Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 hangs, no internet, scans stopped


  • This topic is locked This topic is locked
71 replies to this topic

#1 Big Ern

Big Ern

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:02:42 AM

Posted 10 July 2016 - 07:02 PM

My Toshiba Windows 7 laptop is having some issues. I cannot connect to the internet, the system is very slow in safe mode and will hang on a regular startup. Bitdefender starts up as normal at first, but then is stopped shortly thereafter and suggests a restart. I have attempted a few MBAM scans with nothing found and they will not complete. I also have ran adsfix and adwcleaner. I have ran Rkill, and FRST with logs attached. 
 
Any help would be greatly appreciated...
Attached File  Rkill.txt   5.13KB   10 downloads
Attached File  FRST.txt   65.63KB   17 downloads
Attached File  Addition.txt   51.87KB   14 downloads
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2016 01
Ran by Cheeves (administrator) on LAPTOP (10-07-2016 19:55:35)
Running from G:\
Loaded Profiles: Cheeves (Available Profiles: Cheeves & Ernie & Duncan & Dustin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2013-12-13] (Greenshot)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NETGEAR USB Control Center] => c:\program files (x86)\netgear\usb control center\control center.exe [4139008 2012-09-20] ()
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [244808 2013-09-01] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [BYRUA_AGENT] => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Cheeves\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [4764 2016-07-09] ()
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {2f4cecbd-28cb-11e4-ab92-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {572c7cdc-bc21-11e2-a3ec-047d7b058765} - D:\setup.EXE /AUTORUN
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {71aca8e4-9fac-11e5-a902-047d7b058765} - F:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {aeca2fb3-5aa0-11e3-8bc0-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {b15fe244-c8ea-11e3-b1a0-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {bc2a5400-1c0d-11e4-8a40-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {ccf279d2-b6b1-11e3-85c0-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {dd263eb6-ebb0-11e4-8320-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-07-10]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)
Startup: C:\Users\Cheeves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-09-01]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
SearchScopes: HKLM -> DefaultScope {4620BF0B-7E84-432B-9F31-FEE4382ECC7F} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {4620BF0B-7E84-432B-9F31-FEE4382ECC7F} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {4620BF0B-7E84-432B-9F31-FEE4382ECC7F} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000 -> DefaultScope B3957573E102E8AE007543C9C5B7C5AE URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS460
SearchScopes: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000 -> B3957573E102E8AE007543C9C5B7C5AE URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS460
SearchScopes: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000 -> {4620BF0B-7E84-432B-9F31-FEE4382ECC7F} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation)
BHO-x32: No Name -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> No File
BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension -> {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll [2013-10-15] (Nuance Communications, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} hxxps://spc-access.southernco.com/+CSCOL+/csvrloader32.cab
DPF: HKLM-x32 {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: HKLM-x32 {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} hxxps://spc-access.southernco.com/CACHE/sdesktop/install/binaries/instweb.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Cheeves\AppData\Roaming\Mozilla\Firefox\Profiles\o28wlofm.default
FF DefaultSearchEngine: Bing
FF DefaultSearchUrl:
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2013-10-15] (Nuance Communications Inc.)
FF Extension: Flash and Video Download - C:\Users\Cheeves\AppData\Roaming\Mozilla\Firefox\Profiles\o28wlofm.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2012-07-25] [not signed]
FF Extension: Adblock Plus - C:\Users\Cheeves\AppData\Roaming\Mozilla\Firefox\Profiles\o28wlofm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-28]
CHR Extension: (Google Docs) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-28]
CHR Extension: (Google Drive) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
CHR Extension: (YouTube) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
CHR Extension: (Google Sheets) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-28]
CHR Extension: (Google Docs Offline) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-08]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2015-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Audio Converter) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2016-02-07]
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2015-08-28]
CHR Extension: (Gmail) - C:\Users\Cheeves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-28]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-08-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation)
S2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [68168 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-29] (Bitdefender)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2016-06-30] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [59976 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-05-10] () [File not signed]
S1 EUDSKACS; C:\windows\system32\drivers\eudskacs.sys [18504 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S1 EUFDDISK; C:\windows\system32\drivers\EuFdDisk.sys [189000 2013-05-10] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 farflt; C:\windows\system32\drivers\farflt.sys [59776 2016-07-10] (Malwarebytes)
S1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 motport; C:\Windows\System32\DRIVERS\motport.sys [31232 2012-06-08] (Motorola Mobility Inc)
R3 NetgearUDSMBus; C:\Windows\System32\drivers\NetgearUDSMBus.sys [107296 2012-08-13] (Windows ® Codename Longhorn DDK provider)
R3 NetgearUDSMBus; C:\Windows\SysWOW64\drivers\NetgearUDSMBus.sys [92160 2012-06-15] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 NetgearUDSTcpBus; C:\Windows\System32\drivers\NetgearUDSTcpBus.sys [183584 2012-08-13] (Windows ® Codename Longhorn DDK provider)
S3 NetgearUDSTcpBus; C:\Windows\SysWOW64\drivers\NetgearUDSTcpBus.sys [153600 2012-06-15] (Windows ® Codename Longhorn DDK provider) [File not signed]
S2 NPF; C:\windows\system32\drivers\npf.sys [35344 2015-12-17] (CACE Technologies, Inc.)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [70984 2010-06-16] (Ross-Tech LLC)
S3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
S3 SCTDriverV1011; C:\Windows\System32\drivers\SCTDriverV1011.sys [261712 2012-10-26] (Jungo)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 vzandnetbus; system32\DRIVERS\lgvzandnetbus64.sys [X]
S3 vzandnetdiag; system32\DRIVERS\lgvzandnetdiag64.sys [X]
S3 vzandnetmodem; system32\DRIVERS\lgvzandnetmdm64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-10 19:49 - 2016-07-10 19:55 - 00000000 ___DC C:\FRST
2016-07-10 19:32 - 2016-07-10 19:43 - 00005256 ____C C:\Users\Cheeves\Desktop\Rkill.txt
2016-07-10 13:03 - 2016-07-10 13:04 - 00070060 ____C C:\TDSSKiller.2.4.3.0_10.07.2016_13.03.41_log.txt
2016-07-10 03:11 - 2016-07-10 03:11 - 00000000 ___CT C:\windows\system32\lic2tmp.xml24024
2016-07-10 03:08 - 2016-07-10 13:44 - 00059776 ____C (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2016-07-10 02:16 - 2016-07-10 02:16 - 00001872 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk
2016-07-10 02:16 - 2016-07-10 02:16 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-07-10 02:16 - 2016-07-10 02:16 - 00000000 ___DC C:\Program Files\Malwarebytes
2016-07-09 23:50 - 2016-07-10 00:02 - 00005211 ____C C:\AdsFix.txt
2016-07-09 23:50 - 2016-07-10 00:02 - 00001129 ____C C:\Users\Cheeves\Desktop\AdsFix_Donate.lnk
2016-07-09 23:45 - 2016-07-09 23:45 - 00002272 ____C C:\Users\Cheeves\Desktop\AdsFix_09_07_2016_23_45_44.txt
2016-07-09 23:45 - 2016-07-09 23:45 - 00002272 ____C C:\AdsFix_09_07_2016_23_45_44.txt
2016-07-09 23:39 - 2016-07-10 00:06 - 00000000 ___DC C:\AdsFix
2016-07-09 22:01 - 2016-07-09 22:01 - 00022209 ____C C:\Users\Cheeves\Desktop\JRT.txt
2016-07-09 21:02 - 2016-07-09 21:06 - 00000000 ___DC C:\AdwCleaner
2016-07-01 17:48 - 2016-07-01 17:48 - 01154336 ____C C:\Users\Dustin\Downloads\Stefinus 3D Guns Mod Installer 1.7.10.exe
2016-06-30 14:49 - 2016-06-30 14:49 - 00261056 ____C (BitDefender) C:\windows\system32\Drivers\avchv.sys
2016-06-27 09:42 - 2016-06-27 20:47 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 01732888 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 01314136 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-06-27 09:42 - 2016-06-27 20:47 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-06-27 09:42 - 2016-06-27 20:47 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-27 09:42 - 2016-06-27 20:47 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-27 09:42 - 2016-06-27 20:47 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-27 09:42 - 2016-06-27 20:47 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-27 09:42 - 2016-06-27 20:47 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-27 09:42 - 2016-06-27 20:47 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-06-27 09:42 - 2016-06-27 20:47 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-06-27 09:42 - 2016-06-27 20:47 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-27 09:42 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-06-27 09:41 - 2016-06-27 20:47 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-06-27 09:41 - 2016-06-27 20:47 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-27 09:41 - 2016-06-27 20:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-06-17 17:47 - 2016-06-17 17:47 - 00820938 ____C C:\Users\Cheeves\Desktop\VXBC6N4_40T_No EGR.cef
2016-06-17 17:34 - 2016-06-17 17:34 - 00002739 ____C C:\Users\Public\Desktop\SCT Device Updater.lnk
2016-06-17 17:33 - 2016-06-17 17:33 - 18884464 ____C (SCT) C:\Users\Cheeves\Downloads\SCTDeviceUpdater.exe
2016-06-16 20:56 - 2016-06-16 21:08 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-06-16 20:56 - 2016-06-16 21:08 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-06-16 20:56 - 2016-06-16 21:07 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-06-16 20:56 - 2016-06-16 21:07 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-06-16 20:56 - 2016-06-16 21:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-06-16 20:56 - 2016-06-16 21:07 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-06-16 20:56 - 2016-06-16 21:07 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-06-16 20:56 - 2016-06-16 21:07 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-06-16 20:56 - 2016-06-16 21:06 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-06-16 20:56 - 2016-06-16 21:06 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-06-16 20:56 - 2016-06-16 21:06 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-06-16 20:56 - 2016-06-16 21:06 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-06-16 20:56 - 2016-06-16 21:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-06-16 20:56 - 2016-06-16 21:06 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-06-16 20:56 - 2016-06-16 21:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-06-16 20:56 - 2016-06-16 21:06 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-06-16 20:56 - 2016-06-16 21:06 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-06-16 20:56 - 2016-06-16 21:06 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-06-16 20:56 - 2016-06-16 21:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-06-16 20:56 - 2016-06-16 21:06 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-06-16 20:56 - 2016-06-16 21:05 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-06-16 20:56 - 2016-06-16 21:04 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-06-16 20:56 - 2016-06-16 21:04 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-06-16 20:56 - 2016-06-16 21:04 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-06-16 20:56 - 2016-06-16 21:04 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-06-16 20:56 - 2016-06-16 21:04 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-06-16 20:54 - 2016-06-16 21:00 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-06-16 20:54 - 2016-06-16 21:00 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-06-16 20:53 - 2016-06-16 21:02 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-06-16 20:53 - 2016-06-16 21:02 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 25802752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 20341248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 15420928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 13815808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 04610048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-06-16 20:53 - 2016-06-16 21:00 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-06-16 20:53 - 2016-06-16 21:00 - 02597888 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-06-16 20:53 - 2016-06-16 21:00 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-06-16 20:53 - 2016-06-16 21:00 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-06-16 20:53 - 2016-06-16 21:00 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-06-16 20:53 - 2016-06-16 21:00 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-06-16 20:53 - 2016-06-16 21:00 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00394960 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-06-16 20:53 - 2016-06-16 21:00 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-06-16 20:53 - 2016-06-16 21:00 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-06-16 20:53 - 2016-06-16 21:00 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-06-16 20:53 - 2016-06-16 21:00 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-06-16 20:53 - 2016-06-16 21:00 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-06-16 20:50 - 2016-06-16 20:50 - 09717952 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-14 21:56 - 2016-06-14 21:56 - 00001137 ____C C:\Users\Cheeves\Desktop\nativelog.txt
2016-06-13 15:43 - 2016-06-13 15:43 - 01184680 ____C C:\Users\Dustin\Downloads\Stacy's Wolves Mod Installer 1.7.10.exe
2016-06-13 15:32 - 2016-06-13 15:32 - 02879775 ____C C:\Users\Dustin\Desktop\MCA-1.9-5.1.2-BETA-universal.jar
2016-06-13 15:32 - 2016-06-13 15:32 - 00153641 ____C C:\Users\Dustin\Desktop\RadixCore-1.9-2.1.0-BETA-universal.jar
2016-06-13 15:31 - 2016-06-13 15:31 - 01188264 ____C C:\Users\Dustin\Downloads\MCA Mod Installer 1.9.exe
2016-06-11 16:31 - 2016-06-11 17:10 - 00000000 ___DC C:\Users\Cheeves\Desktop\Log Plotting Application
2016-06-11 16:28 - 2016-06-11 16:28 - 00163910 ____C C:\Users\Cheeves\Downloads\LogPlottingApplication (1).zip
2016-06-11 16:27 - 2016-06-11 16:27 - 00163910 ____C C:\Users\Cheeves\Downloads\LogPlottingApplication.zip
2016-06-11 16:22 - 2016-06-11 16:26 - 00000000 ___DC C:\Users\Cheeves\Downloads\Scaling
2016-06-11 16:19 - 2016-06-11 16:19 - 00324416 ____C (Ross-Tech/Eric Maurier/Rich Herzog) C:\Users\Cheeves\Downloads\VCScope (1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-10 19:55 - 2013-09-12 19:24 - 03860298 ____C C:\windows\ntbtlog.txt
2016-07-10 19:44 - 2014-10-30 19:51 - 00192216 ____C (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-10 13:50 - 2012-04-18 16:50 - 00000830 ____C C:\windows\Tasks\Adobe Flash Player Updater.job
2016-07-10 13:49 - 2012-06-04 21:01 - 00000894 ____C C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-10 13:49 - 2012-01-14 17:27 - 00000000 ___DC C:\Temp
2016-07-10 13:44 - 2009-07-14 01:08 - 00000006 ___HC C:\windows\Tasks\SA.DAT
2016-07-10 03:08 - 2012-01-10 22:01 - 00000000 ___DC C:\ProgramData\Malwarebytes
2016-07-09 23:39 - 2009-07-13 23:20 - 00000000 ___DC C:\windows\Web
2016-07-09 22:50 - 2011-12-01 13:48 - 00000000 ___DC C:\Users\Cheeves
2016-07-09 21:19 - 2009-07-14 00:45 - 00024608 ___HC C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-09 21:19 - 2009-07-14 00:45 - 00024608 ___HC C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-09 21:06 - 2012-01-07 13:45 - 00000000 ___DC C:\Users\Cheeves\AppData\LocalLow\Yahoo!
2016-07-09 21:06 - 2012-01-07 13:45 - 00000000 ___DC C:\Program Files (x86)\Yahoo!
2016-07-09 19:28 - 2011-12-17 22:55 - 00000000 ___DC C:\Users\Cheeves\AppData\Local\CrashDumps
2016-07-09 19:11 - 2012-10-02 10:22 - 00000000 ___DC C:\Users\Cheeves\AppData\Local\ElevatedDiagnostics
2016-07-09 19:01 - 2013-01-18 22:44 - 00007624 ____C C:\Users\Cheeves\AppData\Local\Resmon.ResmonCfg
2016-07-09 17:56 - 2009-07-13 23:20 - 00000000 ___DC C:\windows\system32\NDF
2016-07-09 11:39 - 2012-06-04 21:01 - 00000898 ____C C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-08 19:34 - 2015-04-19 17:18 - 00000000 ___DC C:\Users\Cheeves\Documents\Outlook
2016-07-07 19:16 - 2015-05-28 17:00 - 00000000 ___DC C:\Users\Dustin\AppData\Local\Greenshot
2016-07-07 17:39 - 2012-09-05 11:19 - 00000000 ___DC C:\ProgramData\TEMP
2016-07-01 18:31 - 2015-09-11 18:51 - 00001136 ____C C:\Users\Dustin\Desktop\nativelog.txt
2016-07-01 18:30 - 2015-05-28 17:21 - 00000000 ___DC C:\Users\Dustin\AppData\Roaming\.minecraft
2016-07-01 17:43 - 2015-07-23 21:03 - 00000000 ___DC C:\Program Files (x86)\Minecraft
2016-06-28 10:41 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2016-06-27 20:58 - 2013-03-13 03:01 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2016-06-27 20:58 - 2013-03-13 03:01 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2016-06-27 20:52 - 2013-03-13 03:02 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-27 09:28 - 2015-11-05 22:04 - 00000000 ___DC C:\Users\Cheeves\AppData\LocalLow\Adblock Plus for IE
2016-06-25 21:15 - 2015-04-18 16:32 - 00000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft
2016-06-25 21:13 - 2013-12-13 10:28 - 00000000 ___DC C:\Program Files\Microsoft Office 15
2016-06-17 18:42 - 2015-08-15 17:08 - 00002166 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 18:42 - 2015-08-15 17:08 - 00002154 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 17:34 - 2013-06-06 16:41 - 00000000 ___DC C:\Users\Cheeves\AppData\Local\Downloaded Installations
2016-06-17 17:34 - 2013-06-06 16:41 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCT
2016-06-17 17:34 - 2009-07-13 23:20 - 00000000 ___DC C:\windows\inf
2016-06-17 17:32 - 2012-10-04 09:10 - 00000000 ___DC C:\Users\Cheeves\Documents\SCT Programmer
2016-06-16 22:06 - 2009-07-14 00:45 - 00444480 ____C C:\windows\system32\FNTCACHE.DAT
2016-06-16 21:28 - 2013-07-23 03:00 - 00000000 ___DC C:\windows\system32\MRT
2016-06-16 21:09 - 2011-12-02 07:16 - 142482544 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-06-16 20:50 - 2012-04-18 16:50 - 00796352 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 20:50 - 2012-04-18 16:50 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 20:50 - 2011-08-01 03:32 - 00142528 ____C (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-05-12 12:11 - 2012-05-12 12:13 - 0002455 ____C () C:\Users\Cheeves\AppData\Roaming\hamster_installer_log.txt
2013-01-11 15:13 - 2013-01-11 15:13 - 0022464 ____C (Intel Corporation) C:\Users\Cheeves\AppData\Roaming\JomCap.dll
2014-04-01 07:57 - 2015-05-10 20:52 - 0002115 ____C () C:\Users\Cheeves\AppData\Roaming\SAS7_000.DAT
2015-04-13 20:06 - 2015-04-13 20:06 - 0003584 ____C () C:\Users\Cheeves\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-12 12:13 - 2012-05-12 12:13 - 0000393 ____C () C:\Users\Cheeves\AppData\Local\HamsterVideoConverterSettings.cfg
2014-08-10 22:08 - 2014-08-10 22:08 - 0000874 ____C () C:\Users\Cheeves\AppData\Local\recently-used.xbel
2013-01-18 22:44 - 2016-07-09 19:01 - 0007624 ____C () C:\Users\Cheeves\AppData\Local\Resmon.ResmonCfg
2014-02-06 11:25 - 2014-02-06 11:25 - 0000040 __SHC () C:\ProgramData\.zreglib

Files to move or delete:
====================
C:\Users\Cheeves\RKX64.exe


Some files in TEMP:
====================
C:\Users\Cheeves\AppData\Local\Temp\mpegc.dll
C:\Users\Cheeves\AppData\Local\Temp\Office Setup.x64.en-US_ProPlusRetail_TNM7P-JFBY2-8VDV8-7Y238-GVGXQ_TX_PR_act_1_.exe
C:\Users\Cheeves\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Cheeves\AppData\Local\Temp\setup32.exe
C:\Users\Cheeves\AppData\Local\Temp\setup64.exe
C:\Users\Dustin\AppData\Local\Temp\avguirn_081547730624.exe
C:\Users\Dustin\AppData\Local\Temp\avguirn_081555004944.exe
C:\Users\Dustin\AppData\Local\Temp\avguirn_081839232750.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-07 18:06

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2016 01
Ran by Cheeves (2016-07-10 19:55:54)
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-01 17:48:05)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2379502647-2149887776-3136232148-500 - Administrator - Disabled)
Cheeves (S-1-5-21-2379502647-2149887776-3136232148-1000 - Administrator - Enabled) => C:\Users\Cheeves
Duncan (S-1-5-21-2379502647-2149887776-3136232148-1059 - Limited - Enabled) => C:\Users\Duncan
Dustin (S-1-5-21-2379502647-2149887776-3136232148-1060 - Limited - Enabled) => C:\Users\Dustin
Ernie (S-1-5-21-2379502647-2149887776-3136232148-1052 - Administrator - Enabled) => C:\Users\Ernie
Guest (S-1-5-21-2379502647-2149887776-3136232148-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2379502647-2149887776-3136232148-1061 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazing Adventures The Lost Tomb 1.0.0.5 (HKLM-x32\...\Amazing Adventures The Lost Tomb 1.0.0.5) (Version: 1.0.0.5 - PopCap Games)
Amazon Cloud Player (HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\Amazon Amazon Cloud Player) (Version: 1.1.0.332 - Amazon Services LLC)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.83 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.3 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chicken Hunter (remove only) (HKLM-x32\...\Chicken Hunter) (Version: - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.2.51 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
DeNoise 2.7.1 and DeNoiseLF 2.7.1 (HKLM-x32\...\DeNoise_is1) (Version: - Caloundra Audio Restoration)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
EaseUS Todo Backup Free 6.0 (HKLM-x32\...\EaseUS Todo Backup Free 6.0_is1) (Version: 6.0 - CHENGDU YIWO Tech Development Co., Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoPro App (x32 Version: 5.7.549 - GoPro, Inc.) Hidden
GoPro Studio 2.5.7 (HKLM-x32\...\{b996dca2-156c-4d2c-b9a3-59fac08cef33}) (Version: 2.5.7.549 - GoPro, Inc.)
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Intel® Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1213 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LP Recorder (HKLM-x32\...\LP Recorder) (Version: - )
LP Ripper (HKLM-x32\...\LP Ripper) (Version: - )
MakeMKV v1.9.0 (HKLM-x32\...\MakeMKV) (Version: v1.9.0 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.28 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 1.0.40 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyDriveConnect 4.0.7.2442 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.7.2442 - TomTom)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.18.00 - NETGEAR Inc.)
NETGEAR USB Control Center (HKLM-x32\...\{4528B812-FF2C-4E3A-A9EA-1ECB483BF03A}) (Version: 1.32 - NETGEAR)
Nuance PDF Viewer Plus (HKLM-x32\...\{EC00862A-C16F-4ED0-BC06-34538512E730}) (Version: 5.30.3296 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PeaZip 4.3 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
RSA SecurID Software Token (HKLM-x32\...\{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}) (Version: 4.1.0 - RSA, The Security Division of EMC)
Scansoft PDF Professional (x32 Version: - ) Hidden
SCT Device Updater (HKLM-x32\...\{1E05E69C-38E3-40A8-96BA-07900EE62F4F}) (Version: 2.9.16049.1 - SCT)
SCTDriversV1011x64 (HKLM\...\{8210330D-4DDA-4356-9941-3B19F8E8A15C}) (Version: 11.0.0 - SCT Performance LLC)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
TwistedBrush Pro Studio (HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\TwistedBrush Pro Studio) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VCDS Release 11.11.6 (HKLM-x32\...\VCDS Release 11.11) (Version: 11.11.6 - Ross-Tech)
VCDS Release 12.12.3 (HKLM-x32\...\VCDS Release 12.12) (Version: 12.12.3 - Ross-Tech)
VCDS Release 15.7.4 (HKLM-x32\...\VCDS Release) (Version: 15.7.4 - Ross-Tech)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Wave Corrector DeClick version 1.1 (HKLM-x32\...\Wave Corrector DeClick_is1) (Version: - )
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\88B02C4BD09AA7910C55C4E74BE8F036244B5CF9) (Version: 05/12/2014 2.10.00 - Ross-Tech)
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
Wondershare Video Editor(Build 5.0.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11BCD50A-6FD4-4097-93E7-C821EEBA145F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {173ABA29-CDEF-4D44-993E-A6137FE7EDDF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {21D7D68C-7108-406A-9BAB-A3EE4D1F752C} - System32\Tasks\{34AF7E4F-ADE4-46CB-8185-2F2277703371} => pcalua.exe -a D:\InstMenu.exe -d D:\
Task: {2DF5742B-34E2-4817-BACA-C982B5F506D4} - System32\Tasks\SmartDefrag_Schedule => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {368A71A7-1A90-4EC1-BC5D-2A10DFADD0B6} - System32\Tasks\{CB9BF6D6-17BE-4A52-9291-8B44690FD7A6} => pcalua.exe -a D:\Autorun.exe -d D:\
Task: {3A6E09E4-640D-4B9E-826B-D4420CC8A344} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {660F307B-34FC-46AE-8A2F-128728F2D07D} - System32\Tasks\{058EE504-66B4-45EB-A40F-15CA63551332} => pcalua.exe -a C:\Users\Cheeves\Downloads\forge-1.7.2-10.12.2.1121-installer-win.exe -d C:\Users\Cheeves\Downloads
Task: {784C523D-4592-4665-974C-96AB82FB2993} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {80CD8103-66A1-4424-B855-AA5238D3FF81} - System32\Tasks\{D21A5839-2707-40ED-A827-AF18EB36FD38} => pcalua.exe -a "C:\Users\Cheeves\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ENM5AHMH\JavaSetup8u91.exe" -d C:\Users\Cheeves\Desktop
Task: {81007649-FD26-4584-9CFD-0C6D65C1968D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {874687AE-F4D7-4E46-906C-13497FE653A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8E0EF54F-9E86-4013-954F-7766D976FC12} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {95133ABA-CE77-460F-8606-9D03D1B0F3E9} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {99D7A231-C741-4E26-A506-F08BD032D35E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9B9E3848-AD31-410F-B018-A2B59757CBE9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {A25DC06A-0740-4C32-84A9-2A0177C1980E} - System32\Tasks\{75579C02-F779-4BDF-B2F3-01A5AC697BE2} => pcalua.exe -a C:\Users\Cheeves\Downloads\MTUGetLame.exe -d C:\Users\Cheeves\Desktop
Task: {A50DA382-6618-46C9-AFA8-2682E7692674} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {A8D35A08-8D61-4E19-BB18-9BE7C7A354C9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {B06A7AF6-977F-4E03-B008-DBF3D8F8A33D} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {CFED0911-4927-4E5F-85C9-91653EE36087} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 04:37 - 2015-09-01 12:04 - 08901184 ____C () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-03-29 21:31 - 2016-03-29 21:31 - 00712288 ____C () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerInstaller.exe:BDU [0]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [278]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [247]
AlternateDataStreams: C:\ProgramData\TEMP:F8B88761 [173]
AlternateDataStreams: C:\Users\Cheeves\Downloads\mbar-1.09.3.1001.exe:BDU [0]
AlternateDataStreams: C:\Users\Cheeves\Downloads\never10.exe:BDU [0]
AlternateDataStreams: C:\Users\Cheeves\Downloads\SCTDeviceUpdater.exe:BDU [0]
AlternateDataStreams: C:\Users\Cheeves\Downloads\VCDS-Release-15.7.4-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Cheeves\Downloads\VCScope (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Dustin\Downloads\Lucky Block Mod Installer 1.7.10 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Dustin\Downloads\Lucky Block Mod Installer 1.7.10.exe:BDU [0]
AlternateDataStreams: C:\Users\Dustin\Downloads\Lucky Block Mod Installer 1.9.exe:BDU [0]
AlternateDataStreams: C:\Users\Dustin\Downloads\MCA Mod Installer 1.9.exe:BDU [0]
AlternateDataStreams: C:\Users\Dustin\Downloads\Stacy's Wolves Mod Installer 1.7.10.exe:BDU [0]
AlternateDataStreams: C:\Users\Dustin\Downloads\Stefinus 3D Guns Mod Installer 1.7.10.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-06-28 11:30 - 2015-10-05 14:51 - 00000052 RASHC C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cheeves\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GoPro Importer.lnk => C:\windows\pss\GoPro Importer.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
MSCONFIG\startupreg: Amazon Cloud Player => C:\Users\Cheeves\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BYRUA_AGENT => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start
MSCONFIG\startupreg: GoPro Studio Importer => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MyDriveConnect.exe => "C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe"
MSCONFIG\startupreg: NETGEAR USB Control Center =>
MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
MSCONFIG\startupreg: PDF5 Registry Controller => c:\program files (x86)\dell printers\dell 1355 multifunction color printer\pdfviewer\registrycontroller.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe
MSCONFIG\startupreg: QuickTime Task => "c:\program files (x86)\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TCrdMain => %programfiles%\toshiba\flashcards\tcrdmain.exe
MSCONFIG\startupreg: ToshibaAppPlace => c:\program files (x86)\toshiba\toshiba app place\toshibaappplace.exe
MSCONFIG\startupreg: TosNC => %programfiles%\toshiba\bulletinboard\tosnccore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %programfiles%\toshiba\reeltime\tosreeltimemonitor.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Xvid => c:\program files (x86)\xvid\checkupdate.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0736BB08-FE89-43DE-BA41-0E6403E6505B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BCECD817-1320-463F-BA21-E50C4293C61B}] => (Allow) LPort=2869
FirewallRules: [{9BE0B886-70FD-44E2-B6DE-8A626E585D91}] => (Allow) LPort=1900
FirewallRules: [{704859E0-645A-4D1C-AB72-CD5211475087}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9A5730A8-029E-4B01-AF32-9B2FD1E73FBA}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2E8C40E1-7EAF-463D-82C8-6B4D84CD9133}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{CB0F0705-6EB3-488E-8363-213CFB1EB5B0}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [TCP Query User{CC429E61-1A50-49CB-B08F-0C8C0A1CE1FF}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{FB2F7B47-9CB5-4830-B3A0-8AA99EA8F9B8}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{BE88674B-1FD4-4CA7-A352-F9A66CD2AF11}C:\users\cheeves\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cheeves\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4F3CA57B-8DF1-44C6-8BB9-030252DFBC63}C:\users\cheeves\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cheeves\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{B739F824-6A83-412E-B571-171D6BD333FE}C:\users\cheeves\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\cheeves\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E48A3673-2033-417B-A85E-081CC17E9C2A}C:\users\cheeves\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\cheeves\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{63980264-6875-4BA3-A982-78D814A84C44}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{CD6BF3C2-3935-4786-9ACA-39E4B606175C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{D6B2A849-BEFC-4ACC-9857-C15564C10CBE}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
FirewallRules: [{70224D57-7D2B-43C6-BD0C-36EA948BE256}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
FirewallRules: [{0AEDA11D-953F-457D-8147-8975E35D9EAD}] => (Allow) LPort=7423
FirewallRules: [TCP Query User{BFAA0470-6118-4BDD-BB4F-C94A1533A345}C:\program files (x86)\netgear\usb control center\control center.exe] => (Allow) C:\program files (x86)\netgear\usb control center\control center.exe
FirewallRules: [UDP Query User{813E1F96-FDD1-4CCB-A401-677A5F4C02A8}C:\program files (x86)\netgear\usb control center\control center.exe] => (Allow) C:\program files (x86)\netgear\usb control center\control center.exe
FirewallRules: [TCP Query User{0EB70666-4AD9-425B-9417-91CB3A48094B}C:\users\cheeves\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\cheeves\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{8CDE3E15-6831-4829-ABCE-608C691F9713}C:\users\cheeves\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\cheeves\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{0497A972-83EC-4992-B702-78E201E6FF5E}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{58B9A33F-AEDD-4F2F-8957-48CA237F74D5}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{67FD57BE-95C1-4537-8345-258A8FFBD4D7}] => (Allow) F:\Todo Backup\bin\Agent.exe
FirewallRules: [{351A7312-4E10-449F-A3EB-44576DAA5EF0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{D3CDC702-DCCE-46F1-88BB-F10F46ED0AAA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{352CD174-D424-4F95-8ACD-FB432AD2EB2D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{2A7888FB-80A3-4EB5-8CCD-AA31F956F6EF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [TCP Query User{170ED261-6C70-4E51-A847-BDA9B2102D92}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{09A45F0B-CF56-41E7-98A1-94E53EBAAA31}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{43224ABA-9415-462F-BFB2-0906DE0A56D5}] => (Allow) LPort=51001
FirewallRules: [{6514671F-D55B-4F9D-AA6F-DAC4B466A060}] => (Allow) C:\Users\Cheeves\AppData\Local\Temp\nsv1E21.tmp\CnetInstaller-75974744.exe
FirewallRules: [{EABC82D0-7E76-4AC0-9021-0EBE7B05C93C}] => (Allow) C:\Users\Cheeves\AppData\Local\Temp\nsv1E21.tmp\CnetInstaller-75974744.exe
FirewallRules: [{4034B54A-16BA-4238-8E8E-5EC844D32F09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{52B7AA9E-6E40-4A98-8860-7211550E072B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{14F871C8-B697-493B-B482-6AB50CE5DDD7}C:\program files (x86)\makemkv\makemkvcon64.exe] => (Allow) C:\program files (x86)\makemkv\makemkvcon64.exe
FirewallRules: [UDP Query User{E668BA1E-7CA7-4961-8EB5-ED0BBB6B0877}C:\program files (x86)\makemkv\makemkvcon64.exe] => (Allow) C:\program files (x86)\makemkv\makemkvcon64.exe
FirewallRules: [TCP Query User{D76E4A6C-0842-42F7-9C1C-F03E455FDFC8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{389A8EDE-812A-4C63-A66B-94010984DCB5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{044690B8-E58B-433F-BEC5-F48CFFD38B1E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{1571218E-1835-49BC-880D-847659ADB91C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E383D00D-9E03-4788-AF0C-94A04427E09C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{7857E87F-F6BA-441B-94FD-967649E43ECF}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{18DC3FA5-7253-4996-8F81-CC897F79E62D}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{10D9AF93-163F-4B15-8C52-59A519A97FBA}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{229572D4-FE63-4DB5-B29C-8F6211B79D7D}] => (Allow) C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe
FirewallRules: [{90A3BBE3-434B-48B1-8893-2BF829DBCDD5}] => (Allow) F:\Todo Backup\bin\Agent.exe
FirewallRules: [{A5BAE2BB-B835-4C83-A0A7-F8012A9E4EED}] => (Allow) F:\Todo Backup\bin\Agent.exe
FirewallRules: [TCP Query User{4E49F260-6809-4D6D-A1BA-65A2167988A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5E9003B7-3127-4F10-B81A-835E997F91FA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1E6C0FEA-6566-4136-A062-1CBB58697E96}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F559ACF8-A494-4820-B4A7-AA2F94612B0B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{FF4CF425-C0BE-4120-ACD5-5A8182AFBE78}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{42875326-2B7A-4873-BFB1-7E4B57F684DC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D5DCB006-D1C5-46B5-AB0C-58E0B3F71E9F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{6690CDF6-47DD-4583-95F2-5F87DD68B566}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E6BFDA0E-1388-412E-9DC0-98F8C9D20462}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{24070F1A-B766-413B-BF91-AEDC254B46E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62D79B59-8D1A-47B9-AE5C-A2EBF4CBE4E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{02D68808-67CF-4000-9991-8CA17D422C36}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6EF2AFF0-B674-4F6F-9A1B-72E7A5951A37}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1411354C-C05B-48CD-87E5-7EA4B6066DA6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{41A94988-2455-4A31-9F95-B7358F8FC91C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0782147B-5995-4F65-BCA8-81AB3CAFE771}] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6CA06B2B-2E1F-455E-BEBF-EF98B1AF0C50}] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{30599373-F10C-4664-A6CF-8DDD1927A8D0}C:\users\cheeves\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\cheeves\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3B643D15-C30D-40E6-B7AD-E3C6B43633B1}C:\users\cheeves\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\cheeves\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{61CF3E00-8D31-4AEB-A99D-D83D880FCA49}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3442166D-1DB8-4706-9145-DE6CEC8FEE2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A8064AE8-6CBA-412B-A1EC-D72343F79773}E:\adsfix_3_01.07.2016.3.exe] => (Allow) E:\adsfix_3_01.07.2016.3.exe
FirewallRules: [UDP Query User{8012CD5F-78FA-489A-B2C4-2168ADE624EB}E:\adsfix_3_01.07.2016.3.exe] => (Allow) E:\adsfix_3_01.07.2016.3.exe
StandardProfile\AuthorizedApplications: [E:\adsfix_3_01.07.2016.3.exe] => Enabled:adsfix_3_01.07.2016.3

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2016 07:43:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/10/2016 07:39:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2016 07:34:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/10/2016 07:29:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2016 05:00:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/10/2016 04:50:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2016 01:49:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/10/2016 01:44:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2016 01:40:30 PM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Unable to remove Windows Search Service indexed data for user 'S-1-5-21-2379502647-2149887776-3136232148-1022' in response to user profile deletion. Error code 0x8007043C.

This service cannot be started in Safe Mode
.

Error: (07/10/2016 12:53:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/10/2016 07:49:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/10/2016 07:44:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/10/2016 07:41:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/10/2016 07:41:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (07/10/2016 07:41:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (07/10/2016 07:40:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/10/2016 07:40:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/10/2016 07:40:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/10/2016 07:38:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/10/2016 07:38:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.



CodeIntegrity:
===================================
Date: 2016-03-02 16:20:21.040
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\batt_en3.tos\TPwSav_SMB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-02 16:20:20.790
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\batt_en3.tos\TPwSav_SMB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 15%
Total physical RAM: 6091.86 MB
Available physical RAM: 5125.23 MB
Total Virtual: 12181.9 MB
Available Virtual: 11330.6 MB

==================== Drives ================================

Drive c: (TI106234W0C) (Fixed) (Total:914.23 GB) (Free:29.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: (Cruzer) (Removable) (Total:7.47 GB) (Free:3.03 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: AD5F4B01)
Partition 1: (Active) - (Size=2.7 GB) - (Type=27)
Partition 2: (Not Active) - (Size=914.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.5 GB) - (Type=17)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: A72E81A2)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

==================== End of Addition.txt ============================

Edited by Oh My!, 13 July 2016 - 10:55 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:42 PM

Posted 13 July 2016 - 11:09 PM

Greetings Big Ern and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this by transferring the below programs to your compromised computer via USB device.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {2f4cecbd-28cb-11e4-ab92-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {572c7cdc-bc21-11e2-a3ec-047d7b058765} - D:\setup.EXE /AUTORUN
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {71aca8e4-9fac-11e5-a902-047d7b058765} - F:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {aeca2fb3-5aa0-11e3-8bc0-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {b15fe244-c8ea-11e3-b1a0-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {bc2a5400-1c0d-11e4-8a40-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {ccf279d2-b6b1-11e3-85c0-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {dd263eb6-ebb0-11e4-8320-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
C:\Program Files (x86)\IObit
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 vzandnetbus; system32\DRIVERS\lgvzandnetbus64.sys [X]
S3 vzandnetdiag; system32\DRIVERS\lgvzandnetdiag64.sys [X]
S3 vzandnetmodem; system32\DRIVERS\lgvzandnetmdm64.sys [X]
2016-07-10 03:11 - 2016-07-10 03:11 - 00000000 ___CT C:\windows\system32\lic2tmp.xml24024
C:\Users\Cheeves\RKX64.exe
C:\Users\Cheeves\AppData\Local\Temp\mpegc.dll
C:\Users\Cheeves\AppData\Local\Temp\Office Setup.x64.en-US_ProPlusRetail_TNM7P-JFBY2-8VDV8-7Y238-GVGXQ_TX_PR_act_1_.exe
C:\Users\Cheeves\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Cheeves\AppData\Local\Temp\setup32.exe
C:\Users\Cheeves\AppData\Local\Temp\setup64.exe
C:\Users\Dustin\AppData\Local\Temp\avguirn_081547730624.exe
C:\Users\Dustin\AppData\Local\Temp\avguirn_081555004944.exe
C:\Users\Dustin\AppData\Local\Temp\avguirn_081839232750.exe
Task: {21D7D68C-7108-406A-9BAB-A3EE4D1F752C} - System32\Tasks\{34AF7E4F-ADE4-46CB-8185-2F2277703371} => pcalua.exe -a D:\InstMenu.exe -d D:\
Task: {2DF5742B-34E2-4817-BACA-C982B5F506D4} - System32\Tasks\SmartDefrag_Schedule => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {368A71A7-1A90-4EC1-BC5D-2A10DFADD0B6} - System32\Tasks\{CB9BF6D6-17BE-4A52-9291-8B44690FD7A6} => pcalua.exe -a D:\Autorun.exe -d D:\
Task: {A50DA382-6618-46C9-AFA8-2682E7692674} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [278]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [247]
AlternateDataStreams: C:\ProgramData\TEMP:F8B88761 [173]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Adware Removal Tool by TSA

--------------------
  • Please download Adware Removal Tool and save it to your Desktop.
  • Right click on the icon and select Run as administrator.
  • Select: Yes, I agree.
  • Click Scan.
  • If objects are found, click OK.
  • Review the log and uncheck any items you want to keep (somewhat uncommon).
  • Click Clean.
  • If requested, click OK to close any open browsers.
  • Click OK after the cleaning process has Successfully Finished.
  • Click Save this Result and save the file to your Desktop asART.txt.
  • Confirm the file was successfully saved.
  • Click Finished, then close the browser that will open.
  • Copy and paste ART.txt
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • MTB.txt
  • FSS.txt
  • ART.txt
  • AdwCleaner log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:02:42 AM

Posted 14 July 2016 - 07:53 AM

Hello Gary,

 

My name is Ernie.

Thank you for helping me with my problem(s)...

 

When it was time to run Adware removal tool, I failed to right click and run as administrator. Realized that soon as I clicked it. Sorry. 

It didn't run, only briefly flashed, so I tried to run as admin and I only got a brief flash again.

 

Please advise...



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:42 PM

Posted 14 July 2016 - 08:04 AM

Greetings Ernie.

Thanks for pausing to check. Delete the AdwCleaner program and download another version. If it doesn't run don't worry about it, we have other programs available if we need to do further work on adware.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:02:42 AM

Posted 14 July 2016 - 08:19 AM

Gary, 

It was the Adware removal tool by TSA that didn't run properly. I had not gotten to the Adwcleaner step yet.

 

could you please clarify which program I should delete and download another version of?

 

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:42 PM

Posted 14 July 2016 - 08:22 AM


Skip the Adware Removal Tool and just run AdwCleaner.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:02:42 AM

Posted 14 July 2016 - 08:52 AM

Gary, 

 

Adwcleaner said there was no malicious programs found. I did not get the pending message so i saved a logfile first and then hit clean.

 

The computer rebooted and was hanging up as usual and I could not access the log file that it created. So I rebooted to safe mode and have included the logfile it created before the clean.

 

I am going to boot normally and see how the computer behaves for a longer period of time...

 

Here are the logs that I have:

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-07-2016 02
Ran by Cheeves (2016-07-14 08:27:27) Run:1
Running from C:\Users\Cheeves\Desktop
Loaded Profiles: Cheeves (Available Profiles: Cheeves & Ernie & Duncan & Dustin)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {2f4cecbd-28cb-11e4-ab92-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {572c7cdc-bc21-11e2-a3ec-047d7b058765} - D:\setup.EXE /AUTORUN
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {71aca8e4-9fac-11e5-a902-047d7b058765} - F:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {aeca2fb3-5aa0-11e3-8bc0-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {b15fe244-c8ea-11e3-b1a0-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {bc2a5400-1c0d-11e4-8a40-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {ccf279d2-b6b1-11e3-85c0-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\...\MountPoints2: {dd263eb6-ebb0-11e4-8320-047d7b058765} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
C:\Program Files (x86)\IObit
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 vzandnetbus; system32\DRIVERS\lgvzandnetbus64.sys [X]
S3 vzandnetdiag; system32\DRIVERS\lgvzandnetdiag64.sys [X]
S3 vzandnetmodem; system32\DRIVERS\lgvzandnetmdm64.sys [X]
2016-07-10 03:11 - 2016-07-10 03:11 - 00000000 ___CT C:\windows\system32\lic2tmp.xml24024
C:\Users\Cheeves\RKX64.exe
C:\Users\Cheeves\AppData\Local\Temp\mpegc.dll
C:\Users\Cheeves\AppData\Local\Temp\Office Setup.x64.en-US_ProPlusRetail_TNM7P-JFBY2-8VDV8-7Y238-GVGXQ_TX_PR_act_1_.exe
C:\Users\Cheeves\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Cheeves\AppData\Local\Temp\setup32.exe
C:\Users\Cheeves\AppData\Local\Temp\setup64.exe
C:\Users\Dustin\AppData\Local\Temp\avguirn_081547730624.exe
C:\Users\Dustin\AppData\Local\Temp\avguirn_081555004944.exe
C:\Users\Dustin\AppData\Local\Temp\avguirn_081839232750.exe
Task: {21D7D68C-7108-406A-9BAB-A3EE4D1F752C} - System32\Tasks\{34AF7E4F-ADE4-46CB-8185-2F2277703371} => pcalua.exe -a D:\InstMenu.exe -d D:\
Task: {2DF5742B-34E2-4817-BACA-C982B5F506D4} - System32\Tasks\SmartDefrag_Schedule => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {368A71A7-1A90-4EC1-BC5D-2A10DFADD0B6} - System32\Tasks\{CB9BF6D6-17BE-4A52-9291-8B44690FD7A6} => pcalua.exe -a D:\Autorun.exe -d D:\
Task: {A50DA382-6618-46C9-AFA8-2682E7692674} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
AlternateDataStreams: C:\ProgramData\TEMP:054203E4 [278]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [247]
AlternateDataStreams: C:\ProgramData\TEMP:F8B88761 [173]
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
"HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f4cecbd-28cb-11e4-ab92-047d7b058765}" => key removed successfully
HKCR\CLSID\{2f4cecbd-28cb-11e4-ab92-047d7b058765} => key not found. 
"HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{572c7cdc-bc21-11e2-a3ec-047d7b058765}" => key removed successfully
HKCR\CLSID\{572c7cdc-bc21-11e2-a3ec-047d7b058765} => key not found. 
"HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71aca8e4-9fac-11e5-a902-047d7b058765}" => key removed successfully
HKCR\CLSID\{71aca8e4-9fac-11e5-a902-047d7b058765} => key not found. 
"HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aeca2fb3-5aa0-11e3-8bc0-047d7b058765}" => key removed successfully
HKCR\CLSID\{aeca2fb3-5aa0-11e3-8bc0-047d7b058765} => key not found. 
"HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b15fe244-c8ea-11e3-b1a0-047d7b058765}" => key removed successfully
HKCR\CLSID\{b15fe244-c8ea-11e3-b1a0-047d7b058765} => key not found. 
"HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc2a5400-1c0d-11e4-8a40-047d7b058765}" => key removed successfully
HKCR\CLSID\{bc2a5400-1c0d-11e4-8a40-047d7b058765} => key not found. 
"HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccf279d2-b6b1-11e3-85c0-047d7b058765}" => key removed successfully
HKCR\CLSID\{ccf279d2-b6b1-11e3-85c0-047d7b058765} => key not found. 
"HKU\S-1-5-21-2379502647-2149887776-3136232148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd263eb6-ebb0-11e4-8320-047d7b058765}" => key removed successfully
HKCR\CLSID\{dd263eb6-ebb0-11e4-8320-047d7b058765} => key not found. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\Program Files (x86)\IObit => moved successfully
usbbus => service removed successfully
UsbDiag => service removed successfully
USBModem => service removed successfully
vzandnetbus => service removed successfully
vzandnetdiag => service removed successfully
vzandnetmodem => service removed successfully
C:\windows\system32\lic2tmp.xml24024 => moved successfully
C:\Users\Cheeves\RKX64.exe => moved successfully
C:\Users\Cheeves\AppData\Local\Temp\mpegc.dll => moved successfully
C:\Users\Cheeves\AppData\Local\Temp\Office Setup.x64.en-US_ProPlusRetail_TNM7P-JFBY2-8VDV8-7Y238-GVGXQ_TX_PR_act_1_.exe => moved successfully
C:\Users\Cheeves\AppData\Local\Temp\OfficeSetup.exe => moved successfully
C:\Users\Cheeves\AppData\Local\Temp\setup32.exe => moved successfully
C:\Users\Cheeves\AppData\Local\Temp\setup64.exe => moved successfully
C:\Users\Dustin\AppData\Local\Temp\avguirn_081547730624.exe => moved successfully
C:\Users\Dustin\AppData\Local\Temp\avguirn_081555004944.exe => moved successfully
C:\Users\Dustin\AppData\Local\Temp\avguirn_081839232750.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21D7D68C-7108-406A-9BAB-A3EE4D1F752C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21D7D68C-7108-406A-9BAB-A3EE4D1F752C}" => key removed successfully
C:\windows\System32\Tasks\{34AF7E4F-ADE4-46CB-8185-2F2277703371} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{34AF7E4F-ADE4-46CB-8185-2F2277703371}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DF5742B-34E2-4817-BACA-C982B5F506D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DF5742B-34E2-4817-BACA-C982B5F506D4}" => key removed successfully
C:\windows\System32\Tasks\SmartDefrag_Schedule => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Schedule" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{368A71A7-1A90-4EC1-BC5D-2A10DFADD0B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{368A71A7-1A90-4EC1-BC5D-2A10DFADD0B6}" => key removed successfully
C:\windows\System32\Tasks\{CB9BF6D6-17BE-4A52-9291-8B44690FD7A6} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CB9BF6D6-17BE-4A52-9291-8B44690FD7A6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A50DA382-6618-46C9-AFA8-2682E7692674}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A50DA382-6618-46C9-AFA8-2682E7692674}" => key removed successfully
C:\windows\System32\Tasks\SmartDefrag_Startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup" => key removed successfully
C:\ProgramData\TEMP => ":054203E4" ADS removed successfully.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
C:\ProgramData\TEMP => ":F8B88761" ADS removed successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 08:27:28 ====
 
 
 
 
 
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Cheeves (administrator) on 14-07-2016 at 08:36:02
Running from "C:\Users\Cheeves\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Satellite L755 Manufacturer: TOSHIBA
Boot Mode: Minimal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Laptop
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
Unable to contact IP driver. General failure. 
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
**** End of log ****
 
 
 
 
 
 
Farbar Service Scanner Version: 27-01-2016
Ran by Cheeves (administrator) on 14-07-2016 at 08:36:56
Running from "C:\Users\Cheeves\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Minimal
****************************************************************
 
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
 
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
 
Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.
 
nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.
 
tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.
 
afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.
 
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
 
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
 
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
 
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
 
 
 
# AdwCleaner v5.201 - Logfile created 14/07/2016 at 09:23:25
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-30.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Cheeves - LAPTOP
# Running from : C:\Users\Cheeves\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [4764 bytes] - [09/07/2016 21:06:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [4710 bytes] - [09/07/2016 21:02:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [788 bytes] - [14/07/2016 09:23:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [860 bytes] ##########
 
 
 
 

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:42 PM

Posted 14 July 2016 - 09:05 AM

Thanks for your work Ernie.

Please do this.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:02:42 AM

Posted 14 July 2016 - 09:42 AM

Did as you requested. Although the comp seems to be a little more responsive, it it is still pretty sluggish, bitdefender still stops, and I have no internet.

#10 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:02:42 AM

Posted 14 July 2016 - 09:49 AM

Computer just restarted on its own...upon trying to reboot, a message came up no bootable device-- insert disk!

I rebooted to safe mode...looks ok

Edited by Big Ern, 14 July 2016 - 09:50 AM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:42 PM

Posted 14 July 2016 - 09:55 AM

OK, I will be away for most of the day but please do the below then Uninstall Bitdefender as directed below and see if it makes a difference.

===================================================

Reversing Clean Boot State
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Normal Startup on the General tab
  • Click OK
  • When you are prompted, click Restart
===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Bitdefender Antivirus Free Edition
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:02:42 AM

Posted 14 July 2016 - 11:07 AM

Bitdefender does not show up in the list.

 

Please advise...



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:42 PM

Posted 14 July 2016 - 05:59 PM

Sorry for the delay. Please use the BitDefender Uninstall Tool.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:02:42 AM

Posted 14 July 2016 - 09:50 PM

Gary,

No problem with the delay.

 

Bitdefender uninstalled successfully with the BD removal tool.

unfortunately, I still have the same symptoms...

 

Thank you for your help thus far. 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,574 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:42 PM

Posted 14 July 2016 - 10:09 PM

Thank you.

Can you confirm you have Internet access while in Safe Mode?

Please do this.

===================================================

Running Combofix in Vista/7

--------------------
  • Please download ComboFix and save it to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouse click while the program is running or it may stall.
  • Patiently allow the program to run. At times it may appear nothing is happening
  • Copy and paste the report in your reply
  • If Combofix fails to run completely stop and let me know
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 3 times
  • Click Install
  • Click Finish then Accept
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. For additional help see here and here
  • Double click the aswMBR.exe file to run it. If requested, allow Avast to update the antivirus engine definitions
  • Leave the default settings then click Scan
  • When done, you will see Scan finished successfully. Click on Save log and save the file to your desktop
  • Copy and paste the contents of the log in your reply
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Safe Mode?
  • Combofix log
  • RogueKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users