: 1.1.76 - Orpheus Technology) Hidden
ProWritingAid Word Add-In (Release) (HKLM\...\{add998fc-7928-4129-9276-ee2cce3b6d5b}) (Version: 1.1.76 - Orpheus Technology)
Pure Networks Platform (Version: 11.1.9051.0 - Pure Networks) Hidden
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
RoboForm 7-9-14-4 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-14-4 - Siber Systems)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Snood 4 (HKLM\...\Snood 4_is1) (Version:  - Word of Mouse Games)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.4.50 - Conexant Systems)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
The Wonder Pets Save the Puppy! (HKLM\...\The Wonder Pets Save the Puppy!) (Version: 32.0.0.0 - Nick Jr. Arcade)
Ultra Defragmenter (HKLM\...\UltraDefrag) (Version: 6.0.4 - UltraDefrag Development Team)
Unity Web Player (HKU\S-1-5-21-1804372364-3133945013-3808614069-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSO Blu-ray Converter Ultimate 3 (HKLM\...\{{6328F313-C0ED-447F-8660-C43652128AF0}_is1) (Version: 3.5.0.28 - VSO Software)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.11 - VSO Software)
VSO ConvertXtoVideo Ultimate 1 (HKLM\...\{{ECDB800F-E1F0-48FE-B393-E12E40CD3A89}_is1) (Version: 1.5.0.28 - VSO Software)
VSO CopyTo 5 (HKLM\...\{9B05F6FC-AE16-488C-A822-F641ADC61B6A}_is1) (Version: 5.1.1.3 - VSO Software)
VSO Downloader 3.1.1.13 (HKLM\...\{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1) (Version: 3.1.1.13 - VSO Software)
VSO Downloader 4.2.0.9 (HKLM\...\{A0D0BA9E-F1A6-44FF-AA14-03ED96B3D56D}_is1) (Version: 4.2.0.9 - VSO Software)
VSO DVD Converter Ultimate 3 (HKLM\...\{{FCB14923-F3B5-4A91-8A2B-1E877AFE5B93}_is1) (Version: 3.6.0.9 - VSO Software)
VSO EVE Network Driver version 1.0.0.27 (HKLM\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.27 - VSO Software)
VSO Media Player 1.4.11.501 (HKLM\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.4.11.501 - VSO Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wonder Pets Save the Puppy (HKLM\...\BFG-Wonder Pets Save the Puppy) (Version:  - )
YTD Video Downloader 4.9 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9 - GreenTree Applications SRL) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{052DB226-BE3B-44D4-B932-9C8049B2110B}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\Windows Sidebar\Gadgets\VolumeGadget[1].gadget\dlls\VolumeControl32.dll (Indev)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\John\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\John\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\John\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\John\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\John\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1804372364-3133945013-3808614069-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\John\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
24-07-2015 22:19:36 7/24/reboot
25-07-2015 02:30:38 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
25-07-2015 02:32:24 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
25-07-2015 12:17:35 Windows Update
28-07-2015 03:00:11 Windows Update
28-07-2015 16:43:56 ProWritingAid Word Add-In (Release)
31-07-2015 08:42:58 Windows Update
03-08-2015 10:40:41 Windows Update
04-08-2015 20:29:54 Installed SmartApp
04-08-2015 22:05:14 Removed SmartApp
04-08-2015 22:09:59 Removed SmartApp
06-08-2015 00:17:11 Configured Ginger
07-08-2015 10:26:41 Windows Update
08-08-2015 22:15:48 Checkpoint by HitmanPro
08-08-2015 22:49:42 Checkpoint by HitmanPro
09-08-2015 07:33:30 Removed Ginger
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2015-08-06 18:10 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00FD8BB9-C4D8-449A-8E17-57BD191CD8E9} - \Driver Tool-RTMRules -> No File <==== ATTENTION
Task: {037BA8C5-287F-4073-A9AB-D7F8BDB6BB7C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1804372364-3133945013-3808614069-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {061CE78F-6EC3-4C3E-A3FC-9B05938CE3C0} - System32\Tasks\{F3EB4D9F-A69B-45C7-A25D-7F7C350C6181} => pcalua.exe -a C:\Users\John\Downloads\263.09_desktop_win7_winvista_32bit_english_whql2.exe -d C:\Users\John\Downloads
Task: {164EAB17-D168-46BB-8721-29C0F6DC00D5} - System32\Tasks\{801CC959-1CAC-457E-BD1C-63A539171119} => pcalua.exe -a C:\Users\John\Downloads\AmazonUnboxVideo.exe -d C:\Users\John\Downloads
Task: {26FBDD64-92F6-43AB-AAC1-FC860953EE89} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1804372364-3133945013-3808614069-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {275F4478-E686-45E7-8B55-F00834EA7B5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2A29B851-C8AE-4FA1-A001-00AB7203353C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-14] (Adobe Systems Incorporated)
Task: {32A39A1F-0F90-4F01-BEF6-D561AA4AB4C3} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-06-27] (Siber Systems)
Task: {337A59BD-D02F-4DB4-B059-C5767B4F7166} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1804372364-3133945013-3808614069-1001 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {3D2E2145-E794-44B7-AAC2-B5EC2517E51E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1804372364-3133945013-3808614069-1001Core => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {44C34C50-0CE4-418B-A764-C13520470061} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1804372364-3133945013-3808614069-1001UA => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-25] (Dropbox, Inc.)
Task: {45EA534C-D7B9-410C-9F62-7744481BE716} - System32\Tasks\{E1D0D111-F33F-4B53-BC2C-0A8BA417E459} => pcalua.exe -a C:\Users\John\Downloads\263.09_desktop_win7_winvista_32bit_english_whql2.exe -d C:\Users\John\Downloads
Task: {5E3F818D-1F09-47DE-9D60-F6BE2BD29F70} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {635C0D97-ACB0-4595-9F2C-55E591750BC7} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1804372364-3133945013-3808614069-1001 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {713C62A4-2B4E-41C3-BE1E-28F367FFFD9F} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {7D559331-27AC-4AA5-851B-26539A27BE3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-09] (Google Inc.)
Task: {843D571F-3F69-451D-A7A3-8AC3B69AE8BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {86F66E64-A6CD-47B4-9C79-57233E55F07B} - \Driver Tool-RTMUpdater -> No File <==== ATTENTION
Task: {90F90EF8-F05E-45AF-866B-A6B5F981823F} - System32\Tasks\{B42602B7-0B89-487E-8BE2-BA0A6B4655BC} => pcalua.exe -a "C:\Program Files\Real\RealPlayer\RPDS\uninst.exe" -d "C:\Program Files\Real\RealPlayer\RPDS"
Task: {95C38DB7-0521-4902-9A78-59739189C9F7} - System32\Tasks\{B1830F43-4371-48A4-9D5A-54832B5245CA} => pcalua.exe -a C:\Users\John\Downloads\Dr.FelixBigFishGames.exe -d C:\Users\John\Downloads
Task: {A21EE1EB-2CB8-4908-B574-BC498CCD3247} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1804372364-3133945013-3808614069-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: {A56CB239-548F-4FA1-B4D4-5740B69377CC} - System32\Tasks\{4E4E749C-E51C-4789-A075-E45008E37E7C} => pcalua.exe -a "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DHEMBRDG\forge-1.8-11.14.3.1498-installer-win.exe" -d C:\Users\John\Desktop
Task: {B2F133F2-C685-41FF-BD2C-606816A5311F} - System32\Tasks\{A5B8F248-2857-45D4-B301-1DC7A466EB4B} => pcalua.exe -a "C:\Windows.old\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe" -d "C:\Windows.old\Windows\Downloaded Program Files"
Task: {B88A6ED3-FB9C-4162-9C44-1CF590CD28C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-09] (Google Inc.)
Task: {CA737461-CAF8-4D7E-9916-1C6814BE6D1F} - System32\Tasks\{CBB71889-7E2F-4301-9081-826CB5417764} => pcalua.exe -a "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7K7KB4H\forge-1.8-11.14.3.1450-installer-win.exe" -d C:\Users\John\Desktop
Task: {D52BBF1B-FEB9-4AD8-ABE4-29AD9F86567F} - System32\Tasks\{00A3024F-2FF7-4DA1-9691-673FE072B2AC} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
Task: {D5497A54-667D-4308-8EEA-225B235F72CF} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1804372364-3133945013-3808614069-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {DC8FE6F5-1ED3-4EA1-A509-25A27A54AB8C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1804372364-3133945013-3808614069-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {DCF8B898-0973-4658-B4E0-F57260DF7917} - System32\Tasks\{4FAA3EC4-D324-4617-A5B9-124B3BE9A705} => C:\Program Files\VideoLAN\VLC\vlc.exe [2015-04-13] (VideoLAN)
Task: {EF78C50F-4289-468E-9F5E-B7712E9C7B5B} - System32\Tasks\{0CA94E0B-900A-4E84-AE3C-C54521D37C3E} => pcalua.exe -a F:\startinstall.exe -d F:\
Task: {F35ADC41-D79A-4AE2-A1AB-2A12176273C1} - System32\Tasks\AdobeAAMUpdater-1.0-John-PC-John => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {FEFD2271-BC7D-4195-99F0-159F34B3E334} - \Driver Tool-RTMScan -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1804372364-3133945013-3808614069-1001Core.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1804372364-3133945013-3808614069-1001UA.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-04-07 22:45 - 2015-06-29 16:39 - 00105672 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-13 14:16 - 2015-06-13 14:16 - 00713888 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
2011-09-23 21:54 - 2011-09-23 21:54 - 00465344 _____ () C:\Program Files\NTI\NTI Backup Now EZ\sqlite3.dll
2015-04-07 19:24 - 2015-07-24 00:22 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2015-08-09 01:03 - 2015-07-31 02:19 - 01405768 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-09 01:03 - 2015-07-31 02:19 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.130\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1804372364-3133945013-3808614069-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ADVService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cdgfwo4 => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FlexService => 2
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: nmservice => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PCSUService => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: seclogon => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk => C:\Windows\pss\Amazon Unbox.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ginger.lnk => C:\Windows\pss\Ginger.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: BackupNowEZtray => "C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D9008A74-6C29-44EC-9858-27143A408C57}] => (Allow) LPort=49182
FirewallRules: [{AEDD3604-942A-43B8-8A26-4BC0E302464D}] => (Allow) LPort=5000
FirewallRules: [{63170FC1-2B49-4BC5-89FF-300CF8DAB7B7}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{145D5BC0-EEE1-476F-805E-2D6F83DDE83D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9ACFB3BB-E1AA-4DC7-9058-2658E6792D8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{591CFA57-6398-4099-80D7-3BCF94267935}] => (Allow) LPort=67
FirewallRules: [{2B493469-8AED-4276-A398-5967038E400E}] => (Allow) LPort=67
FirewallRules: [{A86C4E85-EE9A-44A1-97AE-BD8DB816A873}] => (Allow) C:\Program Files\VSO\VSO Downloader\3\VsoDownloader.exe
FirewallRules: [{E6DF94E0-6872-4748-BB5E-DB253E9F2B44}] => (Allow) C:\Program Files\VSO\VSO Downloader\3\VsoDownloader.exe
FirewallRules: [{D918B59F-A0DD-48E4-8A09-1094D0AE2501}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9D11C3C7-A02D-4311-8FEF-C4EC057B07E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{FA704C8B-62D6-4B41-9B61-C37DDAFC7054}C:\users\john\downloads\utorrent (5).exe] => (Allow) C:\users\john\downloads\utorrent (5).exe
FirewallRules: [UDP Query User{20B5896D-7383-46FF-9EB4-58F18BBA9D3F}C:\users\john\downloads\utorrent (5).exe] => (Allow) C:\users\john\downloads\utorrent (5).exe
FirewallRules: [{0EF81CA1-7B63-4F17-B77D-01F7F20CB66C}] => (Allow) C:\Program Files\VSO\VSO Downloader\4\VsoDownloader.exe
FirewallRules: [{49D875D8-6654-429F-8FCE-E7A7C8DC9B4A}] => (Allow) C:\Program Files\VSO\VSO Downloader\4\VsoDownloader.exe
FirewallRules: [{3F00994C-3014-43E6-A40B-C37C29B4E385}] => (Allow) C:\Users\John\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E6D8BBEB-564F-4297-939E-1F51ED9502DB}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E36819BF-6C38-48FE-908A-BCEC21F4AA59}] => (Allow) LPort=2869
FirewallRules: [{7CC6480D-4515-4699-9B0B-D0BF006FEF86}] => (Allow) LPort=1900
FirewallRules: [{B3B2EADC-A744-4D56-87C8-454F83DF3EBD}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D0DA8486-1D4A-4B98-85D2-64EE741EB37E}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{EF69A8EB-07D1-4D93-8A83-B47D0776BB36}] => (Allow) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{5581ECA0-7DA9-442E-85A4-FB220EA476F5}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{949A3D60-3F13-40D6-9F7F-018FD1377AC7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D746FAA2-FB82-4609-A6EF-694B60A0FB48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{138245E1-42D5-4705-886F-11983B26930E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4E3E5EDF-3786-4A8D-BC9B-B21580C5091D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6BA11DA0-759B-44F7-8A1E-EC1574E2FFCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4E2F919C-F2C6-4D51-A27D-D9B7BAFB32C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2DAA0E76-4FB2-4C83-AC78-A9D2617B2CFB}] => (Allow) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{1790A5AF-391F-44AD-97EB-C1903F1648E4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Windows\System32\config\systemprofile\AppData\Roaming\cdgfwo4.exe] => Enabled:cdgfwo4.exe
 
==================== Faulty Device Manager Devices =============
 
Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/09/2015 02:36:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 14.0.7153.5002 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 39c
 
Start Time: 01d0d26bfff3ccc0
 
Termination Time: 8
 
Application Path: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
 
Report Id: c5e7a0b9-3e60-11e5-8ec3-001d60134f60
 
Error: (08/08/2015 09:52:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 14.0.7153.5002 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1360
 
Start Time: 01d0d234fea43dbc
 
Termination Time: 8
 
Application Path: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
 
Report Id: 3fdbe979-3e39-11e5-8ec3-001d60134f60
 
Error: (08/08/2015 07:51:08 PM) (Source: VSTO 4.0) (EventID: 4096) (User: )
Description: Customization URI: file:///C:/Program Files/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/PipelineSegments.store
Exception: Exception reading manifest from file:///C:/Program%20Files/Common%20Files/Microsoft%20Shared/VSTA/Pipeline.v10.0/PipelineSegments.store: the manifest may not be valid or the file could not be opened.
 
 
************** Exception Text **************
System.Deployment.Application.InvalidDeploymentException: Exception reading manifest from file:///C:/Program%20Files/Common%20Files/Microsoft%20Shared/VSTA/Pipeline.v10.0/PipelineSegments.store: the manifest may not be valid or the file could not be opened. ---> System.Xml.XmlException: '', hexadecimal value 0x01, is an invalid character. Line 1, position 1.
   at System.Xml.XmlTextReaderImpl.Throw(Exception e)
   at System.Xml.XmlTextReaderImpl.Throw(String res, String[] args)
   at System.Xml.XmlTextReaderImpl.Throw(Int32 pos, String res, String[] args)
   at System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Int32 pos, Char invChar)
   at System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   at System.Xml.XmlTextReaderImpl.Read()
   at System.Xml.XmlTextReader.Read()
   at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
   at System.Xml.XmlCharCheckingReader.Read()
   at System.Xml.XsdValidatingReader.Read()
   at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.GetManifests(TimeSpan timeout)
   at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
 
 
************** Loaded Assemblies **************
mscorlib
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Office.Runtime.v10.0
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.50903.0
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Office.Runtime.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
----------------------------------------
System
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Core
    Assembly Version: 3.5.0.0
    Win32 Version: 3.5.30729.5420 built by: Win7SP1
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Core/3.5.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.50903.0
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
----------------------------------------
System.AddIn
    Assembly Version: 3.5.0.0
    Win32 Version: 3.5.30729.5446 built by: Win7SP1GDR
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.AddIn/3.5.0.0__b77a5c561934e089/System.AddIn.dll
----------------------------------------
Microsoft.Office.Tools.Common.v9.0
    Assembly Version: 9.0.0.0
    Win32 Version: 9.0.30729.7079
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.Office.Tools.Common.v9.0/9.0.0.0__b03f5f7f11d50a3a/Microsoft.Office.Tools.Common.v9.0.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.50903.0
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
----------------------------------------
System.Windows.Forms
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5491 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5491 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Deployment
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5488 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Deployment/2.0.0.0__b03f5f7f11d50a3a/System.Deployment.dll
----------------------------------------
System.Configuration
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5483 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.50903.0
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
----------------------------------------
 
Error: (08/08/2015 12:59:23 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/08/2015 12:59:23 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/08/2015 12:59:23 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/08/2015 12:59:23 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (08/08/2015 12:59:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/08/2015 12:59:20 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (08/08/2015 12:59:20 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (08/09/2015 09:32:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1058
 
Error: (08/09/2015 07:15:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1058
 
Error: (08/09/2015 03:41:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1058
 
Error: (08/09/2015 03:40:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
 
Error: (08/09/2015 03:29:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1058
 
Error: (08/09/2015 03:27:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1058
 
Error: (08/09/2015 03:25:25 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (08/09/2015 03:19:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (08/09/2015 03:12:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1058
 
Error: (08/09/2015 03:10:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office:
=========================
Error: (08/09/2015 02:36:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE14.0.7153.500239c01d0d26bfff3ccc08C:\Program Files\Microsoft Office\Office14\WINWORD.EXEc5e7a0b9-3e60-11e5-8ec3-001d60134f60
 
Error: (08/08/2015 09:52:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE14.0.7153.5002136001d0d234fea43dbc8C:\Program Files\Microsoft Office\Office14\WINWORD.EXE3fdbe979-3e39-11e5-8ec3-001d60134f60
 
Error: (08/08/2015 07:51:08 PM) (Source: VSTO 4.0) (EventID: 4096) (User: )
Description: Customization URI: file:///C:/Program Files/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/PipelineSegments.store
Exception: Exception reading manifest from file:///C:/Program%20Files/Common%20Files/Microsoft%20Shared/VSTA/Pipeline.v10.0/PipelineSegments.store: the manifest may not be valid or the file could not be opened.
 
 
************** Exception Text **************
System.Deployment.Application.InvalidDeploymentException: Exception reading manifest from file:///C:/Program%20Files/Common%20Files/Microsoft%20Shared/VSTA/Pipeline.v10.0/PipelineSegments.store: the manifest may not be valid or the file could not be opened. ---> System.Xml.XmlException: '', hexadecimal value 0x01, is an invalid character. Line 1, position 1.
   at System.Xml.XmlTextReaderImpl.Throw(Exception e)
   at System.Xml.XmlTextReaderImpl.Throw(String res, String[] args)
   at System.Xml.XmlTextReaderImpl.Throw(Int32 pos, String res, String[] args)
   at System.Xml.XmlTextReaderImpl.ThrowInvalidChar(Int32 pos, Char invChar)
   at System.Xml.XmlTextReaderImpl.ParseRootLevelWhitespace()
   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   at System.Xml.XmlTextReaderImpl.Read()
   at System.Xml.XmlTextReader.Read()
   at System.Deployment.Application.ManifestValidatingReader.XmlFilteredReader.Read()
   at System.Xml.XmlCharCheckingReader.Read()
   at System.Xml.XsdValidatingReader.Read()
   at System.Deployment.Application.ManifestReader.FromDocument(String localPath, ManifestType manifestType, Uri sourceUri)
   --- End of inner exception stack trace ---
   at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.GetManifests(TimeSpan timeout)
   at Microsoft.VisualStudio.Tools.Applications.Deployment.ClickOnceAddInDeploymentManager.InstallAddIn()
 
 
************** Loaded Assemblies **************
mscorlib
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Office.Runtime.v10.0
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.50903.0
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Office.Runtime.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Office.Runtime.v10.0.dll
----------------------------------------
System
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Core
    Assembly Version: 3.5.0.0
    Win32 Version: 3.5.30729.5420 built by: Win7SP1
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Core/3.5.0.0__b77a5c561934e089/System.Core.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.50903.0
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.dll
----------------------------------------
System.AddIn
    Assembly Version: 3.5.0.0
    Win32 Version: 3.5.30729.5446 built by: Win7SP1GDR
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.AddIn/3.5.0.0__b77a5c561934e089/System.AddIn.dll
----------------------------------------
Microsoft.Office.Tools.Common.v9.0
    Assembly Version: 9.0.0.0
    Win32 Version: 9.0.30729.7079
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.Office.Tools.Common.v9.0/9.0.0.0__b03f5f7f11d50a3a/Microsoft.Office.Tools.Common.v9.0.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.50903.0
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll
----------------------------------------
System.Windows.Forms
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5491 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5491 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Deployment
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5488 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Deployment/2.0.0.0__b03f5f7f11d50a3a/System.Deployment.dll
----------------------------------------
System.Configuration
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5483 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
    Assembly Version: 2.0.0.0
    Win32 Version: 2.0.50727.5485 (Win7SP1GDR.050727-5400)
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0
    Assembly Version: 10.0.0.0
    Win32 Version: 10.0.50903.0
    CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0/10.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.dll
----------------------------------------
 
Error: (08/08/2015 12:59:23 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/08/2015 12:59:23 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/08/2015 12:59:23 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/08/2015 12:59:23 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (08/08/2015 12:59:20 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (08/08/2015 12:59:20 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (08/08/2015 12:59:20 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
 
CodeIntegrity:
===================================
  Date: 2015-07-30 11:29:40.680
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-30 11:29:40.662
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-30 11:29:40.643
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-30 11:29:40.574
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-30 11:29:40.209
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-30 11:29:40.191
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-30 11:29:40.174
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-30 11:29:40.105
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 21:51:32.058
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-29 21:51:32.039
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\37529801-035b-4080-80e8-446c4887e8be\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 3071.3 MB
Available physical RAM: 2273.71 MB
Total Virtual: 6140.92 MB
Available Virtual: 4805.25 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:288.99 GB) (Free:46.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.1 GB) (Free:1.48 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_PAVILION) (Fixed) (Total:298.09 GB) (Free:297.95 GB) NTFS
Drive k: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:864.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 86F198C8)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 334B343A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:27 PM

Posted 10 August 2015 - 05:04 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    YTD Video Downloader 4.9 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 sgm825

sgm825
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 10 August 2015 - 01:17 PM

Hi! I had to do a few things last night to make the system work again. (I got the dreaded your copy of windows is not legitimate then it would only let me log in as a guest. I believe I already removed YTD last night. I also had to go into my automatic updates and stop the process that kept making me try to download windows 10 in a never ending failed loop. removed the two updates associated with them as well. I am at least online and able to log in with my user account, although the computer itself still seems to be a bit slow and hanging a bit and the fan (I'm on a desktop) seems to be running harder/more frequently. I also got rid of Chrome and am now using only windows 11. I didn't know if having to go back in my system restore would change the things/order of thing you wanted me to do next. I also wanted to make sure I didn't do anything wrong with not deleting combo fix and all associated logs. Let me know if I should still follow your steps, or if we need to start with something else. Thanks!

 



#6 sgm825

sgm825
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 10 August 2015 - 01:19 PM

I'll do the steps you listed above now anyway, just to get thing moving along.



#7 sgm825

sgm825
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 10 August 2015 - 01:44 PM

Used Revo- no YTD. Here is as aware log

 weird- any idea why It won't let me paste from notepad? Option to paste is gray?


Edited by sgm825, 10 August 2015 - 01:45 PM.


#8 sgm825

sgm825
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 10 August 2015 - 01:47 PM

Got it- here it is

 

# AdwCleaner v4.208 - Logfile created 10/08/2015 at 14:32:09
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : John - JOHN-PC
# Running from : C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\76T6001V\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Program Files\Common Files\Innovative Solutions
Folder Deleted : C:\Users\John\AppData\Local\Innovative Solutions
File Deleted : C:\prefs.js
File Deleted : C:\Users\John\AppData\Roaming\NWJQQ
File Deleted : C:\Users\John\AppData\Roaming\UFTQD
File Deleted : C:\Users\John\AppData\Roaming\WAFIXLE
File Deleted : C:\Users\John\AppData\Roaming\XTKWS

***** [ Scheduled tasks ] *****

Task Deleted : NWJQQ
Task Deleted : UFTQD
Task Deleted : WAFIXLE
Task Deleted : XTKWS

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\6a391880-5b57-42cd-a484-ffafc4b217ce
Key Deleted : HKLM\SOFTWARE\f12178ad-2a98-82d4-c7ca-712281f454a5
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKCU\Software\AppDataLow\Software\Slick Savings
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909

*************************

AdwCleaner[R5].txt - [2276 bytes] - [10/08/2015 14:25:56]
AdwCleaner[S5].txt - [1841 bytes] - [10/08/2015 14:32:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1900  bytes] ##########



#9 sgm825

sgm825
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 10 August 2015 - 03:00 PM

Here is malwarebytes-

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/10/2015
Scan Time: 2:49 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.10.05
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 467703
Time Elapsed: 1 hr, 4 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:27 PM

Posted 10 August 2015 - 04:34 PM

Great! Let's do a final check up to make sure that no other malicious files are present:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:27 PM

Posted 15 August 2015 - 11:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users