Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop ups taking over computer


  • This topic is locked This topic is locked
25 replies to this topic

#1 betc

betc

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 26 September 2015 - 03:57 PM

can not use internet browsers, ad pop ups keep opening up new windows



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 26 September 2015 - 04:17 PM

Hi and welcome, :)

Let's get started.

 

You have indicated that you are unable to run any applications on your sick computer due to browser redirection and pop-ups.

Try this first. If it fails then let me know and I will tell you what to do next.

Don't make any changes to the computer or do anything from this point forward without checking with me first.

Please scan with FRST from the Recovery Environment

 

Read through these instructions a few times.  It can be confusing.  Let me know if you have questions.

On your clean computer, please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system (x32 or x64). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Plug the flashdrive into the infected PC.
    • Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin rapidly tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: If you are unsuccessful just post back here and let me know and I will help you.
 

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter (write it down) and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste the log's in your next reply here.


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 betc

betc
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 26 September 2015 - 04:49 PM

Error message from command window tells me my drive letter and command are unrecognized as an internal or external command, operable program or batch file

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 26 September 2015 - 05:13 PM

No problem.  We will get it.  :thumbup2:
 
Try this next..

Confirm that FRST and FRST64 are on your USB.

Please download Rkill from one of the 4 links below and save it to your USB from your clean computer - you might need more than one version so download them all if you can:
 

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software on your sick computer. Please refer to this page if you are not sure how.
  • Please confirm that FRST & RKill are on the USB
  • Plug the USB into the sick computer
  • Navigate to the USB
  • Run Rkill. (right-click & Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

Next...

 

Rrun the Farbar Recover Scan Tool for either 32 bit or 64 bit systems from your USB

  • If you are unsure if you have 32 bit or 64 bit simply run both one at a time.  Only one will run.  That's the correct one.
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should be saved to your USB named FRST.txt & Addition.txt.
  • Please copy and paste the contents of both in your reply

Let me know if you have any troubles.

 

Copy and paste the RKill log, FRST log and Addition.txt here

Regards,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 betc

betc
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 26 September 2015 - 05:45 PM

Rkl was run 3 x

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/26/2015 05:30:29 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 09/26/2015 05:30:33 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
 
Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/26/2015 05:30:29 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 09/26/2015 05:30:33 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
 
 
Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/26/2015 05:30:57 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 09/26/2015 05:31:01 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by morton (administrator) on MORTON-PC (26-09-2015 17:36:44)
Running from H:\
Loaded Profiles: morton (Available Profiles: morton)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Google Inc.) C:\Users\morton\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\morton\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\morton\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\morton\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12616 2012-01-10] (Alienware)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Run: [Google Update] => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\MountPoints2: {38259ee3-d29b-11e3-9c5d-f04da2de4bb7} - F:\AutoRun.exe
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\MountPoints2: {914c792f-9490-11e3-83c3-bb5fbd74a8bb} - F:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-03-22] (NVIDIA Corporation)
Startup: C:\Users\morton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-02-14]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\morton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012-10-06] ()
BootExecute: autocheck autochk * sh4native Sh4Removal
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{44F4CB51-42C8-4CE4-80E2-E6E9DFED9BAA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{65863D20-4FEC-4CA3-A1FC-83DC6C38EEC5}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.alienwarearena.com/welcome-us
SearchScopes: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001 -> DefaultScope {CE68968B-A9CF-4D68-8A08-AF41DEE6CF08} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001 -> {CE68968B-A9CF-4D68-8A08-AF41DEE6CF08} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1531413298-3241576193-1501229024-1001: @tools.google.com/Google Update;version=3 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1531413298-3241576193-1501229024-1001: @tools.google.com/Google Update;version=9 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1531413298-3241576193-1501229024-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\morton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-22] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1531413298-3241576193-1501229024-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-15] (Amazon.com, Inc.)
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Users\morton\AppData\Local\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\morton\AppData\Local\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll => No File
CHR Plugin: (Perion plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll => No File
CHR Plugin: (Perion plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll => No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll => No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/np-cwmp.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\morton\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Profile: C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20]
CHR Extension: (YouTube) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-09]
CHR Extension: (Google Search) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-09]
CHR Extension: (No Name) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg [2013-04-09]
CHR Extension: (Notificatoin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2013-11-23]
CHR Extension: (Gmail) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-09]
CHR Profile: C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-21]
CHR Extension: (Google Drive) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-21]
CHR Extension: (YouTube) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-21]
CHR Extension: (Adblock Plus) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-09]
CHR Extension: (Google Search) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-21]
CHR Extension: (Google Docs Offline) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-21]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-11-21]
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx [2012-11-21]
StartMenuInternet: Google Chrome - C:\Users\morton\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-02-14] (Adobe Systems) [File not signed]
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-09-11] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-04] (Micro-Star Int'l Co., Ltd.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S2 NetHttpService; C:\Windows\SysWOW64\nethtsrv.exe [350208 2015-08-01] () [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 ServiceUpdater; C:\Windows\SysWOW64\netupdsrv.exe [190976 2015-08-01] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2013-07-17] (Enigma Software Group USA, LLC.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [46160 2015-08-01] (nethfdrv)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 GPU-Z; \??\C:\Users\morton\AppData\Local\Temp\GPU-Z.sys [X]
S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-26 17:35 - 2015-09-26 17:36 - 00000000 ____D C:\FRST
2015-09-26 17:27 - 2015-09-26 17:31 - 00002336 _____ C:\Users\morton\Desktop\Rkill.txt
2015-09-26 17:26 - 2015-09-26 17:26 - 00000687 _____ C:\awh472.tmp
2015-09-25 16:15 - 2015-09-25 16:15 - 00000687 _____ C:\awh2D27.tmp
2015-09-24 16:15 - 2015-09-24 16:15 - 00000687 _____ C:\awh9037.tmp
2015-09-15 19:57 - 2015-09-15 19:57 - 28463616 _____ C:\Users\morton\Downloads\Ch53_-_CommunityEcology2008_KF.ppt
2015-09-15 19:57 - 2015-09-15 19:57 - 00078336 _____ C:\Users\morton\Downloads\ap notes chapter 55 (1).ppt
2015-09-15 19:55 - 2015-09-15 19:55 - 08519168 _____ C:\Users\morton\Downloads\Ch55_-_EcosystemDisaster2008_KF.ppt
2015-09-15 19:51 - 2015-09-15 19:51 - 00078336 _____ C:\Users\morton\Downloads\ap notes chapter 55.ppt
2015-09-13 20:05 - 2015-09-13 20:18 - 00007598 _____ C:\Users\morton\AppData\Local\Resmon.ResmonCfg
2015-09-13 11:19 - 2015-09-13 11:19 - 00000687 _____ C:\awh522C.tmp
2015-09-11 10:05 - 2015-09-11 10:05 - 52266712 _____ (悠然天地科技有限公司) C:\Users\morton\Downloads\iTunesDriver64_0205.exe
2015-09-11 10:04 - 2015-09-11 10:04 - 09983584 _____ (MEGA Limited) C:\Users\morton\Downloads\MEGAsyncSetup.exe
2015-09-11 10:02 - 2015-09-11 10:02 - 00000000 ____D C:\Users\morton\AppData\Roaming\TaiG
2015-09-11 10:02 - 2015-07-15 02:54 - 72369664 _____ (taig tools) C:\Users\morton\Desktop\TaiGJBreak_EN_2430.exe
2015-09-11 10:00 - 2015-09-11 10:01 - 70697202 _____ C:\Users\morton\Downloads\TaiGJBreak_EN_2430.zip
2015-09-10 09:16 - 2015-09-10 09:16 - 00000687 _____ C:\awh619F.tmp
2015-09-10 09:09 - 2015-09-10 09:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-10 09:09 - 2015-09-10 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-10 09:08 - 2015-09-10 09:09 - 00000000 ____D C:\Program Files\iTunes
2015-09-10 09:08 - 2015-09-10 09:08 - 00000000 ____D C:\Program Files\iPod
2015-09-10 09:08 - 2015-09-10 09:08 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-10 09:04 - 2015-09-10 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-09-10 08:59 - 2015-09-10 08:59 - 00000687 _____ C:\awh1582.tmp
2015-09-10 08:58 - 2015-09-10 09:00 - 44435904 _____ C:\Users\morton\Desktop\Pangu8_v1.2.1.exe
2015-09-09 21:23 - 2015-09-09 21:23 - 00000687 _____ C:\awh448E.tmp
2015-09-09 03:34 - 2015-09-09 03:34 - 00000687 _____ C:\awh2CF8.tmp
2015-09-08 23:53 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 23:53 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-08 23:53 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 23:53 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 23:53 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-08 23:53 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 23:53 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-08 23:53 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 23:53 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 23:53 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 23:53 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-08 23:53 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 23:53 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 23:53 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-08 23:53 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 23:53 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 23:53 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-08 23:53 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 23:53 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-08 23:53 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 23:53 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-08 23:53 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-08 23:53 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 23:53 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 23:53 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 23:53 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 23:53 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-08 23:53 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-08 23:53 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-08 23:53 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 23:53 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-08 23:53 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-08 23:53 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-08 23:53 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-08 23:53 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-08 23:53 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-08 23:53 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-08 23:53 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-08 23:53 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-08 23:53 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 23:53 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 23:53 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 23:53 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-08 23:53 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-08 23:53 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 23:53 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-08 23:53 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-08 23:53 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-08 23:53 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-08 23:53 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-08 23:53 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 23:53 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-08 23:53 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-08 23:53 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-08 23:53 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-08 23:53 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 23:53 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-08 23:53 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 23:53 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-08 23:53 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-08 23:52 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 23:52 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 23:52 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 23:52 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 23:52 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-08 23:52 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-08 23:52 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-08 23:52 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-08 23:52 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-08 23:52 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-08 23:51 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 23:51 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 23:51 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 23:51 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 23:51 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 23:51 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 23:51 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-08 23:51 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-08 23:51 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-08 23:51 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-08 23:51 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 23:51 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 23:51 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 23:51 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 23:51 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 23:51 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-08 23:51 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 23:51 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-08 23:51 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-08 23:51 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-08 23:51 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-08 23:51 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-09-08 23:51 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-09-08 23:51 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-09-08 23:51 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-08 23:51 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-08 23:51 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-08 23:51 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-09-08 23:51 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-09-08 23:51 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-08 23:51 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-08 23:51 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-08 23:51 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-08 23:51 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-08 23:51 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-08 23:51 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-08 23:51 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-08 23:51 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-08 23:51 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-08 23:51 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-08 23:51 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-08 23:51 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-08 23:51 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-08 23:51 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-08 23:51 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-08 23:51 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 23:51 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-08 23:51 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-08 23:51 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-08 23:51 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-08 23:51 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-08 23:51 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-08 23:51 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-08 23:51 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-08 23:51 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 23:51 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-08 23:51 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 23:50 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 23:50 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 23:50 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 23:50 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 23:50 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-08 23:50 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 23:50 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-08 23:50 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-08 23:50 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 23:50 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 23:50 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 23:50 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 23:50 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 23:50 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 23:50 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 23:50 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 23:50 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 23:50 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 23:50 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 23:50 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 23:50 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 23:50 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 23:50 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 23:50 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 23:50 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 23:50 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-08 23:50 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-07 22:15 - 2015-09-07 22:15 - 00000687 _____ C:\awhD571.tmp
2015-09-05 22:15 - 2015-09-05 22:15 - 00000687 _____ C:\awhCD25.tmp
2015-09-05 15:20 - 2015-09-05 15:20 - 00000000 __SHD C:\found.000
2015-09-03 20:32 - 2015-09-03 20:32 - 00280260 ____N C:\Windows\Minidump\090315-30638-01.dmp
2015-09-01 17:21 - 2015-09-01 17:21 - 05298688 _____ C:\Users\morton\Downloads\Ch_5-4_nucleicacids2008_KF.ppt
2015-09-01 17:21 - 2015-09-01 17:21 - 05253120 _____ C:\Users\morton\Downloads\31Ch08enzymes2008.ppt
2015-09-01 17:21 - 2015-09-01 17:21 - 03926016 _____ C:\Users\morton\Downloads\Ch_5-3_proteins2008_KF.ppt
2015-09-01 17:21 - 2015-09-01 17:21 - 03621376 _____ C:\Users\morton\Downloads\Ch_5-2_lipids2008_KF.ppt
2015-09-01 17:20 - 2015-09-01 17:21 - 03544576 _____ C:\Users\morton\Downloads\Ch_4_Carbon_chemistry_2008_KF.ppt
2015-09-01 17:20 - 2015-09-01 17:20 - 07387136 _____ C:\Users\morton\Downloads\Ch_2-3_chemistry_water_KF.ppt
2015-09-01 17:20 - 2015-09-01 17:20 - 06179328 _____ C:\Users\morton\Downloads\Ch_5-1_carbs2008_KF.ppt
2015-08-29 14:31 - 2015-09-26 17:22 - 00000368 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-08-29 14:31 - 2015-08-29 14:31 - 00003410 _____ C:\Windows\System32\Tasks\AmiUpdXp
2015-08-29 14:31 - 2015-08-29 14:31 - 00000000 ____D C:\Users\morton\AppData\Local\8750
2015-08-29 14:16 - 2015-09-13 20:05 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2015-08-29 14:16 - 2015-09-13 20:03 - 00000000 ____D C:\Users\morton\AppData\Roaming\iFunbox_UserCache
2015-08-29 14:15 - 2015-08-29 14:15 - 22748388 _____ (iFunbox DevTeam ) C:\Users\morton\Downloads\ifunbox_setup.exe
2015-08-29 14:09 - 2015-08-29 14:09 - 00689581 _____ C:\Users\morton\Downloads\Easy Uninstaller__12351_il200.exe.rar
2015-08-29 14:07 - 2015-08-29 14:09 - 00796459 _____ C:\Users\morton\Downloads\iExplorer3740.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-26 17:31 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-26 17:31 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-26 17:26 - 2012-07-03 03:50 - 01265130 _____ C:\Windows\WindowsUpdate.log
2015-09-26 17:26 - 2009-07-14 00:13 - 00799374 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-26 17:22 - 2012-07-09 21:03 - 00000000 ____D C:\Users\morton\AppData\Local\Deployment
2015-09-26 17:21 - 2010-11-20 22:47 - 00464070 _____ C:\Windows\PFRO.log
2015-09-26 17:21 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-26 17:21 - 2009-07-13 23:51 - 00085824 _____ C:\Windows\setupact.log
2015-09-26 16:12 - 2014-01-14 19:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-26 16:08 - 2012-07-09 21:03 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001UA.job
2015-09-26 15:11 - 2015-06-22 10:53 - 00003504 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-09-26 13:24 - 2012-09-11 21:08 - 00000000 ____D C:\Users\morton\Documents\Outlook Files
2015-09-26 00:08 - 2012-07-09 21:03 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001Core.job
2015-09-25 16:10 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-21 16:12 - 2014-01-14 19:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 16:12 - 2012-07-03 01:56 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 16:12 - 2012-07-03 01:56 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-17 19:57 - 2013-04-13 16:21 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-09-17 00:03 - 2012-07-09 21:03 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001UA
2015-09-17 00:03 - 2012-07-09 21:03 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001Core
2015-09-13 20:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-11 15:35 - 2012-07-09 21:03 - 00000000 ____D C:\Users\morton\AppData\Local\Google
2015-09-11 10:08 - 2013-02-17 12:45 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-10 09:08 - 2015-03-31 21:09 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-09-09 03:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-09-09 03:28 - 2009-07-13 23:45 - 00421584 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 03:26 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 03:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-09 03:11 - 2012-07-14 16:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 03:10 - 2013-08-14 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-09-03 20:34 - 2013-06-25 21:32 - 00000000 ____D C:\Windows\Minidump
 
==================== Files in the root of some directories =======
 
2012-11-21 11:31 - 2012-11-21 11:31 - 0525312 _____ (BrowserSetter) C:\Users\morton\AppData\Roaming\bsetter-own.exe
2012-11-21 11:31 - 2012-11-21 11:31 - 0457789 _____ (Freedom Download Manager                                    ) C:\Users\morton\AppData\Roaming\fdm-setup.exe
2012-11-21 11:31 - 2012-11-21 11:31 - 0442560 _____ (Shlemoon Media Inc) C:\Users\morton\AppData\Roaming\fdmer.exe
2015-09-13 20:05 - 2015-09-13 20:18 - 0007598 _____ () C:\Users\morton\AppData\Local\Resmon.ResmonCfg
2013-02-27 10:44 - 2015-03-29 19:11 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\morton\AppData\Local\Temp\bitool.dll
C:\Users\morton\AppData\Local\Temp\CoHMultiPatch.exe
C:\Users\morton\AppData\Local\Temp\contentDATs.exe
C:\Users\morton\AppData\Local\Temp\drm_dyndata_7290008.dll
C:\Users\morton\AppData\Local\Temp\htmlayout.dll
C:\Users\morton\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\morton\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\morton\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\morton\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\morton\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\morton\AppData\Local\Temp\MSETUP4.EXE
C:\Users\morton\AppData\Local\Temp\mssinstaller.exe
C:\Users\morton\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\morton\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\morton\AppData\Local\Temp\nvStInst.exe
C:\Users\morton\AppData\Local\Temp\ose00000.exe
C:\Users\morton\AppData\Local\Temp\restorer1.0.0.1.exe
C:\Users\morton\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\morton\AppData\Local\Temp\SendoriSetupx11202.exe
C:\Users\morton\AppData\Local\Temp\SHSetup.exe
C:\Users\morton\AppData\Local\Temp\SpOrder.dll
C:\Users\morton\AppData\Local\Temp\toolbar4187238.exe
C:\Users\morton\AppData\Local\Temp\uninst1.exe
C:\Users\morton\AppData\Local\Temp\uninstall4790073.exe
C:\Users\morton\AppData\Local\Temp\uninstall4791087.exe
C:\Users\morton\AppData\Local\Temp\zxupd19500.exe
C:\Users\morton\AppData\Local\Temp\zxupd61170.exe
C:\Users\morton\AppData\Local\Temp\zxupd81365.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-21 00:55
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by morton (2015-09-26 17:37:21)
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-09 22:39:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1531413298-3241576193-1501229024-500 - Administrator - Disabled)
Guest (S-1-5-21-1531413298-3241576193-1501229024-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1531413298-3241576193-1501229024-1003 - Limited - Enabled)
morton (S-1-5-21-1531413298-3241576193-1501229024-1001 - Administrator - Enabled) => C:\Users\morton
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Alienware Command Center (HKLM-x32\...\InstallShield_{6A7D1CAC-6267-4C71-A759-CB5D9E9FAFAA}) (Version: 2.7.25.0 - Alienware Corp.)
Alienware Command Center (Version: 2.7.25.0 - Alienware Corp.) Hidden
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MP810 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP810) (Version:  - )
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version:  - )
Canon MX890 series User Registration (HKLM-x32\...\Canon MX890 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12284.0 - Cisco Consumer Products LLC)
Command & Conquer 3 (HKLM-x32\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Electronic Arts Inc.)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Company of Heroes (HKLM-x32\...\{BA801B94-C28D-46EE-B806-E1E021A3D519}) (Version: 1.0.0.78 - THQ Inc.)
Curse Client (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version:  - GameTuts)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.)
MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Notificatoin (HKLM-x32\...\{A88DE8D3-9C38-4F0D-8981-A4C17F7677A1}) (Version: 1.0.0 - Notificatoin)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
OffersWizard Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
QualxServ Service Agreement (HKLM-x32\...\{18401E1E-1E44-461A-A4B2-E48B1A727818}) (Version: 2.0.0 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.)
ScorpionSaver (HKLM-x32\...\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
ScorpionSaver Services (HKLM\...\{6E810AB6-F34E-49A3-A93F-9E503660F718}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Screencast-O-Matic (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version:  - ) <==== ATTENTION
SpyHunter (HKLM-x32\...\{DB847E94-446B-49E0-AC5D-C5627EC8B0C0}) (Version: 4.15.1.4270 - Enigma Software Group USA, LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VueScan (HKLM\...\VueScan) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
16-09-2015 17:07:34 Windows Update
20-09-2015 02:10:53 Windows Update
23-09-2015 17:05:56 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15171C32-35A8-4172-AFFE-00BC0E261180} - System32\Tasks\{CE413D55-F554-406C-ACFE-CD626CB04D0F} => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
Task: {1F9E8B41-2D0F-4401-ADD7-E668B463D946} - System32\Tasks\{130BAAD9-57E2-4A19-ABA1-F6EC69E40DDB} => C:\Users\morton\Desktop\AERY\AERY.EXE
Task: {26DF69DE-E5D5-4207-B84D-0158F641D42B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {317B5C2E-C872-49BC-8F1E-195826B41EDB} - System32\Tasks\AmiUpdXp => C:\Users\morton\AppData\Local\8750\Updater.exe [2015-08-29] () <==== ATTENTION
Task: {39B48A7B-8452-4046-ADE0-D01CE2A93FC6} - System32\Tasks\{BC6C6C54-1D7B-4D40-B6DE-3E84BE46DBAE} => pcalua.exe -a E:\Installer.exe -d E:\
Task: {46B4FBAE-D68F-4E79-B39F-D995AE1CD549} - System32\Tasks\{C5BC456D-7B4A-40BC-8A9F-DD9E9A6B83AD} => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
Task: {67FCBCBD-51ED-408A-B2CF-623A94F571DA} - System32\Tasks\{32216185-EDC1-4DAE-8FB4-B25513B269FA} => pcalua.exe -a C:\Users\morton\Downloads\setup.exe -d C:\Users\morton\Downloads
Task: {6C59BC3F-7742-47A6-B4F3-F11F80FF815F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7AC1A3EF-E6A2-4287-A2B6-17D6E55F01FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001Core => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {81E926C3-668F-4BF3-9161-31FBBCA123E1} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {87EA03EB-4019-4134-A47F-25E2FE67B355} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2013-09-01] (Enigma Software Group USA, LLC.)
Task: {940DA84B-CF32-4785-871F-E774D8EBC155} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {A01749AF-052D-45BC-9AB7-275E9600280C} - System32\Tasks\{5B584518-A9AF-4136-8343-625EF92262E6} => C:\Users\morton\Desktop\AERY\AERY.EXE
Task: {A1A65CC2-7910-4332-B499-A8142A5D7A07} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {BA6E95E8-5E03-47A3-850D-D2A1C250B823} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {BD5D1CEB-AC95-4DA4-9FF7-F5D67803A972} - System32\Tasks\{50F712B6-055D-4446-8CCF-0C7EEAAAFE21} => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
Task: {C946E758-7D17-4C11-B7FA-F373D7C9329E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {CEBD6274-26F6-4372-A272-033FCAAD1462} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {E3D67F13-3EC9-4B5A-8088-9A5839E7175E} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {E73D5ED9-6F63-480A-A347-BC16BE0F8FBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001UA => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F2E2194B-D422-4379-88DA-7760A37E9387} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {FD1062C2-BD69-473F-9E52-A88B38B39534} - \RunAsStdUser Task -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\morton\AppData\Local\8750\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001Core.job => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001UA.job => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-13 16:38 - 2011-09-06 06:32 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-07-03 03:34 - 2012-03-19 18:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-05 16:55 - 2013-04-05 16:55 - 00397632 _____ () C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2012-07-03 02:07 - 2012-03-06 14:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-09-25 20:09 - 2015-09-23 21:34 - 01501512 _____ () C:\Users\morton\AppData\Local\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-25 20:09 - 2015-09-23 21:34 - 00081224 _____ () C:\Users\morton\AppData\Local\Google\Chrome\Application\45.0.2454.101\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\morton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{04D51916-0AB1-45E6-B716-74FCAC548CCE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{54342954-F3E0-4707-8400-F9693B9C9A3D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B2323E64-10CD-4D3E-9E41-9CD4C708AD4E}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{E71FD28C-B250-474F-BE5C-89757110969F}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{31576074-9A4A-4F7E-9541-6B069817AD58}] => (Allow) C:\Users\Public\Games\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
FirewallRules: [{FA51B6B6-99E7-47BC-AFB7-0E3D2535F25C}] => (Allow) C:\Users\Public\Games\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe
FirewallRules: [{45378277-D9DA-44B9-B404-DDB267B059A7}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [{B3030B5C-A708-4CDC-A466-990899D8BCD8}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [TCP Query User{40034D4A-4B27-46EF-8DE1-5C908B158C3C}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [UDP Query User{BD540AFA-E670-4EFB-947E-D5784574D990}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe
FirewallRules: [TCP Query User{F2172910-4C65-4B69-B25D-476BA91CAFDD}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{E7802938-2220-4667-A2C8-10D989F1B2FC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{7FC50C99-E576-4A95-8B3D-D18DE5243D60}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => (Allow) C:\users\public\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{6A87D707-299D-4ED9-B99C-2039533566EE}C:\users\public\games\world of warcraft\backgrounddownloader.exe] => (Allow) C:\users\public\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [TCP Query User{B65D7D14-1F0D-49CE-8414-4D9A92F09744}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe
FirewallRules: [UDP Query User{4F961597-9B9D-48A0-8549-184A98FB9B90}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe
FirewallRules: [TCP Query User{A88CA19C-8863-4C36-850A-EE395C51A516}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe
FirewallRules: [UDP Query User{0343D5F6-F87B-4B16-B7CB-DF0B86C07FDE}C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe] => (Allow) C:\users\public\games\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe
FirewallRules: [{42304BED-B3DE-4559-BC9B-A477467D8FFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{D531BC03-A825-4F15-A988-9C0D46F2B8BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{68BECB97-2935-43E3-89DD-9F20CB143F78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{9810B2FC-98A7-498D-B88D-FF1E794410EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
FirewallRules: [{39F89DB9-EF8A-4DFC-A6B1-8092F9C01FB9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FB3603E5-628C-4476-8D61-3365E19B6ACF}] => (Allow) LPort=2869
FirewallRules: [{C1D08F55-8EF7-47F1-AE2A-FA3629D36F78}] => (Allow) LPort=1900
FirewallRules: [{5BF58924-E3C0-4236-B357-0D5EE581072E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{62EBD8BB-FE88-4AA7-B381-7A102B35A95C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{B2A78B76-05E2-4FC4-8C16-BB21251E0F8F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{56843AB6-7078-45CA-ABD8-08AF9FE0CB5F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{331EB80F-43CA-42B6-8A37-1D5D5A50AF43}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{75DEE999-7951-4427-A76D-3A9FF118E8E5}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{B67D4724-B3EB-4DE2-B9E3-0CF79E419401}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{E7D3FB54-86FA-4703-8983-120DE12C0354}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{374B6C38-A5CC-421A-B32C-24657D0CFCA7}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{9B959E10-7D4F-408A-87EB-0484C6B28524}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{A50BE962-5FEE-4EEA-83C7-F8B3C0345B5F}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{3D0A6363-183A-4623-A132-5D26F8190D6D}] => (Allow) C:\Windows\System32\ARFC\wrtc.exe
FirewallRules: [{2B98775C-84AA-4419-B4D4-7B4F8571B890}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{554C5B15-C2A8-40DE-9AB2-575A850B3265}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{199FC888-8893-4869-AA1F-6780BD3126F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{051E4A74-F032-4F79-9EF6-3310105D603E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4348F5B7-CC40-4F1F-AB48-103AE0BD8079}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{52C24E45-3567-4373-BDD0-F14766810727}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{89C708E1-11F7-4B9E-9901-183CD0F41A8A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{29481CA3-A0BA-4C3E-BE8E-941BD958C2CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{22500EEC-6664-4F6F-999B-07CF31C641A7}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{A5668E7A-DCFA-4D41-B241-9BA4ED398DFE}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{90A34468-B4C3-4E55-92A7-D86C3FCB04F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{4A84DAF7-E6C0-46E4-AA39-459AE82AB4B4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{AAA7F097-3969-4906-893A-2669761D97D3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{ED61615C-257B-46CC-8CE3-AC013C9FBBFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{DAAC6122-1867-4AFF-84C1-D52F0A0BF743}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{BF3E07DA-248A-4D27-AD4E-B8BD7243F1E8}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{808495B7-C6D5-4222-A536-D19C072847E9}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{5F71C3B2-866A-45CF-8906-A122E0021E31}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{C9297D3A-D106-45F5-9279-F73FD49D92AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{AAF2AB14-DFEA-4281-9604-C03A3F3C3365}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{72648405-E3FB-4CCA-8A99-69DF9C621398}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1119594C-BBD2-4D56-87DE-EF008F4450CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{E1273295-F977-4605-A562-C4992C77AE6D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{595461B9-7693-4FC3-8CB8-7A40D9EA83B5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{74F74DDE-1B5E-4645-84A5-3564AD49E8CD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AE005D65-3DE8-45C1-B2F6-E0C142060A98}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{0D675DC4-38BA-4B77-9DF4-458031437F47}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [TCP Query User{86480910-C838-4E01-8A62-33456B5F9E4A}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [UDP Query User{92E11D0E-AAD8-49A5-8B4A-BE17CCCEC811}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [{E0976F77-A8BA-4E08-829B-ED9906A61DFE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{1A4A2C6C-FABD-4122-B3D4-6267CACAAEDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{A4EBE07B-A788-47A8-B43B-166F48E269BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{4F8C932C-E87D-4DE4-8AE9-63FA710AD40B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{73B7B977-77DD-431D-8D91-14C9CD2D3A42}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C87427AD-C7EE-4F02-AF25-6D9EA73AC180}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C011701B-46B0-45AA-BA76-5E25E04CD8A9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{F737E58B-8D81-4AA7-A40C-2777DD2C2ACD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BCC65332-2915-4194-B117-FF843984D5C1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CA4A32B9-C4E6-4E01-B1C5-8C90EEF39290}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9B6205B4-6CEB-48C1-A929-5F73275EEE24}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A49D0AD0-0BC8-48D9-8A69-D674C89AA98A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{726109B8-C021-43AD-9793-6D8AD85969CF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/26/2015 05:22:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/26/2015 04:39:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/25/2015 04:13:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spyhunter4.exe version 4.15.1.4270 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 5c4
 
Start Time: 01d0f7d6a791a6f6
 
Termination Time: 1
 
Application Path: C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
 
Report Id: 2709ec97-63ca-11e5-a247-f04da2de4bb7
 
Error: (09/25/2015 04:11:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/16/2015 04:56:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/15/2015 07:45:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2015 08:29:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/13/2015 08:09:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2015 08:15:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (09/10/2015 08:15:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
 
System errors:
=============
Error: (09/26/2015 05:32:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (09/26/2015 05:32:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (09/26/2015 05:27:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Network Support Service Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/26/2015 05:27:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Network HTTP Support Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/26/2015 04:20:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (09/26/2015 04:20:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (09/25/2015 04:20:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (09/25/2015 04:20:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (09/16/2015 05:05:26 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (09/16/2015 05:05:24 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 18%
Total physical RAM: 16282.38 MB
Available physical RAM: 13210.27 MB
Total Virtual: 32562.95 MB
Available Virtual: 29385.26 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:922.32 GB) (Free:666.68 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:8.73 GB) (Free:8.49 GB) NTFS
Drive f: () (Removable) (Total:14.9 GB) (Free:9.47 GB) FAT32
Drive g: (MUSIC-MOVIE) (Fixed) (Total:931.28 GB) (Free:652.9 GB) FAT32
Drive h: () (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 31EC1379)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
 
========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 120BC43A)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 
 
 
 


#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 26 September 2015 - 09:09 PM

Nice work.  :thumbup2:
 
Your computer is a mess.  Nothing ominous though so far.  Just annoying.  We will get it cleaned but it might take awhile.

 

Let start the clean up.

Please run RKill from the USB on the sick computer again then do this...

Don't reboot between uninstalls.

We need to remove programs using "Programs and Features"

Click the Start orb on the taskbar, and then click Control Panel.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries (one at a time) by selecting "Remove":

  1. Amazon MP3 Downloader
  2. OffersWizard Network System Driver
  3. ScorpionSaver
  4. ScorpionSaver Services
  5. Software Version Updater
  6. SpyHunter

Additional instructions can be found here if needed.

 

Reboot!

<<<<<<<<<<

 

Run RKill on the sick computer from the USB again!!

 

Then do this...

FRST fix:

  • From your clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the entire script below from start to end in the notepad document:
start
CloseProcesses:
() C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
CHR Plugin: (Shockwave Flash) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll => No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll => No File
CHR Plugin: (Perion plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll => No File
CHR Plugin: (Perion plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll => No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll => No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/np-cwmp.dll => No File
CHR Extension: (No Name) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg [2013-04-09]
CHR Extension: (Notificatoin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2013-11-23]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-11-21]
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx [2012-11-21]
S2 NetHttpService; C:\Windows\SysWOW64\nethtsrv.exe [350208 2015-08-01] () [File not signed]
S2 ServiceUpdater; C:\Windows\SysWOW64\netupdsrv.exe [190976 2015-08-01] () [File not signed]
R1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [46160 2015-08-01] (nethfdrv)
2015-09-26 17:26 - 2015-09-26 17:26 - 00000687 _____ C:\awh472.tmp
2015-09-25 16:15 - 2015-09-25 16:15 - 00000687 _____ C:\awh2D27.tmp
2015-09-24 16:15 - 2015-09-24 16:15 - 00000687 _____ C:\awh9037.tmp
2015-09-13 11:19 - 2015-09-13 11:19 - 00000687 _____ C:\awh522C.tmp
2015-09-11 10:05 - 2015-09-11 10:05 - 52266712 _____ (悠然天地科技有限公司) C:\Users\morton\Downloads\iTunesDriver64_0205.exe
2015-09-11 10:02 - 2015-07-15 02:54 - 72369664 _____ (taig tools) C:\Users\morton\Desktop\TaiGJBreak_EN_2430.exe
2015-09-11 10:00 - 2015-09-11 10:01 - 70697202 _____ C:\Users\morton\Downloads\TaiGJBreak_EN_2430.zip
2015-09-10 09:16 - 2015-09-10 09:16 - 00000687 _____ C:\awh619F.tmp
2015-09-10 08:58 - 2015-09-10 09:00 - 44435904 _____ C:\Users\morton\Desktop\Pangu8_v1.2.1.exe
2015-09-09 21:23 - 2015-09-09 21:23 - 00000687 _____ C:\awh448E.tmp
2015-09-09 03:34 - 2015-09-09 03:34 - 00000687 _____ C:\awh2CF8.tmp
2015-09-07 22:15 - 2015-09-07 22:15 - 00000687 _____ C:\awhD571.tmp
2015-09-05 22:15 - 2015-09-05 22:15 - 00000687 _____ C:\awhCD25.tmp
2015-08-29 14:16 - 2015-09-13 20:05 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2015-08-29 14:16 - 2015-09-13 20:03 - 00000000 ____D C:\Users\morton\AppData\Roaming\iFunbox_UserCache
2015-08-29 14:15 - 2015-08-29 14:15 - 22748388 _____ (iFunbox DevTeam ) C:\Users\morton\Downloads\ifunbox_setup.exe
2015-08-29 14:09 - 2015-08-29 14:09 - 00689581 _____ C:\Users\morton\Downloads\Easy Uninstaller__12351_il200.exe.rar
2015-08-29 14:07 - 2015-08-29 14:09 - 00796459 _____ C:\Users\morton\Downloads\iExplorer3740.rar
2012-11-21 11:31 - 2012-11-21 11:31 - 0525312 _____ (BrowserSetter) C:\Users\morton\AppData\Roaming\bsetter-own.exe
2012-11-21 11:31 - 2012-11-21 11:31 - 0457789 _____ (Freedom Download Manager                                    ) C:\Users\morton\AppData\Roaming\fdm-setup.exe
2012-11-21 11:31 - 2012-11-21 11:31 - 0442560 _____ (Shlemoon Media Inc) C:\Users\morton\AppData\Roaming\fdmer.exe
2015-09-13 20:05 - 2015-09-13 20:18 - 0007598 _____ () C:\Users\morton\AppData\Local\Resmon.ResmonCfg
2013-02-27 10:44 - 2015-03-29 19:11 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Task: {FD1062C2-BD69-473F-9E52-A88B38B39534} - \RunAsStdUser Task -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\morton\AppData\Local\8750\Updater.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
FirewallRules: [{331EB80F-43CA-42B6-8A37-1D5D5A50AF43}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{75DEE999-7951-4427-A76D-3A9FF118E8E5}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{B67D4724-B3EB-4DE2-B9E3-0CF79E419401}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{E7D3FB54-86FA-4703-8983-120DE12C0354}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
C:\Windows\SysWOW64\nethtsrv.exe
C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\system32\drivers\nethfdrv.sys
C:\Users\morton\AppData\Local\8750\Updater.exe
EmptyTemp:
end
  • Save the file to your USB and name it as fixlist.txt

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Insert your USB into your sick computer and Run FRST.exe/FRST64.exe then press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) on your USB.

Please copy and paste the log in your next reply.

 

<<<<<<<<<<

Please update me about what problems persist. Are you still having random audio, pop ups and browser redirection? Which browsers? Chrome? FF? Both?


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 betc

betc
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 27 September 2015 - 02:39 PM

Update on last set of instructions:

 

I was not able to remove the 

  1. ScorpionSaver
  2. ScorpionSaver Service

Error message images attached

Rkill files attached

Below the scan from fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by morton (2015-09-27 14:30:34) Run:2
Running from H:\
Loaded Profiles: morton (Available Profiles: morton)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
() C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
CHR Plugin: (Shockwave Flash) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll => No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll => No File
CHR Plugin: (Perion plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll => No File
CHR Plugin: (Perion plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll => No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll => No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/np-cwmp.dll => No File
CHR Extension: (No Name) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg [2013-04-09]
CHR Extension: (Notificatoin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2013-11-23]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-11-21]
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx [2012-11-21]
S2 NetHttpService; C:\Windows\SysWOW64\nethtsrv.exe [350208 2015-08-01] () [File not signed]
S2 ServiceUpdater; C:\Windows\SysWOW64\netupdsrv.exe [190976 2015-08-01] () [File not signed]
R1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [46160 2015-08-01] (nethfdrv)
2015-09-26 17:26 - 2015-09-26 17:26 - 00000687 _____ C:\awh472.tmp
2015-09-25 16:15 - 2015-09-25 16:15 - 00000687 _____ C:\awh2D27.tmp
2015-09-24 16:15 - 2015-09-24 16:15 - 00000687 _____ C:\awh9037.tmp
2015-09-13 11:19 - 2015-09-13 11:19 - 00000687 _____ C:\awh522C.tmp
2015-09-11 10:05 - 2015-09-11 10:05 - 52266712 _____ (悠然天地科技有限公司) C:\Users\morton\Downloads\iTunesDriver64_0205.exe
2015-09-11 10:02 - 2015-07-15 02:54 - 72369664 _____ (taig tools) C:\Users\morton\Desktop\TaiGJBreak_EN_2430.exe
2015-09-11 10:00 - 2015-09-11 10:01 - 70697202 _____ C:\Users\morton\Downloads\TaiGJBreak_EN_2430.zip
2015-09-10 09:16 - 2015-09-10 09:16 - 00000687 _____ C:\awh619F.tmp
2015-09-10 08:58 - 2015-09-10 09:00 - 44435904 _____ C:\Users\morton\Desktop\Pangu8_v1.2.1.exe
2015-09-09 21:23 - 2015-09-09 21:23 - 00000687 _____ C:\awh448E.tmp
2015-09-09 03:34 - 2015-09-09 03:34 - 00000687 _____ C:\awh2CF8.tmp
2015-09-07 22:15 - 2015-09-07 22:15 - 00000687 _____ C:\awhD571.tmp
2015-09-05 22:15 - 2015-09-05 22:15 - 00000687 _____ C:\awhCD25.tmp
2015-08-29 14:16 - 2015-09-13 20:05 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2015-08-29 14:16 - 2015-09-13 20:03 - 00000000 ____D C:\Users\morton\AppData\Roaming\iFunbox_UserCache
2015-08-29 14:15 - 2015-08-29 14:15 - 22748388 _____ (iFunbox DevTeam ) C:\Users\morton\Downloads\ifunbox_setup.exe
2015-08-29 14:09 - 2015-08-29 14:09 - 00689581 _____ C:\Users\morton\Downloads\Easy Uninstaller__12351_il200.exe.rar
2015-08-29 14:07 - 2015-08-29 14:09 - 00796459 _____ C:\Users\morton\Downloads\iExplorer3740.rar
2012-11-21 11:31 - 2012-11-21 11:31 - 0525312 _____ (BrowserSetter) C:\Users\morton\AppData\Roaming\bsetter-own.exe
2012-11-21 11:31 - 2012-11-21 11:31 - 0457789 _____ (Freedom Download Manager                                    ) C:\Users\morton\AppData\Roaming\fdm-setup.exe
2012-11-21 11:31 - 2012-11-21 11:31 - 0442560 _____ (Shlemoon Media Inc) C:\Users\morton\AppData\Roaming\fdmer.exe
2015-09-13 20:05 - 2015-09-13 20:18 - 0007598 _____ () C:\Users\morton\AppData\Local\Resmon.ResmonCfg
2013-02-27 10:44 - 2015-03-29 19:11 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Task: {FD1062C2-BD69-473F-9E52-A88B38B39534} - \RunAsStdUser Task -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\morton\AppData\Local\8750\Updater.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
FirewallRules: [{331EB80F-43CA-42B6-8A37-1D5D5A50AF43}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{75DEE999-7951-4427-A76D-3A9FF118E8E5}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{B67D4724-B3EB-4DE2-B9E3-0CF79E419401}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{E7D3FB54-86FA-4703-8983-120DE12C0354}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
C:\Windows\SysWOW64\nethtsrv.exe
C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\system32\drivers\nethfdrv.sys
C:\Users\morton\AppData\Local\8750\Updater.exe
EmptyTemp:
end
*****************
 
Processes closed successfully.
C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe => No running process found
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AmazonMP3DownloaderHelper => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => value not found.
HKCR\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value not found.
HKCR\Wow6432Node\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => value not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/np-cwmp.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg => not found
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => key not found. 
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\SOFTWARE\Google\Chrome\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm => key not found. 
"C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm => key not found. 
"C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg => key not found. 
"C:\Program Files (x86)\Perion\NewTab\newTab.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca => key not found. 
"C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx" => not found.
NetHttpService => service not found.
ServiceUpdater => service not found.
nethfdrv => service not found.
"C:\awh472.tmp" => File/Folder not found.
"C:\awh2D27.tmp" => File/Folder not found.
"C:\awh9037.tmp" => File/Folder not found.
"C:\awh522C.tmp" => File/Folder not found.
"C:\Users\morton\Downloads\iTunesDriver64_0205.exe" => File/Folder not found.
"C:\Users\morton\Desktop\TaiGJBreak_EN_2430.exe" => File/Folder not found.
"C:\Users\morton\Downloads\TaiGJBreak_EN_2430.zip" => File/Folder not found.
"C:\awh619F.tmp" => File/Folder not found.
"C:\Users\morton\Desktop\Pangu8_v1.2.1.exe" => File/Folder not found.
"C:\awh448E.tmp" => File/Folder not found.
"C:\awh2CF8.tmp" => File/Folder not found.
"C:\awhD571.tmp" => File/Folder not found.
"C:\awhCD25.tmp" => File/Folder not found.
"C:\Program Files (x86)\i-Funbox DevTeam" => File/Folder not found.
"C:\Users\morton\AppData\Roaming\iFunbox_UserCache" => File/Folder not found.
"C:\Users\morton\Downloads\ifunbox_setup.exe" => File/Folder not found.
"C:\Users\morton\Downloads\Easy Uninstaller__12351_il200.exe.rar" => File/Folder not found.
"C:\Users\morton\Downloads\iExplorer3740.rar" => File/Folder not found.
"C:\Users\morton\AppData\Roaming\bsetter-own.exe" => File/Folder not found.
"C:\Users\morton\AppData\Roaming\fdm-setup.exe" => File/Folder not found.
"C:\Users\morton\AppData\Roaming\fdmer.exe" => File/Folder not found.
"C:\Users\morton\AppData\Local\Resmon.ResmonCfg" => File/Folder not found.
"C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD1062C2-BD69-473F-9E52-A88B38B39534} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => key not found. 
C:\Windows\Tasks\AmiUpdXp.job => not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{331EB80F-43CA-42B6-8A37-1D5D5A50AF43} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75DEE999-7951-4427-A76D-3A9FF118E8E5} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B67D4724-B3EB-4DE2-B9E3-0CF79E419401} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7D3FB54-86FA-4703-8983-120DE12C0354} => value not found.
"C:\Windows\SysWOW64\nethtsrv.exe" => File/Folder not found.
"C:\Windows\SysWOW64\netupdsrv.exe" => File/Folder not found.
"C:\Windows\system32\drivers\nethfdrv.sys" => File/Folder not found.
"C:\Users\morton\AppData\Local\8750\Updater.exe" => File/Folder not found.
EmptyTemp: => 1.5 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 14:31:32 ====

 

 

Attached Files



#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 27 September 2015 - 03:50 PM

Hello again,
 

I was not able to remove the

  • ScorpionSaver
  • ScorpionSaver Service
That is okay. Will get it soon.

<<<<<<<<<<

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by morton (2015-09-27 14:30:34) Run:2
Running from H:\
Loaded Profiles: morton (Available Profiles: morton)
Boot Mode: Normal



Did you run into troubles when you ran it the first time? Please be real careful and only run these scripts once. If you encounter troubles or have questions just ask. :)

<<<<<<<<<<

This next please...

Run RKill on the sick computer from the USB again!!

Then do this...

FRST fix:
  • From your clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the entire script below from start to end in the notepad document:
start
CMD: type C:\FRST\Logs\fixlog_*.txt
end
  • Save the file to your USB and name it as fixlist.txt
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Insert your USB into your sick computer and Run FRST.exe/FRST64.exe then press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) on your USB.
Please copy and paste the log in your next reply.

<<<<<<<<<<

Next...
 
Re-run RKill on the sick computer if you had to reboot

Please download AdwCleaner to your USB.
  • Plug it into the sick computer
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Press Options & check all the boxes
  • Click Scan
  • Once the scan has completed you will see Pending
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically.
  • A text file will open after the restart. 
  • Don't close it before saving it to your USB
Copy and paste the contents in your reply

<<<<<<<<<<
 
Then...
 
Re-run RKill again on the sick computer if you had to reboot


Next please download Junkware Removal Tool and save it to your USB.
  • Plug the USB into the sick computer
  • Disable your AntiVirus and AntiSpyware applications on the sick computer, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator from the USB
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Don't close it before saving it to your USB
Copy and paste the contents in your reply
 
<<<<<<<<<<
 
Re-run RKill then FRST from the USB, check the Addition.txt box, press SCAN and copy/paste the 2 logs in your next reply.
 
<<<<<<<<<<

Important
 

Please update me about what problems persist. Are you still having random audio, pop ups and browser redirection? Which browsers? Chrome? FF? Both? Any other concerning computer behavior?


<<<<<<<<<<

With your next post please provide:
  • Fixlog
  • ADW log
  • JRT log
  • New FRST & Addition.txt logs
  • An update about the problems that persist
Thanks
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 betc

betc
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 27 September 2015 - 05:11 PM

Farbar Recovery Scan Too

I ran it 2x because it stopped responding the first time

 

Issue: running AdwCleaner -

I clicked on the scan - then it stopped asking for me to:

...waiting for action. Please uncheck elements you want to keep..

Not sure what to do...

 

 



#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 27 September 2015 - 05:15 PM

Press cleaning and continue with the steps from there please


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 betc

betc
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 27 September 2015 - 06:27 PM

  • Fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by morton (2015-09-27 17:00:01) Run:3
Running from H:\
Loaded Profiles: morton (Available Profiles: morton)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CMD: type C:\FRST\Logs\fixlog_*.txt
end
*****************
 
 
=========  type C:\FRST\Logs\fixlog_*.txt =========
 
 
C:\FRST\Logs\Fixlog_27-09-2015_14-32-29.txt
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by morton (2015-09-27 14:30:34) Run:2
Running from H:\
Loaded Profiles: morton (Available Profiles: morton)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
() C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
CHR Plugin: (Shockwave Flash) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll => No File
CHR Plugin: (Injovo Extension Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll => No File
CHR Plugin: (Perion plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll => No File
CHR Plugin: (Perion plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll => No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll => No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/np-cwmp.dll => No File
CHR Extension: (No Name) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg [2013-04-09]
CHR Extension: (Notificatoin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2013-11-23]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-11-21]
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx [2012-11-21]
S2 NetHttpService; C:\Windows\SysWOW64\nethtsrv.exe [350208 2015-08-01] () [File not signed]
S2 ServiceUpdater; C:\Windows\SysWOW64\netupdsrv.exe [190976 2015-08-01] () [File not signed]
R1 nethfdrv; C:\Windows\system32\drivers\nethfdrv.sys [46160 2015-08-01] (nethfdrv)
2015-09-26 17:26 - 2015-09-26 17:26 - 00000687 _____ C:\awh472.tmp
2015-09-25 16:15 - 2015-09-25 16:15 - 00000687 _____ C:\awh2D27.tmp
2015-09-24 16:15 - 2015-09-24 16:15 - 00000687 _____ C:\awh9037.tmp
2015-09-13 11:19 - 2015-09-13 11:19 - 00000687 _____ C:\awh522C.tmp
2015-09-11 10:05 - 2015-09-11 10:05 - 52266712 _____ (悠然天地科技有限公司) C:\Users\morton\Downloads\iTunesDriver64_0205.exe
2015-09-11 10:02 - 2015-07-15 02:54 - 72369664 _____ (taig tools) C:\Users\morton\Desktop\TaiGJBreak_EN_2430.exe
2015-09-11 10:00 - 2015-09-11 10:01 - 70697202 _____ C:\Users\morton\Downloads\TaiGJBreak_EN_2430.zip
2015-09-10 09:16 - 2015-09-10 09:16 - 00000687 _____ C:\awh619F.tmp
2015-09-10 08:58 - 2015-09-10 09:00 - 44435904 _____ C:\Users\morton\Desktop\Pangu8_v1.2.1.exe
2015-09-09 21:23 - 2015-09-09 21:23 - 00000687 _____ C:\awh448E.tmp
2015-09-09 03:34 - 2015-09-09 03:34 - 00000687 _____ C:\awh2CF8.tmp
2015-09-07 22:15 - 2015-09-07 22:15 - 00000687 _____ C:\awhD571.tmp
2015-09-05 22:15 - 2015-09-05 22:15 - 00000687 _____ C:\awhCD25.tmp
2015-08-29 14:16 - 2015-09-13 20:05 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2015-08-29 14:16 - 2015-09-13 20:03 - 00000000 ____D C:\Users\morton\AppData\Roaming\iFunbox_UserCache
2015-08-29 14:15 - 2015-08-29 14:15 - 22748388 _____ (iFunbox DevTeam ) C:\Users\morton\Downloads\ifunbox_setup.exe
2015-08-29 14:09 - 2015-08-29 14:09 - 00689581 _____ C:\Users\morton\Downloads\Easy Uninstaller__12351_il200.exe.rar
2015-08-29 14:07 - 2015-08-29 14:09 - 00796459 _____ C:\Users\morton\Downloads\iExplorer3740.rar
2012-11-21 11:31 - 2012-11-21 11:31 - 0525312 _____ (BrowserSetter) C:\Users\morton\AppData\Roaming\bsetter-own.exe
2012-11-21 11:31 - 2012-11-21 11:31 - 0457789 _____ (Freedom Download Manager                                    ) C:\Users\morton\AppData\Roaming\fdm-setup.exe
2012-11-21 11:31 - 2012-11-21 11:31 - 0442560 _____ (Shlemoon Media Inc) C:\Users\morton\AppData\Roaming\fdmer.exe
2015-09-13 20:05 - 2015-09-13 20:18 - 0007598 _____ () C:\Users\morton\AppData\Local\Resmon.ResmonCfg
2013-02-27 10:44 - 2015-03-29 19:11 - 0001095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Task: {FD1062C2-BD69-473F-9E52-A88B38B39534} - \RunAsStdUser Task -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\morton\AppData\Local\8750\Updater.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
FirewallRules: [{331EB80F-43CA-42B6-8A37-1D5D5A50AF43}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{75DEE999-7951-4427-A76D-3A9FF118E8E5}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{B67D4724-B3EB-4DE2-B9E3-0CF79E419401}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{E7D3FB54-86FA-4703-8983-120DE12C0354}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
C:\Windows\SysWOW64\nethtsrv.exe
C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\system32\drivers\nethfdrv.sys
C:\Users\morton\AppData\Local\8750\Updater.exe
EmptyTemp:
end
*****************
 
Processes closed successfully.
C:\Users\morton\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe => No running process found
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AmazonMP3DownloaderHelper => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => value not found.
HKCR\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value not found.
HKCR\Wow6432Node\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} => value not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/np-cwmp.dll => not found.
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg => not found
C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => key not found. 
HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\SOFTWARE\Google\Chrome\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm => key not found. 
"C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm => key not found. 
"C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg => key not found. 
"C:\Program Files (x86)\Perion\NewTab\newTab.crx" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca => key not found. 
"C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx" => not found.
NetHttpService => service not found.
ServiceUpdater => service not found.
nethfdrv => service not found.
"C:\awh472.tmp" => File/Folder not found.
"C:\awh2D27.tmp" => File/Folder not found.
"C:\awh9037.tmp" => File/Folder not found.
"C:\awh522C.tmp" => File/Folder not found.
"C:\Users\morton\Downloads\iTunesDriver64_0205.exe" => File/Folder not found.
"C:\Users\morton\Desktop\TaiGJBreak_EN_2430.exe" => File/Folder not found.
"C:\Users\morton\Downloads\TaiGJBreak_EN_2430.zip" => File/Folder not found.
"C:\awh619F.tmp" => File/Folder not found.
"C:\Users\morton\Desktop\Pangu8_v1.2.1.exe" => File/Folder not found.
"C:\awh448E.tmp" => File/Folder not found.
"C:\awh2CF8.tmp" => File/Folder not found.
"C:\awhD571.tmp" => File/Folder not found.
"C:\awhCD25.tmp" => File/Folder not found.
"C:\Program Files (x86)\i-Funbox DevTeam" => File/Folder not found.
"C:\Users\morton\AppData\Roaming\iFunbox_UserCache" => File/Folder not found.
"C:\Users\morton\Downloads\ifunbox_setup.exe" => File/Folder not found.
"C:\Users\morton\Downloads\Easy Uninstaller__12351_il200.exe.rar" => File/Folder not found.
"C:\Users\morton\Downloads\iExplorer3740.rar" => File/Folder not found.
"C:\Users\morton\AppData\Roaming\bsetter-own.exe" => File/Folder not found.
"C:\Users\morton\AppData\Roaming\fdm-setup.exe" => File/Folder not found.
"C:\Users\morton\AppData\Roaming\fdmer.exe" => File/Folder not found.
"C:\Users\morton\AppData\Local\Resmon.ResmonCfg" => File/Folder not found.
"C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD1062C2-BD69-473F-9E52-A88B38B39534} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => key not found. 
C:\Windows\Tasks\AmiUpdXp.job => not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{331EB80F-43CA-42B6-8A37-1D5D5A50AF43} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75DEE999-7951-4427-A76D-3A9FF118E8E5} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B67D4724-B3EB-4DE2-B9E3-0CF79E419401} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7D3FB54-86FA-4703-8983-120DE12C0354} => value not found.
"C:\Windows\SysWOW64\nethtsrv.exe" => File/Folder not found.
"C:\Windows\SysWOW64\netupdsrv.exe" => File/Folder not found.
"C:\Windows\system32\drivers\nethfdrv.sys" => File/Folder not found.
"C:\Users\morton\AppData\Local\8750\Updater.exe" => File/Folder not found.
EmptyTemp: => 1.5 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 14:31:32 ====
========= End of CMD: =========
 
 
==== End of Fixlog 17:00:01 ====
  • 2. ADW log
  • Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
    Ran by morton (2015-09-27 18:14:04)
    Running from H:\
    Windows 7 Home Premium Service Pack 1 (X64) (2012-07-09 22:39:21)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-1531413298-3241576193-1501229024-500 - Administrator - Disabled)
    Guest (S-1-5-21-1531413298-3241576193-1501229024-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1531413298-3241576193-1501229024-1003 - Limited - Enabled)
    morton (S-1-5-21-1531413298-3241576193-1501229024-1001 - Administrator - Enabled) => C:\Users\morton
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
    Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
    Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
    Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
    Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
    Alienware Command Center (HKLM-x32\...\InstallShield_{6A7D1CAC-6267-4C71-A759-CB5D9E9FAFAA}) (Version: 2.7.25.0 - Alienware Corp.)
    Alienware Command Center (Version: 2.7.25.0 - Alienware Corp.) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
    Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version:  - )
    Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
    Canon MP810 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP810) (Version:  - )
    Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
    Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version:  - )
    Canon MX890 series User Registration (HKLM-x32\...\Canon MX890 series User Registration) (Version:  - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
    Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
    Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12284.0 - Cisco Consumer Products LLC)
    Command & Conquer 3 (HKLM-x32\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Electronic Arts Inc.)
    Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
    Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
    Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
    Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
    Company of Heroes (HKLM-x32\...\{BA801B94-C28D-46EE-B806-E1E021A3D519}) (Version: 1.0.0.78 - THQ Inc.)
    Curse Client (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
    Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
    Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
    Google Chrome (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
    Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
    Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
    Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
    Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
    Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version:  - GameTuts)
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.)
    MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden
    NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
    NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
    Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
    QualxServ Service Agreement (HKLM-x32\...\{18401E1E-1E44-461A-A4B2-E48B1A727818}) (Version: 2.0.0 - Dell Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.)
    Screencast-O-Matic (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    Unity Web Player (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
    Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
    VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
    VueScan (HKLM\...\VueScan) (Version:  - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
     
    ==================== Restore Points =========================
     
    16-09-2015 17:07:34 Windows Update
    20-09-2015 02:10:53 Windows Update
    23-09-2015 17:05:56 Windows Update
    27-09-2015 02:08:48 Windows Update
    27-09-2015 09:32:45 Removed SpyHunter
    27-09-2015 18:05:27 JRT Pre-Junkware Removal
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {15171C32-35A8-4172-AFFE-00BC0E261180} - System32\Tasks\{CE413D55-F554-406C-ACFE-CD626CB04D0F} => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    Task: {1F9E8B41-2D0F-4401-ADD7-E668B463D946} - System32\Tasks\{130BAAD9-57E2-4A19-ABA1-F6EC69E40DDB} => C:\Users\morton\Desktop\AERY\AERY.EXE
    Task: {39B48A7B-8452-4046-ADE0-D01CE2A93FC6} - System32\Tasks\{BC6C6C54-1D7B-4D40-B6DE-3E84BE46DBAE} => pcalua.exe -a E:\Installer.exe -d E:\
    Task: {46B4FBAE-D68F-4E79-B39F-D995AE1CD549} - System32\Tasks\{C5BC456D-7B4A-40BC-8A9F-DD9E9A6B83AD} => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    Task: {67FCBCBD-51ED-408A-B2CF-623A94F571DA} - System32\Tasks\{32216185-EDC1-4DAE-8FB4-B25513B269FA} => pcalua.exe -a C:\Users\morton\Downloads\setup.exe -d C:\Users\morton\Downloads
    Task: {6C59BC3F-7742-47A6-B4F3-F11F80FF815F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {7AC1A3EF-E6A2-4287-A2B6-17D6E55F01FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001Core => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {87EA03EB-4019-4134-A47F-25E2FE67B355} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
    Task: {940DA84B-CF32-4785-871F-E774D8EBC155} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {A01749AF-052D-45BC-9AB7-275E9600280C} - System32\Tasks\{5B584518-A9AF-4136-8343-625EF92262E6} => C:\Users\morton\Desktop\AERY\AERY.EXE
    Task: {A1A65CC2-7910-4332-B499-A8142A5D7A07} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
    Task: {BA6E95E8-5E03-47A3-850D-D2A1C250B823} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
    Task: {BD5D1CEB-AC95-4DA4-9FF7-F5D67803A972} - System32\Tasks\{50F712B6-055D-4446-8CCF-0C7EEAAAFE21} => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    Task: {CEBD6274-26F6-4372-A272-033FCAAD1462} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
    Task: {E3D67F13-3EC9-4B5A-8088-9A5839E7175E} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
    Task: {E73D5ED9-6F63-480A-A347-BC16BE0F8FBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001UA => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001Core.job => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001UA.job => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2013-04-13 16:38 - 2011-09-06 06:32 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\morton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [TCP Query User{8E050A2A-A45E-4B54-B1D7-45C3C974C2B2}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
    FirewallRules: [UDP Query User{E405FFAC-7F85-45DE-BCB0-8CA26C74009F}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
    Name: Microsoft Virtual WiFi Miniport Adapter
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (09/27/2015 05:54:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/27/2015 02:34:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/27/2015 02:30:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 23.9.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: e34
     
    Start Time: 01d0f934d7eb5f68
     
    Termination Time: 156
     
    Application Path: H:\FRST64.exe
     
    Report Id:
     
    Error: (09/27/2015 09:40:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/27/2015 09:33:08 AM) (Source: MsiInstaller) (EventID: 11721) (User: morton-PC)
    Description: Product: SpyHunter -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: , location: WiseCustomCall, command: g0
     
    Error: (09/26/2015 05:22:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/26/2015 04:39:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/25/2015 04:13:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Spyhunter4.exe version 4.15.1.4270 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: 5c4
     
    Start Time: 01d0f7d6a791a6f6
     
    Termination Time: 1
     
    Application Path: C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
     
    Report Id: 2709ec97-63ca-11e5-a247-f04da2de4bb7
     
    Error: (09/25/2015 04:11:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/16/2015 04:56:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
     
    System errors:
    =============
    Error: (09/27/2015 06:05:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Data Vault Wizard service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Alienware Fusion Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
     
    Error: (09/27/2015 06:05:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell SupportAssist Agent service terminated unexpectedly.  It has done this 1 time(s).
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
    Percentage of memory in use: 14%
    Total physical RAM: 16282.38 MB
    Available physical RAM: 13971.35 MB
    Total Virtual: 32562.95 MB
    Available Virtual: 30370.47 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:922.32 GB) (Free:668.88 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:8.73 GB) (Free:8.49 GB) NTFS
    Drive f: () (Removable) (Total:14.9 GB) (Free:9.46 GB) FAT32
    Drive g: (MUSIC-MOVIE) (Fixed) (Total:931.28 GB) (Free:652.9 GB) FAT32
    Drive h: () (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 31EC1379)
     
    Partition: GPT.
     
    ========================================================
    Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
     
    Partition: GPT.
     
    ========================================================
    Disk: 2 (Size: 931.5 GB) (Disk ID: E8900690)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
     
    ========================================================
    Disk: 3 (Size: 7.5 GB) (Disk ID: 120BC43A)
    Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
     
    ==================== End of Addition.txt ============================
  • 3. JRT log
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.3 (09.21.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by morton on Sun 09/27/2015 at 18:05:25.83
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Tasks
     
    Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
    Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] C:\ai_recyclebin
    Successfully deleted: [Folder] C:\Users\morton\Appdata\Local\cre
    Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin
     
     
     
    ~~~ Chrome
     
     
    [C:\Users\morton\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
     
    [C:\Users\morton\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
     
    [C:\Users\morton\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
     
    [C:\Users\morton\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 09/27/2015 at 18:07:08.77
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  •  
  • 4. New FRST
  • Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
    Ran by morton (administrator) on MORTON-PC (27-09-2015 18:13:23)
    Running from H:\
    Loaded Profiles: morton (Available Profiles: morton)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
     
     
    ==================== Registry (Whitelisted) ===========================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6412904 2011-11-03] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1157224 2011-10-20] (Realtek Semiconductor)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12616 2012-01-10] (Alienware)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
    HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Run: [Google Update] => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
    HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
    HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\MountPoints2: {38259ee3-d29b-11e3-9c5d-f04da2de4bb7} - F:\AutoRun.exe
    HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\MountPoints2: {914c792f-9490-11e3-83c3-bb5fbd74a8bb} - F:\AutoRun.exe
    HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-03-22] (NVIDIA Corporation)
    Startup: C:\Users\morton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-02-14]
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\Users\morton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012-10-06] ()
    BootExecute: autocheck autochk * sh4native Sh4Removal
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{44F4CB51-42C8-4CE4-80E2-E6E9DFED9BAA}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{65863D20-4FEC-4CA3-A1FC-83DC6C38EEC5}: [DhcpNameServer] 192.168.1.1
     
    Internet Explorer:
    ==================
    HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
    HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.alienwarearena.com/welcome-us
    SearchScopes: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001 -> DefaultScope {CE68968B-A9CF-4D68-8A08-AF41DEE6CF08} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001 -> {CE68968B-A9CF-4D68-8A08-AF41DEE6CF08} URL = hxxps://www.google.com/search?q={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
     
    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1531413298-3241576193-1501229024-1001: @tools.google.com/Google Update;version=3 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1531413298-3241576193-1501229024-1001: @tools.google.com/Google Update;version=9 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1531413298-3241576193-1501229024-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\morton\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-22] (Unity Technologies ApS)
     
    Chrome: 
    =======
    CHR HomePage: Profile 1 -> hxxp://www.google.com
    CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
    CHR Plugin: (Shockwave Flash) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll => No File
    CHR Plugin: (Native Client) - C:\Users\morton\AppData\Local\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\morton\AppData\Local\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
    CHR Plugin: (Injovo Extension Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll => No File
    CHR Plugin: (Perion plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll => No File
    CHR Plugin: (Perion plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll => No File
    CHR Plugin: (Conduit Chrome Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll => No File
    CHR Plugin: (Conduit Radio Plugin) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.13.20.29_0\plugins/np-cwmp.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
    CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Google Update) - C:\Users\morton\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
    CHR Profile: C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20]
    CHR Extension: (YouTube) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-09]
    CHR Extension: (Google Search) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-09]
    CHR Extension: (Gmail) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-09]
    CHR Profile: C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Docs) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-21]
    CHR Extension: (Google Drive) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-21]
    CHR Extension: (YouTube) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-21]
    CHR Extension: (Adblock Plus) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-09]
    CHR Extension: (Google Search) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-21]
    CHR Extension: (Google Docs Offline) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
    CHR Extension: (Gmail) - C:\Users\morton\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-21]
    StartMenuInternet: Google Chrome - C:\Users\morton\AppData\Local\Google\Chrome\Application\chrome.exe
     
    ==================== Services (Whitelisted) ========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-02-14] (Adobe Systems) [File not signed]
    S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-09-11] ()
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
    S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
    S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
    R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
    S2 MSI_ODD_Service; c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [76800 2011-10-04] (Micro-Star Int'l Co., Ltd.) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 SpyHunter 4 Service; C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
     
    ===================== Drivers (Whitelisted) ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
    R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
    S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    R3 NTIOLib_X64; C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
    R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-09-15] (Renesas Electronics Corporation)
    R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-09-15] (Renesas Electronics Corporation)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 GPU-Z; \??\C:\Users\morton\AppData\Local\Temp\GPU-Z.sys [X]
    S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X]
    S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2015-09-27 18:07 - 2015-09-27 18:07 - 00001420 _____ C:\Users\morton\Desktop\JRT.txt
    2015-09-27 17:07 - 2015-09-27 17:51 - 00000000 ____D C:\AdwCleaner
    2015-09-27 14:35 - 2015-09-27 14:35 - 00000159 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2015-09-26 17:35 - 2015-09-27 18:13 - 00000000 ____D C:\FRST
    2015-09-26 17:27 - 2015-09-27 18:08 - 00002038 _____ C:\Users\morton\Desktop\Rkill.txt
    2015-09-15 19:57 - 2015-09-15 19:57 - 28463616 _____ C:\Users\morton\Downloads\Ch53_-_CommunityEcology2008_KF.ppt
    2015-09-15 19:57 - 2015-09-15 19:57 - 00078336 _____ C:\Users\morton\Downloads\ap notes chapter 55 (1).ppt
    2015-09-15 19:55 - 2015-09-15 19:55 - 08519168 _____ C:\Users\morton\Downloads\Ch55_-_EcosystemDisaster2008_KF.ppt
    2015-09-15 19:51 - 2015-09-15 19:51 - 00078336 _____ C:\Users\morton\Downloads\ap notes chapter 55.ppt
    2015-09-11 10:04 - 2015-09-11 10:04 - 09983584 _____ (MEGA Limited) C:\Users\morton\Downloads\MEGAsyncSetup.exe
    2015-09-11 10:02 - 2015-09-11 10:02 - 00000000 ____D C:\Users\morton\AppData\Roaming\TaiG
    2015-09-10 09:09 - 2015-09-10 09:09 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
    2015-09-10 09:09 - 2015-09-10 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-09-10 09:08 - 2015-09-10 09:09 - 00000000 ____D C:\Program Files\iTunes
    2015-09-10 09:08 - 2015-09-10 09:08 - 00000000 ____D C:\Program Files\iPod
    2015-09-10 09:08 - 2015-09-10 09:08 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-09-10 09:04 - 2015-09-10 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-09-10 08:59 - 2015-09-10 08:59 - 00000687 _____ C:\awh1582.tmp
    2015-09-08 23:53 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-09-08 23:53 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-09-08 23:53 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-09-08 23:53 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-09-08 23:53 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-09-08 23:53 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-09-08 23:53 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-09-08 23:53 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-09-08 23:53 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-09-08 23:53 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-09-08 23:53 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-09-08 23:53 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-09-08 23:53 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-09-08 23:53 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-09-08 23:53 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-09-08 23:53 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-09-08 23:53 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-09-08 23:53 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-09-08 23:53 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-09-08 23:53 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-09-08 23:53 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-09-08 23:53 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-09-08 23:53 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-09-08 23:53 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-09-08 23:53 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-09-08 23:53 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-09-08 23:53 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-09-08 23:53 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-09-08 23:53 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-09-08 23:53 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-09-08 23:53 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-09-08 23:53 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-09-08 23:53 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-09-08 23:53 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-09-08 23:53 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-09-08 23:53 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-09-08 23:53 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-09-08 23:53 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-09-08 23:53 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-09-08 23:53 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-09-08 23:53 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-09-08 23:53 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-09-08 23:53 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-09-08 23:53 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-09-08 23:53 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-09-08 23:53 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-09-08 23:53 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-09-08 23:53 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-09-08 23:53 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-09-08 23:53 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-09-08 23:53 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-09-08 23:53 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-09-08 23:53 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-09-08 23:53 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-09-08 23:53 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-09-08 23:53 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-09-08 23:53 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-09-08 23:53 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-09-08 23:53 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-09-08 23:53 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-09-08 23:52 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2015-09-08 23:52 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-09-08 23:52 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-09-08 23:52 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-09-08 23:52 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-09-08 23:52 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-09-08 23:52 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2015-09-08 23:52 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2015-09-08 23:52 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2015-09-08 23:52 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2015-09-08 23:51 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2015-09-08 23:51 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-09-08 23:51 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2015-09-08 23:51 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-09-08 23:51 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2015-09-08 23:51 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-09-08 23:51 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2015-09-08 23:51 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-09-08 23:51 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-09-08 23:51 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-09-08 23:51 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-09-08 23:51 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-09-08 23:51 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-09-08 23:51 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-09-08 23:51 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-09-08 23:51 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-09-08 23:51 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-09-08 23:51 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-09-08 23:51 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-09-08 23:51 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-09-08 23:51 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-09-08 23:51 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-09-08 23:51 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-09-08 23:51 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-09-08 23:51 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-09-08 23:51 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-09-08 23:51 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-09-08 23:51 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-09-08 23:51 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-09-08 23:51 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-09-08 23:51 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-09-08 23:51 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-09-08 23:51 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-09-08 23:51 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-09-08 23:51 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-09-08 23:51 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-09-08 23:51 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-09-08 23:51 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-09-08 23:51 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-09-08 23:51 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-09-08 23:51 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-09-08 23:51 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-09-08 23:51 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-09-08 23:51 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-09-08 23:51 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-09-08 23:51 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-09-08 23:51 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-09-08 23:51 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-09-08 23:51 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-09-08 23:51 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-09-08 23:51 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-09-08 23:51 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-09-08 23:51 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-09-08 23:51 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-09-08 23:51 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-09-08 23:51 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2015-09-08 23:51 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-09-08 23:50 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-09-08 23:50 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-09-08 23:50 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-09-08 23:50 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-09-08 23:50 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-09-08 23:50 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-09-08 23:50 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-09-08 23:50 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-09-08 23:50 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-09-08 23:50 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-09-08 23:50 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-09-08 23:50 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-09-08 23:50 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-09-08 23:50 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-09-08 23:50 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-09-08 23:50 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-09-08 23:50 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-09-08 23:50 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-09-08 23:50 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-09-08 23:50 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-09-08 23:50 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-09-08 23:50 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-09-08 23:50 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-09-08 23:50 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-09-08 23:50 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-09-08 23:50 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-09-08 23:50 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-09-05 15:20 - 2015-09-05 15:20 - 00000000 __SHD C:\found.000
    2015-09-03 20:32 - 2015-09-03 20:32 - 00280260 ____N C:\Windows\Minidump\090315-30638-01.dmp
    2015-09-01 17:21 - 2015-09-01 17:21 - 05298688 _____ C:\Users\morton\Downloads\Ch_5-4_nucleicacids2008_KF.ppt
    2015-09-01 17:21 - 2015-09-01 17:21 - 05253120 _____ C:\Users\morton\Downloads\31Ch08enzymes2008.ppt
    2015-09-01 17:21 - 2015-09-01 17:21 - 03926016 _____ C:\Users\morton\Downloads\Ch_5-3_proteins2008_KF.ppt
    2015-09-01 17:21 - 2015-09-01 17:21 - 03621376 _____ C:\Users\morton\Downloads\Ch_5-2_lipids2008_KF.ppt
    2015-09-01 17:20 - 2015-09-01 17:21 - 03544576 _____ C:\Users\morton\Downloads\Ch_4_Carbon_chemistry_2008_KF.ppt
    2015-09-01 17:20 - 2015-09-01 17:20 - 07387136 _____ C:\Users\morton\Downloads\Ch_2-3_chemistry_water_KF.ppt
    2015-09-01 17:20 - 2015-09-01 17:20 - 06179328 _____ C:\Users\morton\Downloads\Ch_5-1_carbs2008_KF.ppt
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2015-09-27 18:08 - 2012-07-09 21:03 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001UA.job
    2015-09-27 18:05 - 2009-07-14 00:13 - 00799374 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-09-27 18:01 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-09-27 18:01 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-09-27 17:57 - 2012-07-03 03:50 - 01343715 _____ C:\Windows\WindowsUpdate.log
    2015-09-27 17:53 - 2012-07-09 21:03 - 00000000 ____D C:\Users\morton\AppData\Local\Deployment
    2015-09-27 17:53 - 2010-11-20 22:47 - 00466068 _____ C:\Windows\PFRO.log
    2015-09-27 17:53 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-09-27 17:53 - 2009-07-13 23:51 - 00085992 _____ C:\Windows\setupact.log
    2015-09-27 17:51 - 2012-11-21 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-09-27 09:30 - 2013-04-26 15:44 - 00000000 ____D C:\Users\morton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
    2015-09-27 09:30 - 2013-04-26 15:44 - 00000000 ____D C:\Users\morton\AppData\Roaming\Amazon
    2015-09-27 00:08 - 2012-07-09 21:03 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001Core.job
    2015-09-26 13:24 - 2012-09-11 21:08 - 00000000 ____D C:\Users\morton\Documents\Outlook Files
    2015-09-25 16:10 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2015-09-21 16:12 - 2012-07-03 01:56 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-09-21 16:12 - 2012-07-03 01:56 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-09-17 19:57 - 2013-04-13 16:21 - 00000000 ____D C:\ProgramData\CanonIJPLM
    2015-09-17 00:03 - 2012-07-09 21:03 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001UA
    2015-09-17 00:03 - 2012-07-09 21:03 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001Core
    2015-09-13 20:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-09-11 15:35 - 2012-07-09 21:03 - 00000000 ____D C:\Users\morton\AppData\Local\Google
    2015-09-11 10:08 - 2013-02-17 12:45 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-09-10 09:08 - 2015-03-31 21:09 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-09-09 03:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2015-09-09 03:28 - 2009-07-13 23:45 - 00421584 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-09-09 03:26 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
    2015-09-09 03:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-09-09 03:11 - 2012-07-14 16:51 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-09-09 03:10 - 2013-08-14 03:00 - 00000000 ____D C:\Windows\system32\MRT
    2015-09-03 20:34 - 2013-06-25 21:32 - 00000000 ____D C:\Windows\Minidump
     
    ==================== Files in the root of some directories =======
     
    2015-09-27 14:35 - 2015-09-27 14:35 - 0000159 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
     
    Some files in TEMP:
    ====================
    C:\Users\morton\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-09-21 00:55
     
    ==================== End of FRST.txt ============================
  • New  Addition.txt logs
  • Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
    Ran by morton (2015-09-27 18:14:04)
    Running from H:\
    Windows 7 Home Premium Service Pack 1 (X64) (2012-07-09 22:39:21)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-1531413298-3241576193-1501229024-500 - Administrator - Disabled)
    Guest (S-1-5-21-1531413298-3241576193-1501229024-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1531413298-3241576193-1501229024-1003 - Limited - Enabled)
    morton (S-1-5-21-1531413298-3241576193-1501229024-1001 - Administrator - Enabled) => C:\Users\morton
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
    Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
    Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
    Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
    Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
    Alienware Command Center (HKLM-x32\...\InstallShield_{6A7D1CAC-6267-4C71-A759-CB5D9E9FAFAA}) (Version: 2.7.25.0 - Alienware Corp.)
    Alienware Command Center (Version: 2.7.25.0 - Alienware Corp.) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
    Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version:  - )
    Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
    Canon MP810 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP810) (Version:  - )
    Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version:  - )
    Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version:  - )
    Canon MX890 series User Registration (HKLM-x32\...\Canon MX890 series User Registration) (Version:  - )
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
    Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
    Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12284.0 - Cisco Consumer Products LLC)
    Command & Conquer 3 (HKLM-x32\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Electronic Arts Inc.)
    Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
    Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
    Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
    Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
    Company of Heroes (HKLM-x32\...\{BA801B94-C28D-46EE-B806-E1E021A3D519}) (Version: 1.0.0.78 - THQ Inc.)
    Curse Client (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
    Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
    Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
    Google Chrome (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
    Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
    Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
    Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
    Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
    Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version:  - GameTuts)
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    MSI ODD Monitor (HKLM-x32\...\InstallShield_{B7D9BAAA-F068-4BF8-B929-462C3A8AB677}) (Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.)
    MSI ODD Monitor (x32 Version: 1.0.0.5 - Micro-Star Int'l Co., Ltd.) Hidden
    NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
    NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
    Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
    QualxServ Service Agreement (HKLM-x32\...\{18401E1E-1E44-461A-A4B2-E48B1A727818}) (Version: 2.0.0 - Dell Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6494 - Realtek Semiconductor Corp.)
    Screencast-O-Matic (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
    TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
    Unity Web Player (HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
    Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
    VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
    VueScan (HKLM\...\VueScan) (Version:  - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1531413298-3241576193-1501229024-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\morton\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
     
    ==================== Restore Points =========================
     
    16-09-2015 17:07:34 Windows Update
    20-09-2015 02:10:53 Windows Update
    23-09-2015 17:05:56 Windows Update
    27-09-2015 02:08:48 Windows Update
    27-09-2015 09:32:45 Removed SpyHunter
    27-09-2015 18:05:27 JRT Pre-Junkware Removal
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {15171C32-35A8-4172-AFFE-00BC0E261180} - System32\Tasks\{CE413D55-F554-406C-ACFE-CD626CB04D0F} => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    Task: {1F9E8B41-2D0F-4401-ADD7-E668B463D946} - System32\Tasks\{130BAAD9-57E2-4A19-ABA1-F6EC69E40DDB} => C:\Users\morton\Desktop\AERY\AERY.EXE
    Task: {39B48A7B-8452-4046-ADE0-D01CE2A93FC6} - System32\Tasks\{BC6C6C54-1D7B-4D40-B6DE-3E84BE46DBAE} => pcalua.exe -a E:\Installer.exe -d E:\
    Task: {46B4FBAE-D68F-4E79-B39F-D995AE1CD549} - System32\Tasks\{C5BC456D-7B4A-40BC-8A9F-DD9E9A6B83AD} => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    Task: {67FCBCBD-51ED-408A-B2CF-623A94F571DA} - System32\Tasks\{32216185-EDC1-4DAE-8FB4-B25513B269FA} => pcalua.exe -a C:\Users\morton\Downloads\setup.exe -d C:\Users\morton\Downloads
    Task: {6C59BC3F-7742-47A6-B4F3-F11F80FF815F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {7AC1A3EF-E6A2-4287-A2B6-17D6E55F01FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001Core => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {87EA03EB-4019-4134-A47F-25E2FE67B355} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
    Task: {940DA84B-CF32-4785-871F-E774D8EBC155} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {A01749AF-052D-45BC-9AB7-275E9600280C} - System32\Tasks\{5B584518-A9AF-4136-8343-625EF92262E6} => C:\Users\morton\Desktop\AERY\AERY.EXE
    Task: {A1A65CC2-7910-4332-B499-A8142A5D7A07} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
    Task: {BA6E95E8-5E03-47A3-850D-D2A1C250B823} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
    Task: {BD5D1CEB-AC95-4DA4-9FF7-F5D67803A972} - System32\Tasks\{50F712B6-055D-4446-8CCF-0C7EEAAAFE21} => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    Task: {CEBD6274-26F6-4372-A272-033FCAAD1462} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
    Task: {E3D67F13-3EC9-4B5A-8088-9A5839E7175E} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
    Task: {E73D5ED9-6F63-480A-A347-BC16BE0F8FBF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001UA => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001Core.job => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531413298-3241576193-1501229024-1001UA.job => C:\Users\morton\AppData\Local\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2013-04-13 16:38 - 2011-09-06 06:32 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\morton\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [TCP Query User{8E050A2A-A45E-4B54-B1D7-45C3C974C2B2}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
    FirewallRules: [UDP Query User{E405FFAC-7F85-45DE-BCB0-8CA26C74009F}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
    Name: Microsoft Virtual WiFi Miniport Adapter
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (09/27/2015 05:54:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/27/2015 02:34:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/27/2015 02:30:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 23.9.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: e34
     
    Start Time: 01d0f934d7eb5f68
     
    Termination Time: 156
     
    Application Path: H:\FRST64.exe
     
    Report Id:
     
    Error: (09/27/2015 09:40:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/27/2015 09:33:08 AM) (Source: MsiInstaller) (EventID: 11721) (User: morton-PC)
    Description: Product: SpyHunter -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: , location: WiseCustomCall, command: g0
     
    Error: (09/26/2015 05:22:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/26/2015 04:39:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/25/2015 04:13:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Spyhunter4.exe version 4.15.1.4270 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
     
    Process ID: 5c4
     
    Start Time: 01d0f7d6a791a6f6
     
    Termination Time: 1
     
    Application Path: C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
     
    Report Id: 2709ec97-63ca-11e5-a247-f04da2de4bb7
     
    Error: (09/25/2015 04:11:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (09/16/2015 04:56:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
     
    System errors:
    =============
    Error: (09/27/2015 06:05:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Data Vault Wizard service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Alienware Fusion Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (09/27/2015 06:05:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
     
    Error: (09/27/2015 06:05:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell SupportAssist Agent service terminated unexpectedly.  It has done this 1 time(s).
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
    Percentage of memory in use: 14%
    Total physical RAM: 16282.38 MB
    Available physical RAM: 13971.35 MB
    Total Virtual: 32562.95 MB
    Available Virtual: 30370.47 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:922.32 GB) (Free:668.88 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:8.73 GB) (Free:8.49 GB) NTFS
    Drive f: () (Removable) (Total:14.9 GB) (Free:9.46 GB) FAT32
    Drive g: (MUSIC-MOVIE) (Fixed) (Total:931.28 GB) (Free:652.9 GB) FAT32
    Drive h: () (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 31EC1379)
     
    Partition: GPT.
     
    ========================================================
    Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
     
    Partition: GPT.
     
    ========================================================
    Disk: 2 (Size: 931.5 GB) (Disk ID: E8900690)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
     
    ========================================================
    Disk: 3 (Size: 7.5 GB) (Disk ID: 120BC43A)
    Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
     
    ==================== End of Addition.txt ============================
  • An update about the problems that persist
  • * we used the IE and Chrome browsers no pop ups or re-directs - everything seemed to move a lot faster too.
  • * going to do some more surfing to test for any other abnormalities


#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 27 September 2015 - 07:13 PM

Hello,
 

we used the IE and Chrome browsers no pop ups or re-directs - everything seemed to move a lot faster too

 
Great!
 
<<<<<<<<<<
 
Still some more work to do...
 
 

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

Please turn it back on. :)
 
<<<<<<<<<<

You should not need the USB anymore. You should not need RKill anymore.
 
Log into BC from the sick computer here.

Download Farbar Recover Scan Tool 64 bit and save it to your desktop ---> Important

FRST fix:

  • From your sick computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the entire script below from start to end in the notepad document:
start
Task: {87EA03EB-4019-4134-A47F-25E2FE67B355} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {940DA84B-CF32-4785-871F-E774D8EBC155} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
C:\Program Files (x86)\Enigma Software Group\SpyHunter
S2 SpyHunter 4 Service; C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
CMD: type C:\AdwCleaner[C1].txt
end
  • Save the file to your Desktop (<--IMPORTANT) and name it as fixlist.txt

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST64.exe then press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) on your USB.

Please copy and paste the log in your next reply.

<<<<<<<<<<

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    • Exit MBAM when done.
    Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

<<<<<<<<<<

Please download screen317's Security Check to your desktop

  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run

A Notepad document will open on your desktop. Please copy and paste the contents in your reply

<<<<<<<<<<

With your next post please provide:

  • Fixlog.txt
  • MBAM log
  • Security log
  • Still running okay?

Thanks


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 betc

betc
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 27 September 2015 - 08:58 PM

fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by morton (2015-09-27 19:54:33) Run:4
Running from C:\Users\morton\Desktop
Loaded Profiles: morton (Available Profiles: morton)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
Task: {87EA03EB-4019-4134-A47F-25E2FE67B355} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {940DA84B-CF32-4785-871F-E774D8EBC155} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
C:\Program Files (x86)\Enigma Software Group\SpyHunter
S2 SpyHunter 4 Service; C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
CMD: type C:\AdwCleaner[C1].txt
end
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{87EA03EB-4019-4134-A47F-25E2FE67B355}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87EA03EB-4019-4134-A47F-25E2FE67B355}" => key removed successfully
C:\Windows\System32\Tasks\SpyHunter4Startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{940DA84B-CF32-4785-871F-E774D8EBC155}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{940DA84B-CF32-4785-871F-E774D8EBC155}" => key removed successfully
C:\Windows\System32\Tasks\SystemToolsDailyTest => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
C:\Program Files (x86)\Enigma Software Group\SpyHunter => moved successfully
SpyHunter 4 Service => service removed successfully
esgiguard => service removed successfully
 
=========  type C:\AdwCleaner[C1].txt =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
 
==== End of Fixlog 19:54:33 ====
 
mbam log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/27/2015
Scan Time: 8:11 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.27.07
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: morton
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388851
Time Elapsed: 15 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Adware.HotBar.GL, HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\SOFTWARE\gamesleapSA, Quarantined, [d90a04301a71e452a625e07cbc4759a7], 
PUP.Optional.LevelQualityWatcher, HKU\S-1-5-21-1531413298-3241576193-1501229024-1001\SOFTWARE\APPDATALOW\SOFTWARE\Level Quality Watcher, Quarantined, [4d9639fbc0cb0b2b2c15eac007fda060], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.OffersWizard, C:\Program Files (x86)\Common Files\Config, Quarantined, [db08a490f695ca6cc2866f4530d44eb2], 
Adware.HotBar.GL, C:\Users\morton\AppData\Local\GamesLeapSA, Quarantined, [459ec86c1378d4627102c63a13f032ce], 
Adware.HotBar.GL, C:\Users\morton\AppData\Local\GamesLeapSA\bin, Quarantined, [459ec86c1378d4627102c63a13f032ce], 
Adware.HotBar.GL, C:\Users\morton\AppData\Local\GamesLeapSA\bin\1.0.11.0, Quarantined, [459ec86c1378d4627102c63a13f032ce], 
Adware.HotBar.GL, C:\Users\morton\AppData\Local\GamesLeapSA\data, Quarantined, [459ec86c1378d4627102c63a13f032ce], 
 
Files: 9
PUP.Optional.OptimumInstaller, C:\Users\morton\Downloads\setup (1).exe, Quarantined, [b82b4ee6f49754e2385b0db21ae78977], 
PUP.Optional.OptimumInstaller, C:\Users\morton\Downloads\setup.exe, Quarantined, [52912f05fa912511f49fc0ff0ef3847c], 
PUP.Optional.OffersWizard, C:\Program Files (x86)\Common Files\Config\ver.xml, Quarantined, [db08a490f695ca6cc2866f4530d44eb2], 
Adware.HotBar.GL, C:\Users\morton\AppData\Local\GamesLeapSA\bin\1.0.11.0\copyright.txt, Quarantined, [459ec86c1378d4627102c63a13f032ce], 
Adware.HotBar.GL, C:\Users\morton\AppData\Local\GamesLeapSA\bin\1.0.11.0\GamesLeapUninstaller.exe, Quarantined, [459ec86c1378d4627102c63a13f032ce], 
Adware.HotBar.GL, C:\Users\morton\AppData\Local\GamesLeapSA\data\gamesleapSA.dat, Quarantined, [459ec86c1378d4627102c63a13f032ce], 
Adware.HotBar.GL, C:\Users\morton\AppData\Local\GamesLeapSA\data\GamesLeapSAau.dat, Quarantined, [459ec86c1378d4627102c63a13f032ce], 
Adware.HotBar.GL, C:\Users\morton\AppData\Local\GamesLeapSA\data\GamesLeapSA_hpk.dat, Quarantined, [459ec86c1378d4627102c63a13f032ce], 
Adware.HotBar.GL, C:\Users\morton\AppData\Local\GamesLeapSA\data\GamesLeapSA_kyf.dat, Quarantined, [459ec86c1378d4627102c63a13f032ce], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
security log
 
Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 55  
 Java version 32-bit out of Date! 
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Google Chrome (45.0.2454.101) 
 Google Chrome (45.0.2454.99) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
 
Yes, everything seems to be running okay


#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 27 September 2015 - 10:23 PM

Getting there.  :thumbup2:
 

IMPORTANT ---> Do theses steps in the order I have outlined please

 
<<<<<<<<<<

This one takes a LONG time so park it overnight and make sure the computer, hard disk and screen are set to remain awake.

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • UNCHECK: Remove found threats (I don't want you to remove anything yet!!)
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Copy and paste the logfile in your reply for my review.
 
Turn your real time AV protection back ON now!

<<<<<<<<<

I am also looking for the ADW log. It should be at C:\AdwCleaner[C1].txt. Might be on your USB or Desktop.  Please see if you can find it and post it for my review.
 
<<<<<<<<<<<
 

Have you ever felt, while installing software, that the installer tries to push additional unwanted programs at all cost? Ever missed a checkbox, and spent hours afterwards removing adware? Ever opened your browser after an installation, only to find out that you have a new homepage, a new search engine, or even a new browser?
Unchecky aims to keep potentially unwanted programs out of your computer.

 
Please install Unchecky
 
<<<<<<<<<<
 

Update Adobe Reader

 

then....

 

Update Java

 

Thanks


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 betc

betc
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:32 AM

Posted 30 September 2015 - 07:16 PM

Having trouble turning off mbam . I might have downloaded a different version - but it was definitely a link from your list of downloads






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users