Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSD right after you login to windows


  • This topic is locked This topic is locked
22 replies to this topic

#1 wjason777

wjason777

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 07 September 2015 - 10:21 AM

Hello, right after i login into windows i get a blue screen of death, can anyone help? I think im infected really bad.



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:45 PM

Posted 08 September 2015 - 10:02 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Edited by jntkwx, 08 September 2015 - 10:02 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:45 PM

Posted 11 September 2015 - 12:17 PM

wjason777,

It has been 3 days since my last post. Do you still need help?

If you do, please follow my previous instructions. :thumbup2:


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#4 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 11 September 2015 - 12:35 PM

Yes. Been working all week. I'm off for the weekend. Will post tonight or tomorrow.
Thanks

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:45 PM

Posted 11 September 2015 - 12:37 PM

Ok, sounds good.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 11 September 2015 - 08:24 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Shelia (administrator) on SHELIA-HP (11-09-2015 21:22:13)
Running from C:\Users\Shelia\Downloads
Loaded Profiles: Shelia (Available Profiles: Shelia & leon 2 & leon 2_2 & leon3 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-11-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [895512 2010-10-22] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-23] (AVAST Software)
HKLM-x32\...\Run: [System Checkup] => C:\Program Files (x86)\iolo\System Checkup\SystemCheckup.exe [14475048 2015-05-23] (iolo technologies, LLC)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1262704 2015-04-25] ()
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-04] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\2cc5f987-bddb-4445-b20e-7816904be9fb.exe [183232 2015-06-23] (AVAST Software)
HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-05-18] ()
HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\Run: [GoogleChromeAutoLaunch_4D9E24CBAAD9227793865D692E9EC7C5] => C:\Users\Shelia\AppData\Local\Chromium\Application\chrome.exe [656384 2015-05-18] (The Chromium Authors)
HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\Run: [Gameo] => C:\Users\Shelia\AppData\Roaming\Gameo\gameo.exe [42482176 2015-02-22] ()
HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1371456 2015-04-30] (Lavasoft)
HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6588840 2015-04-29] (Steganos Software GmbH)
HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_Plugin.exe -update plugin
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-23] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PlutoTV.lnk [2015-07-26]
ShortcutTarget: PlutoTV.lnk -> C:\Program Files (x86)\Pluto TV\PlutoTV.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-05-25]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-05-23] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-05-23] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-05-23] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-05-23] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [347976 2015-05-23] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-05-23] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-05-23] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-05-23] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-05-23] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [429392 2015-05-23] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1E026227-1E04-4343-BA19-535CE2158EBE}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggbg_15_22&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0AyD0E0A0B0BtCtDyD0EtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0C0CtBtCtC0BtGyE0DtDtBtG0CyDyCyEtGyDzztAyCtGtD0D0DyEtB0E0DzztCzytBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtBzzyCtCzzyCtGyCtB0EzytGyEtA0A0EtG0A0EyCtAtG0C0EtCtByDtCyD0EtD0FtBzz2QtN0A0LzuyE%26cr%3D1697886673%26a%3Dwny_ggbg_15_22%26os%3DWindows 7 Home Premium
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggbg_15_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0AyD0E0A0B0BtCtDyD0EtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0C0CtBtCtC0BtGyE0DtDtBtG0CyDyCyEtGyDzztAyCtGtD0D0DyEtB0E0DzztCzytBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtBzzyCtCzzyCtGyCtB0EzytGyEtA0A0EtG0A0EyCtAtG0C0EtCtByDtCyD0EtD0FtBzz2QtN0A0LzuyE%26cr%3D1697886673%26a%3Dwny_ggbg_15_22%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggbg_15_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0AyD0E0A0B0BtCtDyD0EtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0C0CtBtCtC0BtGyE0DtDtBtG0CyDyCyEtGyDzztAyCtGtD0D0DyEtB0E0DzztCzytBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtBzzyCtCzzyCtGyCtB0EzytGyEtA0A0EtG0A0EyCtAtG0C0EtCtByDtCyD0EtD0FtBzz2QtN0A0LzuyE%26cr%3D1697886673%26a%3Dwny_ggbg_15_22%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sngwb_15_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0AyD0E0A0B0BtCtDyD0EtN0D0Tzu0StCtBtAzztN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCzyyCtDzy0F0FtAtG0EtC0FzztGzzyDyC0BtG0CzyyCzztGyDzz0B0E0E0FtDtCyC0EtD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyB0C0F0B0BzzzytG0CyDtAtCtGyE0DzztDtG0AtAtByDtGzy0AyDtA0C0FtAyE0EzyyDyD2QtN0A0LzuyE%26cr%3D1303964681%26a%3Dwncy_sngwb_15_21%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2414575596-3676764922-2611753355-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggbg_15_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0AyD0E0A0B0BtCtDyD0EtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0C0CtBtCtC0BtGyE0DtDtBtG0CyDyCyEtGyDzztAyCtGtD0D0DyEtB0E0DzztCzytBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtBzzyCtCzzyCtGyCtB0EzytGyEtA0A0EtG0A0EyCtAtG0C0EtCtByDtCyD0EtD0FtBzz2QtN0A0LzuyE%26cr%3D1697886673%26a%3Dwny_ggbg_15_22%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2414575596-3676764922-2611753355-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggbg_15_22&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0AyD0E0A0B0BtCtDyD0EtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0C0CtBtCtC0BtGyE0DtDtBtG0CyDyCyEtGyDzztAyCtGtD0D0DyEtB0E0DzztCzytBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtBzzyCtCzzyCtGyCtB0EzytGyEtA0A0EtG0A0EyCtAtG0C0EtCtByDtCyD0EtD0FtBzz2QtN0A0LzuyE%26cr%3D1697886673%26a%3Dwny_ggbg_15_22%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2414575596-3676764922-2611753355-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D052415-ABA01A7CCEB2146F8A7F&form=CONBDF&conlogo=CT3330961&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-23] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2015-05-04] (PasswordBox, Inc.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-30] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-05-08] (Sun Microsystems, Inc.)
BHO-x32: Sale Charger -> {7a38e53c-e000-41e4-9b5a-47447db81c2b} -> C:\Program Files (x86)\Sale Charger\Extensions\7a38e53c-e000-41e4-9b5a-47447db81c2b.dll [2015-05-23] ()
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-23] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Shelia\AppData\Roaming\Mozilla\Firefox\Profiles\29a1odm9.default
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D052415-ABA01A7CCEB2146F8A7F&form=CONMHP&conlogo=CT3330961
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Search Provided by Yahoo
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggbg_15_22&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0AyD0E0A0B0BtCtDyD0EtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0C0CtBtCtC0BtGyE0DtDtBtG0CyDyCyEtGyDzztAyCtGtD0D0DyEtB0E0DzztCzytBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtBzzyCtCzzyCtGyCtB0EzytGyEtA0A0EtG0A0EyCtAtG0C0EtCtByDtCyD0EtD0FtBzz2QtN0A0LzuyE%26cr%3D1697886673%26a%3Dwny_ggbg_15_22%26os%3DWindows 7 Home Premium
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-31] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-31] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-05-08] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-05-08] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2414575596-3676764922-2611753355-1001: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF SearchPlugin: C:\Users\Shelia\AppData\Roaming\Mozilla\Firefox\Profiles\29a1odm9.default\searchplugins\search-provided-by-yahoo.xml [2015-05-29]
FF Extension: Sale Charger - C:\Users\Shelia\AppData\Roaming\Mozilla\Firefox\Profiles\29a1odm9.default\Extensions\{999dfb75-830f-4be2-adf1-8e98cb386aa5}.xpi [2015-05-23]
FF Extension: OkayFreedom - C:\Users\Shelia\AppData\Roaming\Mozilla\Firefox\Profiles\29a1odm9.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-06-03]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFF
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2015-09-03]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-05-29]
FF HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggbg_15_22&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0AyD0E0A0B0BtCtDyD0EtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0C0CtBtCtC0BtGyE0DtDtBtG0CyDyCyEtGyDzztAyCtGtD0D0DyEtB0E0DzztCzytBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtBzzyCtCzzyCtGyCtB0EzytGyEtA0A0EtG0A0EyCtAtG0C0EtCtByDtCyD0EtD0FtBzz2QtN0A0LzuyE%26cr%3D1697886673%26a%3Dwny_ggbg_15_22%26os%3DWindows 7 Home Premium
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggbg_15_22&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0AyD0E0A0B0BtCtDyD0EtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0C0CtBtCtC0BtGyE0DtDtBtG0CyDyCyEtGyDzztAyCtGtD0D0DyEtB0E0DzztCzytBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtBzzyCtCzzyCtGyCtB0EzytGyEtA0A0EtG0A0EyCtAtG0C0EtCtByDtCyD0EtD0FtBzz2QtN0A0LzuyE%26cr%3D1697886673%26a%3Dwny_ggbg_15_22%26os%3DWindows 7 Home Premium",
         "hxxps://www.google.com/?trackid=sp-006"
      
CHR DefaultSearchURL: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ggbg_15_22&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0DyEzzyDyCyE0AyD0E0A0B0BtCtDyD0EtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDyC0C0CtBtCtC0BtGyE0DtDtBtG0CyDyCyEtGyDzztAyCtGtD0D0DyEtB0E0DzztCzytBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtBzzyCtCzzyCtGyCtB0EzytGyEtA0A0EtG0A0EyCtAtG0C0EtCtByDtCyD0EtD0FtBzz2QtN0A0LzuyE%26cr%3D1697886673%26a%3Dwny_ggbg_15_22%26os%3DWindows 7 Home Premium&p={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Provided by Yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Shelia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Shelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Google Drive) - C:\Users\Shelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-26]
CHR Extension: (YouTube) - C:\Users\Shelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-26]
CHR Extension: (Google Search) - C:\Users\Shelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-26]
CHR Extension: (Avast SafePrice) - C:\Users\Shelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-10]
CHR Extension: (Avast Online Security) - C:\Users\Shelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Shelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
CHR Extension: (Google Wallet) - C:\Users\Shelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
CHR Extension: (Sale Charger) - C:\Users\Shelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\npgfkibkmennbfadphcpjejdpfaeaenh [2015-05-29]
CHR Extension: (Gmail) - C:\Users\Shelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-26]
CHR HKLM\...\Chrome\Extension: [aaaaadgepjkdffhjbkfjgnnffnfcffbg] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx [2015-04-17]
CHR HKLM-x32\...\Chrome\Extension: [aaaaadgepjkdffhjbkfjgnnffnfcffbg] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx [2015-04-17]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-23]

Opera:
=======
OPR Extension: (Sale Charger) - C:\Users\Shelia\AppData\Roaming\Opera Software\Opera Stable\Extensions\npgfkibkmennbfadphcpjejdpfaeaenh [2015-05-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [180632 2015-03-25] () [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-23] (AVAST Software)
S2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2368712 2015-03-05] (Comodo)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-08-13] (Comodo Security Solutions, Inc.)
S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-30] (Comodo Security Solutions, Inc.)
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2748720 2015-04-30] (Lavasoft Limited)
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [330168 2015-04-29] (Steganos Software GmbH)
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1121304 2010-10-22] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [825456 2015-04-25] ()
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-04-30] ()
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [163576 2015-08-30] (RaMMicHaeL)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptStats.dll",ENT
S2 Service Mgr SaleCharger; "C:\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugincontainer.exe" [X] <==== ATTENTION
S2 Update Mgr SaleCharger; "C:\Program Files (x86)\Common Files\322cb724-1680-423d-8862-1b52ca5027ad\updater.exe" [X] <==== ATTENTION

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [100424 2015-04-25] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2015-04-25] (360.cn)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305736 2015-04-25] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-04-25] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [314448 2015-04-25] (Qihu 360 Software Co., Ltd.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-23] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-23] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-23] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-23] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-23] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-23] (AVAST Software)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2015-04-25] (Qihu 360 Software Co., Ltd.)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2014-06-26] (Windows ® Win 7 DDK provider) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) [File not signed]
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20140520.001\IDSvia64.sys [525016 2014-03-24] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20140520.008\ENG64.SYS [126040 2014-01-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20140520.008\EX64.SYS [2099288 2014-01-17] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-02-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-11 21:22 - 2015-09-11 21:22 - 00029895 _____ C:\Users\Shelia\Downloads\FRST.txt
2015-09-11 21:22 - 2015-09-11 21:22 - 00000000 ____D C:\FRST
2015-09-11 21:21 - 2015-09-11 21:21 - 02190848 _____ (Farbar) C:\Users\Shelia\Downloads\FRST64.exe
2015-09-11 21:13 - 2015-09-11 21:13 - 00000000 ____D C:\Users\Shelia\AppData\Roaming\One System Care
2015-09-01 23:45 - 2015-09-01 23:45 - 00000013 _____ C:\Users\leon 2\.pluto.tv
2015-09-01 23:44 - 2015-09-01 23:45 - 00000000 ____D C:\Users\leon 2\AppData\Local\PlutoTV
2015-08-31 03:39 - 2015-08-31 03:39 - 00000013 _____ C:\Users\leon 2_2\.pluto.tv
2015-08-31 03:07 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-31 03:07 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-31 00:15 - 2015-09-01 23:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-30 23:46 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-30 23:46 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-30 23:46 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-30 23:46 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-30 23:46 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-30 23:46 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-30 23:46 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-30 23:46 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-30 23:45 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-30 23:45 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-30 23:45 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-30 23:45 - 2015-07-16 16:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-30 23:45 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-30 23:45 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-30 23:45 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-30 23:45 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-30 23:45 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-30 23:45 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-30 23:45 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-30 23:45 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-30 23:45 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-30 23:45 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-30 23:45 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-30 23:45 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-30 23:45 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-30 23:45 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-30 23:45 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-30 23:45 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-30 23:45 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-30 23:45 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-30 23:45 - 2015-07-16 16:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-30 23:45 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-30 23:45 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-30 23:45 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-30 23:45 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-30 23:45 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-30 23:45 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-30 23:45 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-30 23:45 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-30 23:45 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-30 23:45 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-30 23:45 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-30 23:45 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-30 23:45 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-30 23:45 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-30 23:45 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-30 23:45 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-30 23:45 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-30 23:45 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-30 23:45 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-30 23:45 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-30 23:45 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-30 23:45 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-30 23:45 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-30 23:45 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-30 23:45 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-30 23:45 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-30 23:45 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-30 23:45 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-30 23:45 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-30 23:45 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-30 23:45 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-30 23:45 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-30 23:45 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-30 23:45 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-30 23:45 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-30 23:45 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-30 23:45 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-30 23:45 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-30 23:45 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-30 23:45 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-30 23:45 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-30 23:45 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-30 23:45 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-30 23:45 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-30 23:45 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-30 23:45 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-30 23:45 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-30 23:45 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-30 23:45 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-30 23:45 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-30 23:45 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-30 23:45 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-30 23:45 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-30 23:45 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-30 23:45 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-30 23:45 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-30 23:45 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-30 23:45 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-30 23:45 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-30 23:45 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-30 23:45 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-30 23:45 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-30 23:45 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-30 23:45 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-30 23:45 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-30 23:45 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-30 23:45 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-30 23:45 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-30 23:45 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-30 23:45 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-30 23:45 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-30 23:45 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-30 23:45 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-30 23:45 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-30 23:45 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-30 23:45 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-30 23:45 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-30 23:45 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-30 23:45 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-30 23:45 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-30 23:45 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-30 23:45 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-30 23:45 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-30 23:45 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-30 23:45 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-30 23:45 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-30 23:45 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-30 23:45 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-30 23:45 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-30 23:45 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-30 23:44 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-30 23:44 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-30 23:44 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-30 23:44 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-30 23:44 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-30 23:44 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-30 23:44 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-30 23:44 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-30 23:44 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-30 23:44 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-30 23:44 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-30 23:44 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-30 23:44 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-30 23:44 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-30 23:44 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-30 23:44 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-30 23:44 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-30 23:44 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-30 23:44 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-30 23:44 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-30 23:44 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-30 23:44 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-30 23:44 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-30 23:44 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-30 23:44 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-30 23:44 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-30 23:44 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-30 23:44 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-30 23:44 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-30 23:44 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-30 23:44 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-30 23:44 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-30 23:44 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-30 23:44 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-30 23:44 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-30 23:44 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-30 23:44 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-30 23:44 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-30 23:44 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-30 23:44 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-30 23:44 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-30 23:44 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-30 23:44 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-30 23:44 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-30 23:44 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-30 23:44 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-30 23:44 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-30 23:44 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-30 23:44 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-30 23:16 - 2015-08-30 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc
2015-08-30 23:13 - 2015-08-30 23:13 - 00000000 ____D C:\Users\leon 2_2\AppData\Local\GWX
2015-08-30 23:07 - 2015-08-30 23:07 - 00000000 ____D C:\Users\leon 2_2\AppData\Roaming\Nico Mak Computing
2015-08-30 23:04 - 2015-09-03 21:56 - 00000000 ____D C:\Users\leon 2_2\AppData\Local\PlutoTV
2015-08-30 17:41 - 2015-08-30 17:41 - 00000013 _____ C:\Users\leon3\.pluto.tv
2015-08-30 17:40 - 2015-08-30 17:49 - 00000000 ____D C:\Users\leon3\AppData\Local\PlutoTV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-11 21:18 - 2011-05-12 04:25 - 01367446 _____ C:\Windows\WindowsUpdate.log
2015-09-11 21:17 - 2012-03-31 11:55 - 00000000 ____D C:\Windows\Minidump
2015-09-11 21:17 - 2012-02-17 20:16 - 00285297 ____N C:\Windows\Minidump\091115-24975-01.dmp
2015-09-11 21:15 - 2015-05-23 19:14 - 00003254 _____ C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-09-11 21:14 - 2015-06-03 18:35 - 00000278 _____ C:\Windows\Tasks\One System CareStartUp.job
2015-09-11 21:14 - 2014-12-26 20:30 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-11 21:13 - 2015-05-29 10:00 - 00000416 _____ C:\Windows\Tasks\Power Suite (Tray).job
2015-09-11 21:13 - 2015-05-29 09:25 - 00000316 _____ C:\Windows\Tasks\Start Driver Reviver for Shelia-HP@leon3(logon).job
2015-09-11 21:13 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-11 21:12 - 2012-02-17 20:16 - 00285297 ____N C:\Windows\Minidump\091115-72509-01.dmp
2015-09-11 21:12 - 2009-07-14 00:51 - 00135002 _____ C:\Windows\setupact.log
2015-09-03 22:14 - 2014-10-19 21:56 - 00000000 ___RD C:\Users\leon3\Desktop\Startup
2015-09-03 22:11 - 2012-02-17 20:16 - 00285681 ____N C:\Windows\Minidump\090315-78827-01.dmp
2015-09-03 22:08 - 2015-06-14 22:27 - 00000000 ____D C:\Users\leon 2_2\AppData\Roaming\Steganos VPN
2015-09-03 22:03 - 2012-02-17 20:16 - 00285297 ____N C:\Windows\Minidump\090315-25084-01.dmp
2015-09-03 22:00 - 2012-02-17 20:16 - 00285681 ____N C:\Windows\Minidump\090315-83054-01.dmp
2015-09-03 21:51 - 2012-02-17 20:16 - 00285297 ____N C:\Windows\Minidump\090315-22479-01.dmp
2015-09-03 21:47 - 2012-02-17 20:16 - 00285297 ____N C:\Windows\Minidump\090315-66144-01.dmp
2015-09-02 00:14 - 2012-02-17 20:16 - 00285297 ____N C:\Windows\Minidump\090215-65286-01.dmp
2015-09-02 00:14 - 2009-07-14 01:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-02 00:11 - 2015-05-23 19:11 - 00000332 _____ C:\Windows\Tasks\Chromium.job
2015-09-02 00:05 - 2012-02-17 20:16 - 00285297 ____N C:\Windows\Minidump\090215-24133-01.dmp
2015-09-02 00:02 - 2012-02-17 20:16 - 00285297 ____N C:\Windows\Minidump\090215-29016-01.dmp
2015-09-02 00:00 - 2012-02-17 20:16 - 00285681 ____N C:\Windows\Minidump\090215-32448-01.dmp
2015-09-01 23:56 - 2012-02-17 20:16 - 00285681 ____N C:\Windows\Minidump\090115-34257-01.dmp
2015-09-01 23:45 - 2015-07-04 02:08 - 00000000 ____D C:\Users\leon 2\AppData\Roaming\Steganos VPN
2015-09-01 23:45 - 2012-09-16 13:34 - 00000000 ____D C:\Users\leon 2
2015-09-01 23:41 - 2012-09-17 14:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-01 23:41 - 2012-02-17 20:16 - 00272916 _____ C:\Windows\PFRO.log
2015-08-31 03:44 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-31 03:44 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 03:39 - 2013-07-30 16:45 - 00000000 ____D C:\Users\leon 2_2
2015-08-31 03:29 - 2012-10-05 19:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-31 03:27 - 2009-07-14 00:45 - 00279280 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-31 03:26 - 2013-03-13 01:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-31 03:26 - 2013-03-13 01:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-31 03:24 - 2014-12-12 18:20 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-31 03:24 - 2014-04-30 01:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-31 03:07 - 2013-03-13 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-31 03:03 - 2014-12-26 20:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 03:00 - 2012-05-18 10:12 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSHELIA-HP$
2015-08-31 03:00 - 2012-05-18 10:12 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForSHELIA-HP$.job
2015-08-31 00:29 - 2015-06-11 22:29 - 09284296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-08-31 00:29 - 2012-10-05 19:30 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-31 00:29 - 2012-10-05 19:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-31 00:29 - 2012-02-18 10:40 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-31 00:06 - 2011-05-12 04:43 - 00000000 ____D C:\ProgramData\PDFC
2015-08-30 23:58 - 2014-12-26 20:30 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-30 23:58 - 2014-12-26 20:30 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-30 23:16 - 2015-06-21 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-08-30 23:16 - 2015-05-25 19:36 - 00002015 _____ C:\Users\Public\Desktop\GeekBuddy.lnk
2015-08-30 17:43 - 2014-12-26 20:30 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-30 17:42 - 2015-06-28 18:09 - 00000000 ____D C:\Users\leon3\AppData\Roaming\Steganos VPN
2015-08-30 17:41 - 2014-10-19 21:56 - 00000000 ____D C:\Users\leon3

==================== Files in the root of some directories =======

2013-11-28 19:53 - 2014-06-24 21:26 - 0003750 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-11-17 16:13 - 2014-11-17 16:15 - 0031319 _____ () C:\Users\Shelia\AppData\Roaming\893686b8
2014-11-17 16:13 - 2014-11-17 16:15 - 0020583 _____ () C:\Users\Shelia\AppData\Local\893686b8
2014-11-17 16:13 - 2014-11-17 16:15 - 0039654 _____ () C:\ProgramData\893686b8
2012-02-17 18:29 - 2012-02-17 18:31 - 0000359 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\leon 2\AppData\Local\Temp\ICReinstall_7zip.exe
C:\Users\leon 2\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\leon 2\AppData\Local\Temp\YgoUpdater.exe
C:\Users\Shelia\AppData\Local\Temp\DriverReviverSetup.exe
C:\Users\Shelia\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Shelia\AppData\Local\Temp\Quarantine.exe
C:\Users\Shelia\AppData\Local\Temp\sqlite3.dll
C:\Users\Shelia\AppData\Local\Temp\Update_Simplitec_PowerSuite_Auto.exe
C:\Users\Shelia\AppData\Local\Temp\YgoUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-31 00:16

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Shelia (2015-09-11 21:23:07)
Running from C:\Users\Shelia\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-02-17 22:19:41)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2414575596-3676764922-2611753355-500 - Administrator - Disabled)
Guest (S-1-5-21-2414575596-3676764922-2611753355-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2414575596-3676764922-2611753355-1002 - Limited - Enabled)
leon 2 (S-1-5-21-2414575596-3676764922-2611753355-1004 - Limited - Enabled) => C:\Users\leon 2
leon 2_2 (S-1-5-21-2414575596-3676764922-2611753355-1005 - Limited - Enabled) => C:\Users\leon 2_2
leon3 (S-1-5-21-2414575596-3676764922-2611753355-1006 - Limited - Enabled) => C:\Users\leon3
Shelia (S-1-5-21-2414575596-3676764922-2611753355-1001 - Administrator - Enabled) => C:\Users\Shelia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 6.6.0.1023 - 360 Security Center)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Ad-Aware Web Companion (x32 Version: 1.1.987.2028 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}) (Version: 3.0.795.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Awakening: The Skyward Castle (HKLM-x32\...\BFG-Awakening - The Skyward Castle) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Buzzdock (HKLM-x32\...\{cfd32d46-7d3f-483f-bace-7172aec5592d}) (Version:  - Alactro LLC) <==== ATTENTION
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
ccc-core-static (x32 Version: 2010.1123.1002.17926 - ATI) Hidden
Chromium (HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\Chromium) (Version: 45.0.2406.0 - Chromium)
Chromodo (HKLM-x32\...\Chromodo) (Version: 36.6.0.57 - Comodo)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DealPly (HKU\.DEFAULT\...\DealPly) (Version:  - ) <==== ATTENTION
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: 0.11.0.9359 - Blizzard Entertainment)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Driver Reviver (HKLM\...\Driver Reviver) (Version: 5.1.0.24 - ReviverSoft LLC)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Finally Fast (HKLM-x32\...\Finally Fast) (Version: 8.3.9 - Ascentive)
FrostWire 4.21.8 (HKLM-x32\...\FrostWire) (Version: 4.21.8.0 - FrostWire Team)
FrostWire 6.1.1 (HKLM-x32\...\FrostWire 6) (Version: 6.1.1.1 - FrostWire LLC)
Frostwire Packages (HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\Frostwire Packages) (Version:  - ) <==== ATTENTION
Gameo (HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\Gameo) (Version: 0.13.7 - IronSource Ltd.) <==== ATTENTION
GeekBuddy (HKLM\...\{A09AEC8C-5054-4E92-93DE-EA0B8C73BCF2}) (Version: 4.21.144 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version:  - )
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart C4600 All-In-One Driver 14.0 Rel. 5 (HKLM\...\{1E1746EF-F5BF-4677-8F30-04FE399130DA}) (Version: 14.0 - HP)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.1.0 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java™ 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
Kusarunam version 4.5 (HKLM-x32\...\Kusarunam_is1) (Version: 4.5 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LavasoftTcpService (x32 Version: 2.3.4.2 - Lavasoft) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Malware version 1.65.1.1000 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.1.1000 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.5.3 - Steganos Software GmbH)
One System Care (HKLM-x32\...\OneSystemCare) (Version: 2.00.00.1 - OneSystemCare)
Open Downloader Manager (HKLM-x32\...\OpenDownloaderManager) (Version:  - )
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.14 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pluto TV version 0.1.3 (HKLM-x32\...\Pluto TV_is1) (Version: 0.1.3 - Pluto TV)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 -  NewspaperDirect Inc.)
Pro PC Cleaner (HKLM-x32\...\{5E27F25E-D7A0-4DCE-B954-FB60C1E6953C}) (Version: 2.5.9 - Pro PC Cleaner) <==== ATTENTION
PS_AIO_05_C4600_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Quick PC Booster (HKLM\...\Quick PC Booster) (Version: 4.0.6.7 - Xportsoft Technologies)
QuickShare (HKLM-x32\...\{CF56E507-A96E-4973-B7FB-E49542AE5875}) (Version: 1.148.60.12560 - Linkury Inc.) <==== ATTENTION
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Registry Dr (HKLM-x32\...\{A6A9374C-4A54-4F08-AF5A-F893F0B6B900}) (Version: 2.5.9 - EuroTrade A.L. Ltd) <==== ATTENTION
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Sale Charger (HKLM-x32\...\Sale Charger) (Version: 2.0.5621.26423 - Sale Charger) <==== ATTENTION
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Search App by Ask (HKLM-x32\...\{46575637-2D53-5000-76A7-A758B70C1B00}) (Version: 12.27.0.1156 - APN, LLC) <==== ATTENTION
simpliclean (HKLM-x32\...\simplitec POWER SUITE_is1) (Version: 2.3.1.241 - simplitec GmbH)
Smileys We Love Toolbar for IE (HKLM-x32\...\{00E6509F-EFAC-408B-9F1D-27B866902AAF}) (Version: 3.0.22 - SqueekyChocolate, LLC) <==== ATTENTION
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.1.28 - iolo technologies, LLC)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Unchecky v0.3.9 (HKLM-x32\...\Unchecky) (Version: 0.3.9 - RaMMicHaeL)
VideoPlayer v2.0.6 (HKLM-x32\...\VideoPlayer) (Version: v2.0.6 - TUGUU SL) <==== ATTENTION
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
WeatherApp (HKLM-x32\...\WeatherApp 1.0.0.0) (Version: 1.0.0.0 - Portable WeatherApp)
WeatherApp (x32 Version: 1.0.0.0 - Portable WeatherApp) Hidden
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Web Companion (HKLM-x32\...\{AEC923AC-C3BE-4A7C-8CEB-6822C888CF2E}_WebCompanion) (Version: 1.1.987.2028 - Lavasoft)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.15248 - WinZip International LLC)
WinZip Registry Optimizer (HKLM-x32\...\WinZip Registry Optimizer_is1) (Version: 1.0 - WinZip International LLC)
YGOPro DevPro version 1.9.7 r2 (HKLM-x32\...\{3CF2634F-3F38-4DD3-9201-CB2FE6B5FF23}_is1) (Version: 1.9.7 r2 - YGOPro DevPro Online)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
ZSoft Uninstaller 2.5 (HKLM-x32\...\ZSoft Uninstaller) (Version: 2.5 - ZSoft Software)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

25-07-2015 23:15:51 Windows Update
26-07-2015 11:00:49 Windows Update
08-08-2015 16:34:21 Scheduled Checkpoint
30-08-2015 17:46:30 Windows Update
31-08-2015 03:00:28 Windows Update
31-08-2015 03:48:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-09-11 21:15 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DF86656-004E-4AA2-B148-EAEFF4B009B2} - System32\Tasks\Finally Fast_Shelia-HP@Shelia => C:\Program Files (x86)\Ascentive\Finally Fast\FinallyFast.exe [2015-03-24] (Ascentive LLC)
Task: {108A21AE-060E-4CCF-BAE8-9804E59EBF9D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {143B5DF9-089D-4D40-ACDF-9953B14DFFF0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-02-04] (Microsoft)
Task: {1E3BD6AD-EAC2-4339-974C-43F843A24304} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe [2015-05-04] () <==== ATTENTION
Task: {296CD168-9EBF-4238-802C-B3A2B5571931} - System32\Tasks\gameo_update => C:\Users\Shelia\AppData\Roaming\Gameo\gameo.exe [2015-02-22] () <==== ATTENTION
Task: {2E0EF6D8-B4FF-4129-BE0B-A58A77DA26F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-31] (Adobe Systems Incorporated)
Task: {400B0E95-D901-451E-87B4-9EDE48386422} - System32\Tasks\Power Suite => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe [2014-10-15] (simplitec GmbH)
Task: {423602F4-E5DD-43CC-ACA8-F53BA40999CB} - System32\Tasks\Start Driver Reviver for Shelia-HP@leon3(logon) => C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe [2015-05-14] ()
Task: {5777AAC8-2911-4DC3-A544-4D5D6663D5EF} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe [2014-09-30] (WinZip Computing, S.L. (WinZip Computing))
Task: {58D56E67-4B8F-4D07-AB04-F418CE595B06} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink)
Task: {5D19B2EF-DAA9-426F-8788-973122D44EE9} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-05-28] ()
Task: {64A11168-2EC9-492F-A105-F5DD45FE6AF1} - System32\Tasks\DST => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2010-09-21] (Microsoft)
Task: {761707BD-CAAE-4E8D-ACF2-ECA2CBA02FF8} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-05-18] () <==== ATTENTION
Task: {7E308F35-39FA-40D8-AFBA-7B1127EA3126} - System32\Tasks\Finally Fast@Logon => C:\Program Files (x86)\Ascentive\Finally Fast\FinallyFast.exe [2015-03-24] (Ascentive LLC)
Task: {8F53B758-EA48-40CB-910B-9109CEACB211} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe [2014-11-24] () <==== ATTENTION
Task: {8FBCC83D-5584-4918-8220-3A073A69F404} - System32\Tasks\Chromium => C:\Users\Shelia\AppData\Local\Chromium\Application\45.0.2406.0\Installer\uninstall.exe [2015-05-23] ()
Task: {95D47B63-ECC0-4D65-8B1A-4AEDCD1F8066} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-11-21] (Pro PC Cleaner) <==== ATTENTION
Task: {A10BAC82-7356-407E-92BA-AE4EE7DCD453} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A665D6B9-03AC-4F92-A9E0-3E6BD5E86749} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-11-21] () <==== ATTENTION
Task: {AD9159B8-F53E-4B3D-B1AE-8071C258AAC4} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe [2015-05-04] (Portable WeatherApp) <==== ATTENTION
Task: {AED46F4E-D1AF-457B-92CC-90B346E21A8C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {B17B2485-AE94-4174-891C-579582729B71} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe [2014-11-24] () <==== ATTENTION
Task: {B5210C4E-024C-4DEA-A6BF-227494935E38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-02-04] (Microsoft)
Task: {B5DFE688-6316-49D0-BC22-08FF9EF9E533} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BBC7037B-5D93-4639-A145-D0C3FA6CF4BE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-23] (AVAST Software)
Task: {BECA168F-6908-4A05-AEFC-C0798C78368E} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2015-05-20] (Nico Mak Computing)
Task: {BFFBE4CB-0B5E-45F4-A766-8378D94A6E28} - System32\Tasks\HPCeeScheduleForSHELIA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {C3B59F8A-639C-4BA7-B245-C706D46EFDF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C44285A8-AC97-4A01-B4F1-E0DA7BA37A75} - System32\Tasks\Registry Optimizer_DEFAULT => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe [2014-09-30] (WinZip Computing, S.L. (WinZip Computing))
Task: {C6BD0C51-6C2E-493C-856D-F912B620366A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {CCBFF76A-A6E6-4D95-88BE-D9154A1A5F72} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {D2BAAB25-23E5-48E4-A52D-7ECCBE5A5369} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe [2015-05-04] () <==== ATTENTION
Task: {D30F9859-A770-41F8-A975-1A61466D9E56} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe [2014-09-30] (WinZip Computing, S.L. (WinZip Computing))
Task: {F19CF520-0B29-4894-A086-783C997C450A} - System32\Tasks\Power Suite (Tray) => C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe [2014-10-15] (simplitec GmbH)
Task: {F8B38B63-CFD4-4011-B3BD-334D77017A1F} - System32\Tasks\One System CareStartUp => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-05-28] ()
Task: {FD9A052C-4058-44D0-A112-0AC7840F40AC} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2015-05-23] ()
Task: {FDC64F14-0927-428D-AE1E-7C66F6811069} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Chromium.job => C:\Users\Shelia\AppData\Local\Chromium\APPLIC~1\450240~1.0\INSTAL~1\UNINST~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSHELIA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
Task: C:\Windows\Tasks\One System CareStartUp.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
Task: C:\Windows\Tasks\Power Suite (Tray).job => C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
Task: C:\Windows\Tasks\Power Suite.job => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe
Task: C:\Windows\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\Start Driver Reviver for Shelia-HP@leon3(logon).job => C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-31 00:29 - 2015-08-31 00:29 - 17482952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2414575596-3676764922-2611753355-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shelia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A1D5ED73-DFF0-4FBD-870C-D0D92D06BF79}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{35487678-6A6F-4F2A-9A24-7808CAB8916D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{687509AF-FD0E-456D-9939-99736ECBB565}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{979991E0-4E27-4BEE-A387-09D9C418FE9A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{8525BBA6-8C90-425D-8F34-7C361FAF20B7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{F34526E4-E4D5-4664-9D3A-3A3D7DC50CD4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{B2189766-3C56-40C3-8D65-060E0087BA84}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{0015BF00-044E-4673-8297-CFE3EB99661E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{38E8B578-67DD-49EE-AA18-E4009C8DB445}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{3FC399F3-28FA-4681-94E7-90D38F7049D5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{B832071B-B7E9-4811-BC3A-57D90B324095}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{AE385B7F-1C4B-44DD-8450-F0F8DA959EE3}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{59747633-880C-48F8-9D13-B47864204845}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{06B4817F-BAE9-45CB-9487-9B7DE0851873}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{081EE714-9C4D-4506-87E1-9DD5CAD09329}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{937DCCA7-CFDD-42CC-ACE7-4338FF5EA669}] => (Allow) LPort=2869
FirewallRules: [{1144DA48-A057-4B4A-B742-D1192C3DCA00}] => (Allow) LPort=1900
FirewallRules: [{A03E9DFF-611F-402D-89BF-1B24F1A1ED7B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2E5C1A1C-EE60-45E5-A7CF-2561BD9A1036}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{01B4A597-02B0-4E91-ABF4-E43150C7F90E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{2DDD0409-8F9C-42FC-8AE8-D60FCD08324C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{663A4F8E-FDE9-47DA-97CF-3744920CA8F4}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7D9A5AB6-E01B-4A90-B4AD-314F82978997}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{241002E5-E3C2-4070-9B2A-91E6F3EBF420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D1FDB5E-1C32-4A1F-ADC5-D75480B5B7F0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6FA95B73-EC72-480A-8735-F8E70ADFFE3D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{43F5819F-E3BB-4080-B25F-9E7A3A393A77}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe
FirewallRules: [{1C059393-397E-47C7-A516-BFA559DEAFDA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.515\Agent.exe
FirewallRules: [{54EB5E78-85DF-4B2F-94B3-92DBFBB8BB70}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe
FirewallRules: [{A22CCC90-E7D7-4073-80A5-98874EF8D6F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.868\Agent.exe
FirewallRules: [{6D768204-8EBC-45F0-886A-1898531BB305}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{6594BD01-3629-4D6A-9C13-8B3456C29CF1}] => (Allow) C:\Program Files (x86)\Diablo III Beta\Diablo III.exe
FirewallRules: [{8DFF84E7-E64A-418B-8F90-50F1829F2363}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{C9E40788-3892-4D4E-B854-69F7E5955A75}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{037980A3-C82C-441F-A5B8-977A721DDAD6}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{2DD730A6-6169-4070-8EE8-D22F793875C4}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{551F3209-2CF9-45AC-AD27-E37DDD826EDA}] => (Allow) C:\Program Files (x86)\Shop to Win 29\TroubleShooter.exe
FirewallRules: [{664552E7-983E-4C43-A2D0-3C6E3C8877E3}] => (Allow) C:\Program Files (x86)\Shop to Win 29\TroubleShooter.exe
FirewallRules: [{072D3D75-8704-4CC7-8B53-B680A14340E3}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{CE8407D7-11D7-466E-8479-6B81EB5839E7}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [TCP Query User{8B785558-47D8-4419-9E78-FA19A3D0765F}C:\program files (x86)\devpro\devpro.dll] => (Block) C:\program files (x86)\devpro\devpro.dll
FirewallRules: [UDP Query User{F1365770-5C5C-4B52-9C6B-8E98429F2725}C:\program files (x86)\devpro\devpro.dll] => (Block) C:\program files (x86)\devpro\devpro.dll
FirewallRules: [{2277022C-61F5-4897-AEC3-F2D4BA98C71B}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{24FE1349-D8CA-4D95-84E5-3DB28C4CDBBA}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
FirewallRules: [{2EE2AB85-1FAF-4383-97D3-5D3A77B4305A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4DAF3FDC-2831-4B99-AAD0-B2F3C0BCDE37}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{788C9F78-B26B-4151-90E8-391055A43891}] => (Allow) C:\Users\Shelia\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{DE17330B-8328-4EE0-A073-C4085865110B}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{FDAEBEB1-EB63-4830-AA1D-1754C976028D}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [TCP Query User{30D1F756-3A34-4C69-BAED-C5DA6BBFD90E}C:\program files (x86)\limepro\limepro.exe] => (Allow) C:\program files (x86)\limepro\limepro.exe
FirewallRules: [UDP Query User{479A80FE-BAFD-4037-AEF7-3BE7CCA051EF}C:\program files (x86)\limepro\limepro.exe] => (Allow) C:\program files (x86)\limepro\limepro.exe
FirewallRules: [{C6C66BDC-8B87-4706-A7F7-5E890EC7B598}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe
FirewallRules: [{0E849456-8322-4212-9153-FFBC575F9255}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe
FirewallRules: [{E7E111F8-27AB-4FBF-990A-09B6A68406E2}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{822CA05C-3213-409A-A600-6AD4CA7DF6AA}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{FA22159E-20E0-4A1D-8A0E-1DBF4E6904D7}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{B15B6B72-0417-4D06-9A1B-A72F5725560B}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{8EFE424B-BCF1-4B22-B7C0-8CEAF7E94277}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{512F97C1-F49F-4D74-8693-DF8295DAF411}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [TCP Query User{EB5F2D99-9041-4EC5-8139-062586AD25BD}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exe
FirewallRules: [UDP Query User{304E620C-B164-42EE-B25F-A7199BB768A3}C:\program files (x86)\360\total security\safemon\qhsafetray.exe] => (Block) C:\program files (x86)\360\total security\safemon\qhsafetray.exe
FirewallRules: [{7C119745-73AB-4604-9DFD-C89EEC9F7765}] => (Allow) C:\Users\Shelia\AppData\Roaming\Steganos\OkayFreedom\Proxy\node.exe
FirewallRules: [{DA660B5E-C2F8-4F3F-AF88-589CA106F1C9}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{8F311ED4-A435-4D35-9C67-20297A18B1A9}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [TCP Query User{B422C5B7-A4D6-4366-B614-0DD74F393965}C:\users\leon 2_2\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon 2_2\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [UDP Query User{196523EE-A95F-448F-9B92-AE1503739849}C:\users\leon 2_2\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon 2_2\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [TCP Query User{B004E3EB-6EB2-437E-AAF8-DFE886AB5497}C:\users\leon3\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon3\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [UDP Query User{23822F6B-B991-43F8-A5DB-6FDE01F6EC83}C:\users\leon3\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon3\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [TCP Query User{D4F69907-384B-4824-9CAD-C7F10B721E4E}C:\users\leon3\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon3\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [UDP Query User{32B93391-E220-4F24-BC53-BE8C1A4127C9}C:\users\leon3\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon3\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [{A28D7824-B084-4118-8455-41D9D7F03DE7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{794589BC-7361-4069-A8CA-B9BA381C77F6}C:\users\leon 2\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon 2\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [UDP Query User{4EDF06F6-9DB0-4B02-9A30-45999BA24CBB}C:\users\leon 2\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon 2\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [TCP Query User{CF32EB1A-7AFB-4AC9-98D9-D13C9C1D5A1B}C:\users\leon 2\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon 2\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [UDP Query User{1E58D7DA-2CDB-4F7E-B16D-12E7C72B9E03}C:\users\leon 2\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon 2\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [TCP Query User{735B8B00-7E98-4636-AD2F-40150494C332}C:\users\leon 2_2\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon 2_2\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [UDP Query User{22B0AA6F-763F-405A-97F6-7884CF4A00E7}C:\users\leon 2_2\appdata\roaming\steganos\okayfreedom\proxy\node.exe] => (Block) C:\users\leon 2_2\appdata\roaming\steganos\okayfreedom\proxy\node.exe
FirewallRules: [{8C9D1669-62A3-457C-B027-3AB85DA29839}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2015 12:08:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (08/30/2015 05:45:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Winzipro.exe version 2.0.72.3001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 980

Start Time: 01d0e36c7625f8cb

Termination Time: 5

Application Path: C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe

Report Id: 6b117f6b-4f60-11e5-b2cf-d48564a5eabb

Error: (07/24/2015 03:50:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000374
Fault offset: 0x00000000000bfc22
Faulting process id: 0x10f4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/13/2015 07:24:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000374
Fault offset: 0x00000000000bfc22
Faulting process id: 0x94c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/12/2015 09:39:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Winzipro.exe version 2.0.72.3001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9d4

Start Time: 01d0bd0bdf33373d

Termination Time: 0

Application Path: C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe

Report Id: eecbb08e-28ff-11e5-a067-d48564a5eabb

Error: (07/08/2015 06:30:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Winzipro.exe version 2.0.72.3001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10a0

Start Time: 01d0b9cd269f1413

Termination Time: 3

Application Path: C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe

Report Id: e9398502-25c0-11e5-b87f-d48564a5eabb

Error: (07/04/2015 06:35:42 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{398A8AD3-E7F8-425F-B1E1-C264659AE8EE}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}iTunes ISensLogon StopScreenSaver

Error: (07/04/2015 06:35:42 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{80328612-D857-4D8D-98F0-170DF27BCB0C}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}iTunes ISensLogon StartScreenSaver

Error: (07/04/2015 06:35:42 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{D9E3A134-A375-4589-99F5-D38A0A0E0550}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}iTunes ISensLogon DisplayUnlock

Error: (07/04/2015 06:35:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iTunes.exe, version: 12.2.0.145, time stamp: 0x5591d34c
Faulting module name: iTunesCore.dll, version: 12.2.0.145, time stamp: 0x5591d332
Exception code: 0xc000041d
Fault offset: 0x0000000000b03213
Faulting process id: 0x1b78
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3


System errors:
=============
Error: (09/11/2015 09:21:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/11/2015 09:21:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/11/2015 09:21:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/11/2015 09:21:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/11/2015 09:21:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/11/2015 09:21:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/11/2015 09:19:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/11/2015 09:19:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/11/2015 09:19:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/11/2015 09:18:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (09/02/2015 12:08:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (08/30/2015 05:45:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Winzipro.exe2.0.72.300198001d0e36c7625f8cb5C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe6b117f6b-4f60-11e5-b2cf-d48564a5eabb

Error: (07/24/2015 03:50:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18869556366f2c000037400000000000bfc2210f401d0c64131e1bd1bC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll2e3be1f4-323d-11e5-a1bf-d48564a5eabb

Error: (07/13/2015 07:24:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18869556366f2c000037400000000000bfc2294c01d0bdbb98a996e4C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll60440a4d-29b6-11e5-aee5-d48564a5eabb

Error: (07/12/2015 09:39:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Winzipro.exe2.0.72.30019d401d0bd0bdf33373d0C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exeeecbb08e-28ff-11e5-a067-d48564a5eabb

Error: (07/08/2015 06:30:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Winzipro.exe2.0.72.300110a001d0b9cd269f14133C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exee9398502-25c0-11e5-b87f-d48564a5eabb

Error: (07/04/2015 06:35:42 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{398A8AD3-E7F8-425F-B1E1-C264659AE8EE}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}iTunes ISensLogon StopScreenSaver

Error: (07/04/2015 06:35:42 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{80328612-D857-4D8D-98F0-170DF27BCB0C}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}iTunes ISensLogon StartScreenSaver

Error: (07/04/2015 06:35:42 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{D9E3A134-A375-4589-99F5-D38A0A0E0550}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}iTunes ISensLogon DisplayUnlock

Error: (07/04/2015 06:35:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.2.0.1455591d34ciTunesCore.dll12.2.0.1455591d332c000041d0000000000b032131b7801d0b6451c8422dfC:\Program Files\iTunes\iTunes.exeC:\Program Files\iTunes\iTunesCore.dll631999fe-2238-11e5-88f7-d48564a5eabb


==================== Memory info ===========================

Processor: AMD Phenom™ II X6 1090T Processor
Percentage of memory in use: 13%
Total physical RAM: 8183.89 MB
Available physical RAM: 7051.42 MB
Total Virtual: 16365.99 MB
Available Virtual: 15303.73 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.1 GB) (Free:798.18 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:13.13 GB) (Free:1.61 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 1AB69AF2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:45 PM

Posted 12 September 2015 - 12:05 PM

I think you're seeing the BSOD right after you login to Windows because there are two antivirus programs installed - Avast and Norton Internet Security. Although it looks like there are only remnants of Avast leftover, but these could be enough to conflict with Norton.
 
Avast Uninstall Utility

  • Start Windows in Safe Mode
  • Download avastclear.exe and save it to your desktop
  • Double click on avastclear.exe to run it
  • If you installed Avast in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  • Click REMOVE
  • Restart your computer

How is the computer running now?


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 12 September 2015 - 06:51 PM

its still giving me BSOD.



#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:45 PM

Posted 12 September 2015 - 06:53 PM

We Need to Diagnose Your BlueScreen

  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    advancedoptions.png
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    bsod_c.jpg

Please post me the error(s).


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 12 September 2015 - 06:55 PM

Could i use BlueScreenView 1.52



#11 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 12 September 2015 - 07:00 PM

==================================================
Dump File         : 091215-24055-01.dmp
Crash Time        : 9/12/2015 7:49:04 PM
Bug Check String  : REGISTRY_ERROR
Bug Check Code    : 0x00000051
Parameter 1       : 00000000`00000001
Parameter 2       : fffff8a0`00023010
Parameter 3       : 00000000`01047000
Parameter 4       : 00000000`00000374
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+735c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.18933 (win7sp1_gdr.150715-0600)
Processor         : x64
Crash Address     : ntoskrnl.exe+735c0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\091215-24055-01.dmp
Processors Count  : 6
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 285,241
Dump File Time    : 9/12/2015 7:50:03 PM
==================================================



#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:45 PM

Posted 12 September 2015 - 07:55 PM

Please attach the dump file: C:\Windows\Minidump\091215-24055-01.dmp to your next post.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 12 September 2015 - 08:01 PM

this web site is not allowing me to attach those kind of files, when i try to open it with notepad its just a bunch of symbols and letters



#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:45 PM

Posted 12 September 2015 - 08:06 PM

Try uploading the file here, and then copy/paste the link to the file.  http://www.filetolink.com/


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 wjason777

wjason777
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 12 September 2015 - 08:08 PM

http://www.filetolink.com/7fe1cf078d






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users