Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow boot and web pages won't load ( Currently in Safe Mode w/ Networking)


  • This topic is locked This topic is locked
8 replies to this topic

#1 ImCynners

ImCynners

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 30 August 2016 - 01:48 PM

Hello and Thank You in advance for taking the time to help me,

 

Computer takes longer than normal to boot but the real problem occurs when I attempt to go to a website. I will wait to see if the web page will load but it doesn't. When I click the close (X) button it will turn the screen to a haze of white and say that the program is not responding. Then when I click the close (X) button again the web page appears loaded for a split second and then closes.  I have tried to open process manager by right clicking in the task bar and then clicking the process manager option and it never loads. I have also tried the Ctrl + Alt + Delete way of accessing process manager but it doesn't load either, except for 1 time but I had already clicked restart on the computer.  I am a very patient person so when I say, " I will wait " it means I waited for a half hour. 

 

The only way I was able to even get here to post this is because I am in Safe Mode with Networking. I looked at the msconfig and there are things I don't recognize but at this point my mind is so frazzled with different programs and files that I am unsure what I should keep and what I should get rid of. 

 

Below is the contents of the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
Ran by dave (administrator) on IFORGOT (30-08-2016 11:12:39)
Running from C:\Users\dave\Desktop
Loaded Profiles: dave (Available Profiles: dave)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{47830BD9-BEC2-4DD1-998E-9EB1909483A5}: [DhcpNameServer] 192.168.0.1 205.171.3.65
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://myyahoo.com/
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a2fc1ce&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3857002000-416032775-3262416880-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-05] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-05] (Oracle Corporation)
BHO-x32: Blazer Deals -> {f476f203-bdf1-443d-aea6-d7fe9c2a53c3} -> C:\Program Files (x86)\Blazer Deals\Extensions\f476f203-bdf1-443d-aea6-d7fe9c2a53c3.dll => No File
Toolbar: HKU\S-1-5-21-3857002000-416032775-3262416880-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/stg_drm.ocx
DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/armhelper.ocx
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll [2016-07-16] ()
FF Plugin HKU\S-1-5-21-3857002000-416032775-3262416880-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3857002000-416032775-3262416880-1001: @talk.google.com/O1DPlugin -> C:\Users\dave\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3857002000-416032775-3262416880-1001: @tools.google.com/Google Update;version=3 -> C:\Users\dave\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3857002000-416032775-3262416880-1001: @tools.google.com/Google Update;version=9 -> C:\Users\dave\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dave\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dave\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.myyahoo.com/"
CHR Profile: C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-06]
CHR Extension: (Google Docs) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-06]
CHR Extension: (Google Drive) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (WGT Golf Challenge) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2015-07-06]
CHR Extension: (Google Sheets) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-06]
CHR Extension: (MSN Homepage) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-07-25]
CHR Extension: (Google Docs Offline) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Yahoo Partner) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2016-08-24]
CHR Extension: (Free Texas Holdem Poker) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpefcbpnjnanfacddfaaommfheilhkdb [2015-12-24]
CHR Extension: (Space TV) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkmgodgigjnbfkbobclaaafjmldcdo [2016-01-02]
CHR Extension: (Page Structure) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl [2015-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (3D Bomb Destroyer) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehlnjpihomkdokiiafpejniofjaoom [2015-12-25]
CHR Extension: (Gmail) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-06]
CHR Extension: (Chrome Media Router) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR Extension: (ArcadeSafari) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlmmllkclondemfbkhhkkepmkcdbjdi [2016-08-24]
CHR HKU\S-1-5-21-3857002000-416032775-3262416880-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-07-16] (WildTangent)
S4 HPSLPSVC; C:\Users\dave\AppData\Local\Temp\7zS34FB\hpslpsvc64.dll [1039360 2015-07-22] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; no ImagePath
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-30 11:12 - 2016-08-30 11:12 - 00014828 _____ C:\Users\dave\Desktop\FRST.txt
2016-08-30 10:32 - 2016-08-30 10:32 - 02397696 _____ (Farbar) C:\Users\dave\Desktop\FRST64 (2).exe
2016-08-30 10:31 - 2016-08-30 10:31 - 02397696 _____ (Farbar) C:\Users\dave\Desktop\FRST64 (1).exe
2016-08-30 10:17 - 2016-08-30 11:12 - 00000000 ____D C:\FRST
2016-08-30 10:16 - 2016-08-30 10:16 - 02397696 _____ (Farbar) C:\Users\dave\Desktop\FRST64.exe
2016-08-30 09:51 - 2016-08-30 09:51 - 03826240 _____ C:\Users\dave\Downloads\AdwCleaner (1).exe
2016-08-24 21:17 - 2016-08-25 22:02 - 00000000 ____D C:\Users\dave\AppData\Roaming\Yahoo Messenger
2016-08-24 21:17 - 2016-08-24 21:17 - 00002315 _____ C:\Users\dave\Desktop\Yahoo Messenger.lnk
2016-08-24 21:17 - 2016-08-24 21:17 - 00000000 ____D C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Inc
2016-08-24 21:17 - 2016-08-24 21:17 - 00000000 ____D C:\Users\dave\AppData\Local\yahoomessenger
2016-08-24 21:17 - 2016-08-24 21:17 - 00000000 ____D C:\Users\dave\AppData\Local\SquirrelTemp
2016-08-24 15:03 - 2016-08-24 15:03 - 00000017 _____ C:\Users\dave\AppData\Local\resmon.resmoncfg
2016-08-22 21:56 - 2016-07-08 08:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-22 21:56 - 2016-07-08 08:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-22 20:00 - 2016-08-22 20:00 - 00001630 _____ C:\Users\dave\Documents\My Movie.wlmp
2016-08-22 11:54 - 2016-08-22 11:54 - 00000000 ____D C:\Users\dave\AppData\Local\YSearchUtil
2016-08-20 23:40 - 2016-08-20 23:40 - 00000164 _____ C:\Users\Public\Desktop\Monster Match.url
2016-08-15 23:49 - 2016-08-15 23:49 - 00001976 _____ C:\Users\Public\Desktop\Play Atlantis Sky Patrol.lnk
2016-08-15 23:49 - 2016-08-15 23:49 - 00001268 _____ C:\Users\Public\Desktop\More Great Games.lnk
2016-08-15 23:48 - 2016-08-15 23:49 - 00000000 ____D C:\Program Files (x86)\Atlantis Sky Patrol
2016-08-15 23:48 - 2016-08-15 23:48 - 00000000 ____D C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atlantis Sky Patrol
2016-08-15 23:48 - 2016-08-15 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlantis Sky Patrol
2016-08-15 22:20 - 2016-08-15 22:20 - 00000000 ____D C:\Users\dave\AppData\Roaming\Artifact Quest
2016-08-10 17:59 - 2016-07-08 08:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 17:59 - 2016-07-08 08:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 17:59 - 2016-07-08 08:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 17:59 - 2016-07-08 08:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 17:59 - 2016-07-08 08:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 17:59 - 2016-07-08 08:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 17:59 - 2016-07-08 07:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 17:59 - 2016-07-08 07:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 17:59 - 2016-07-08 07:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 17:59 - 2016-07-08 07:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 17:59 - 2016-07-08 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 17:59 - 2016-07-08 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 17:58 - 2016-08-02 07:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 17:58 - 2016-08-02 07:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 17:58 - 2016-08-01 23:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 17:58 - 2016-08-01 23:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 17:58 - 2016-08-01 23:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 17:58 - 2016-08-01 23:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 17:58 - 2016-08-01 23:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 17:58 - 2016-08-01 23:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 17:58 - 2016-08-01 23:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 17:58 - 2016-08-01 23:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 17:58 - 2016-08-01 23:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 17:58 - 2016-08-01 23:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 17:58 - 2016-08-01 23:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 17:58 - 2016-08-01 23:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 17:58 - 2016-08-01 23:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 17:58 - 2016-08-01 23:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 17:58 - 2016-08-01 23:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 17:58 - 2016-08-01 23:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 17:58 - 2016-08-01 23:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 17:58 - 2016-08-01 23:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 17:58 - 2016-08-01 23:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 17:58 - 2016-08-01 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 17:58 - 2016-08-01 23:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 17:58 - 2016-08-01 22:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 17:58 - 2016-08-01 22:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 17:58 - 2016-08-01 22:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 17:58 - 2016-08-01 22:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 17:58 - 2016-08-01 22:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 17:58 - 2016-08-01 22:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 17:58 - 2016-08-01 22:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 17:58 - 2016-08-01 22:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 17:58 - 2016-08-01 22:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 17:58 - 2016-08-01 22:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 17:58 - 2016-08-01 22:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 17:58 - 2016-08-01 22:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 17:58 - 2016-08-01 22:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 17:58 - 2016-08-01 22:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 17:58 - 2016-08-01 22:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 17:58 - 2016-08-01 22:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 17:58 - 2016-08-01 22:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 17:58 - 2016-08-01 22:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 17:58 - 2016-08-01 22:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 17:58 - 2016-08-01 22:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 17:58 - 2016-08-01 22:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 17:58 - 2016-08-01 22:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 17:58 - 2016-08-01 22:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 17:58 - 2016-08-01 22:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 17:58 - 2016-08-01 22:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 17:58 - 2016-08-01 22:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 17:58 - 2016-08-01 22:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 17:58 - 2016-08-01 22:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 17:58 - 2016-08-01 22:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 17:58 - 2016-08-01 22:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 17:58 - 2016-08-01 22:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 17:58 - 2016-08-01 22:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 17:58 - 2016-08-01 22:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 17:58 - 2016-08-01 22:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 17:58 - 2016-08-01 22:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 17:58 - 2016-08-01 22:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 17:58 - 2016-08-01 22:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 17:58 - 2016-08-01 22:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 17:58 - 2016-08-01 22:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 17:58 - 2016-08-01 21:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 17:58 - 2016-08-01 21:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 17:58 - 2016-08-01 21:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 17:58 - 2016-08-01 21:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 17:57 - 2016-07-08 08:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-06 20:58 - 2016-08-06 20:58 - 00000226 _____ C:\Users\Public\Desktop\Deal Or No Deal Slots.url
2016-08-02 04:50 - 2016-08-02 04:50 - 00002210 _____ C:\Users\Public\Desktop\Slingo Supreme.lnk
2016-08-02 04:50 - 2016-08-02 04:50 - 00000000 ____D C:\Users\dave\Documents\Slingo Supreme Documents
2016-08-02 04:48 - 2016-08-02 04:48 - 01242016 _____ (WildTangent) C:\Users\dave\Downloads\Setup-slingosupreme-wildgames!559cb47fb3ea46f4bca3dfcbd51897f5.exe
2016-08-02 04:37 - 2016-08-02 04:37 - 01242016 _____ (WildTangent) C:\Users\dave\Downloads\Setup-greycubes-wildgames!3b6fee4cb687403f95ed721882e310ec.exe
2016-08-02 04:33 - 2016-08-02 04:33 - 01242016 _____ (WildTangent) C:\Users\dave\Downloads\Setup-triviagems-wildgames!b29f4f4aeb8a43bbb848e1bb4681cf52.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-30 10:47 - 2015-02-05 15:48 - 00000000 ____D C:\Users\dave\AppData\Local\Google
2016-08-30 10:47 - 2009-10-28 21:56 - 00000000 ____D C:\ProgramData\Google
2016-08-30 10:47 - 2009-10-28 21:56 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-30 09:49 - 2015-03-18 07:19 - 00134238 _____ C:\Windows\ntbtlog.txt
2016-08-30 09:41 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-30 09:41 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-30 09:34 - 2015-12-12 15:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1353064596d11.job
2016-08-30 09:33 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-30 01:18 - 2016-05-21 11:14 - 00000000 ____D C:\Users\dave\AppData\Local\FullTilt.NET
2016-08-30 01:18 - 2015-02-06 05:41 - 00000000 ____D C:\Program Files (x86)\Full Tilt Poker.Net
2016-08-30 00:56 - 2016-05-10 14:31 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3857002000-416032775-3262416880-1001UA1d10b06a94dc766.job
2016-08-30 00:56 - 2015-12-12 15:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d13530647de58a.job
2016-08-30 00:52 - 2016-05-06 15:52 - 00000266 _____ C:\Windows\Tasks\{54A3EC84-7AA8-874C-CA0F-3DD4963BC0F2}.job
2016-08-26 22:00 - 2015-02-06 01:45 - 00002416 ____N C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
2016-08-26 22:00 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-26 13:56 - 2016-05-10 14:31 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3857002000-416032775-3262416880-1001Core1d10b06a91c2f5c.job
2016-08-25 22:02 - 2015-02-05 15:06 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-08-25 22:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-08-25 20:40 - 2015-02-15 22:12 - 00000000 ____D C:\ProgramData\TEMP
2016-08-24 14:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-08-22 20:20 - 2015-05-07 19:06 - 00000000 ____D C:\Users\dave\AppData\Roaming\MMFApplications
2016-08-22 20:20 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-08-22 20:20 - 2015-02-05 15:17 - 00000000 ____D C:\Users\dave
2016-08-22 20:20 - 2009-10-28 22:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-08-22 20:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing
2016-08-22 20:19 - 2016-05-04 08:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-22 20:19 - 2015-03-03 07:02 - 00000000 ____D C:\ProgramData\Oracle
2016-08-22 20:19 - 2015-03-03 07:02 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-22 20:19 - 2015-02-08 15:01 - 00000000 ____D C:\Windows\system32\Macromed
2016-08-22 20:19 - 2015-02-06 01:46 - 00000000 ____D C:\Program Files (x86)\WildGames
2016-08-22 20:19 - 2009-10-28 21:42 - 00000000 ____D C:\ProgramData\WildTangent
2016-08-22 20:19 - 2009-07-14 00:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-08-22 20:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-08-22 11:51 - 2015-08-31 08:29 - 00000000 ____D C:\Users\dave\.oracle_jre_usage
2016-08-21 14:02 - 2015-02-08 15:00 - 00000000 ____D C:\Users\dave\AppData\Local\Adobe
2016-08-16 00:27 - 2015-02-05 16:46 - 00000000 ____D C:\Users\dave\AppData\Roaming\Skype
2016-08-15 23:49 - 2015-10-01 05:27 - 00005326 _____ C:\Windows\wininit.ini
2016-08-15 23:47 - 2015-02-21 10:09 - 00000000 ____D C:\BigFishCache
2016-08-11 20:16 - 2015-12-23 16:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-11 20:16 - 2015-02-05 16:46 - 00000000 ____D C:\ProgramData\Skype
2016-08-11 08:33 - 2009-07-13 21:45 - 00338344 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-11 00:27 - 2015-02-05 16:22 - 00000000 ____D C:\Windows\system32\MRT
2016-08-11 00:21 - 2015-02-05 16:22 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 20:59 - 2015-07-06 19:17 - 00002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 20:59 - 2015-07-06 19:17 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-06 20:58 - 2016-03-12 14:49 - 00000000 ____D C:\Users\Public\Downloads\WT
2016-08-02 04:50 - 2015-02-14 00:25 - 00000000 ____D C:\Users\dave\AppData\Roaming\funkitron
2016-08-02 04:48 - 2015-09-08 11:54 - 00002500 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2016-08-02 04:43 - 2009-10-28 21:42 - 00000000 ____D C:\Program Files (x86)\Gateway Games
 
==================== Files in the root of some directories =======
 
2015-07-20 14:16 - 2015-09-08 17:45 - 0000115 _____ () C:\Users\dave\AppData\Roaming\LogFile.txt
2015-09-18 15:50 - 2015-10-20 01:12 - 0000145 _____ () C:\Users\dave\AppData\Roaming\WB.CFG
2016-08-24 15:03 - 2016-08-24 15:03 - 0000017 _____ () C:\Users\dave\AppData\Local\resmon.resmoncfg
2015-09-01 03:01 - 2015-09-01 03:01 - 0000571 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Windows\Tasks\{54A3EC84-7AA8-874C-CA0F-3DD4963BC0F2}.job
 
 
Some files in TEMP:
====================
C:\Users\dave\AppData\Local\Temp\flash1679_setup.exe
C:\Users\dave\AppData\Local\Temp\flash2758_setup.exe
C:\Users\dave\AppData\Local\Temp\flash5520_setup.exe
C:\Users\dave\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\dave\AppData\Local\Temp\skype1679_setup.exe
C:\Users\dave\AppData\Local\Temp\skype4786_setup.exe
C:\Users\dave\AppData\Local\Temp\skype7656_setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-26 12:54
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 30 August 2016 - 09:16 PM

Hi ImCynners :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina



#3 ImCynners

ImCynners
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 31 August 2016 - 01:36 AM

Hello polskamachina,

 

I appreciate and welcome your help. When I posted my request the computer was lagging for so long that I received an error message that it timed out and did not post so I tried it again and got the same result. So there is a duplicate post for me and I received an email saying that my post had been closed.  I am hoping that this is not the case.

 

I have information to add that I became aware of after posting.

 

When it seemed that I wasn't going to be able to post in safe mode I restarted the computer with a normal boot.  I opened task manager immediately because the monster in the computer usually takes a minute to wake up and everything seemed fine, UNTIL I opened a browser. The task manager reported that my 62 processes was rapidly growing. Before pressing the power button for 10 sec to get it to shut down, the processes had grown to 8164 running processes with 70% CPU and 99% physical memory.  The process that had opened thousands of times was -  javaws.exe *32 |  Java™ Webstart Launcher |  

the memory ranged from 128k to 900k.

I have turned off the computer and do not plan on turning it back on until I hear back from you.

 

Thank you again,

Imcynnners.  



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 31 August 2016 - 03:57 PM

Hi ImCynners,
 
Your topic has not been closed and I will work with you until your issues have been resolved. :)

  • Please power on your computer and boot to Safe Mode with networking.
  • Copy and paste the text below in an empty Notepad window.
  • RemoveProxy:
    Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
  • Save it to your Desktop as fixlist.txt
  • Close Notepad
  • Run FRST64 again. It should take a few seconds to update which is normal.
  • Click on the Fix button
  • If your computer needs to be restarted, let it restart.
  • When the fix is complete, a new log will be created named, Fixlog.txt
  • Please copy and paste that log into your next reply to me

Next:
 
Restart your computer and let it boot to Normal mode Note: If you see no improvement in performance and cannot perform the following steps, stop and let me know about it.

  • Run FRST64 again
  • Check the box for Addition.txt
  • Click Scan
  • When the scan has completed, please copy and paste the FRST.txt and Addition.txt logs into your next reply to me.

In summary I will need the following from you:

  • Fixlog.txt
  • FRST.txt
  • Addition.txt
  • How is your computer performing now?

Let me know if you have any questions.
 
polskamachina



#5 ImCynners

ImCynners
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 31 August 2016 - 10:14 PM

Hello polskamachina,

 

Very relieved that my post was not closed. So here are the .txt files you have requested.

 

(1.)  Fixlog.txt:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016

Ran by dave (31-08-2016 19:23:42) Run:1
Running from C:\Users\dave\Desktop
Loaded Profiles: dave (Available Profiles: dave)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
RemoveProxy:
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
*****************
 
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3857002000-416032775-3262416880-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value removed successfully
 
==== End of Fixlog 19:23:42 ====
 
 
(2.)  FRST.txt:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by dave (administrator) on IFORGOT (31-08-2016 19:36:03)
Running from C:\Users\dave\Desktop
Loaded Profiles: dave (Available Profiles: dave)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
(© 2015 Microsoft Corporation) C:\Users\dave\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [LifeCam] => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\...\Run: [Google Update] => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc.)
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\...\Run: [Chromium] => "c:\users\dave\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\...\Run: [BingSvc] => C:\Users\dave\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-23] (© 2015 Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.65
Tcpip\..\Interfaces\{47830BD9-BEC2-4DD1-998E-9EB1909483A5}: [DhcpNameServer] 192.168.0.1 205.171.3.65
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://myyahoo.com/
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0a2fc1ce&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3857002000-416032775-3262416880-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Blazer Deals -> {f476f203-bdf1-443d-aea6-d7fe9c2a53c3} -> C:\Program Files (x86)\Blazer Deals\Extensions\f476f203-bdf1-443d-aea6-d7fe9c2a53c3.dll => No File
Toolbar: HKU\S-1-5-21-3857002000-416032775-3262416880-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/stg_drm.ocx
DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Bejeweled%203/Images/armhelper.ocx
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll [2016-07-16] ()
FF Plugin HKU\S-1-5-21-3857002000-416032775-3262416880-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3857002000-416032775-3262416880-1001: @talk.google.com/O1DPlugin -> C:\Users\dave\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3857002000-416032775-3262416880-1001: @tools.google.com/Google Update;version=3 -> C:\Users\dave\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3857002000-416032775-3262416880-1001: @tools.google.com/Google Update;version=9 -> C:\Users\dave\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dave\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dave\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.myyahoo.com/"
CHR Profile: C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-06]
CHR Extension: (Google Docs) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-06]
CHR Extension: (Google Drive) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (WGT Golf Challenge) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg [2015-07-06]
CHR Extension: (Google Sheets) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-06]
CHR Extension: (MSN Homepage) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2015-07-25]
CHR Extension: (Google Docs Offline) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Yahoo Partner) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol [2016-08-24]
CHR Extension: (Free Texas Holdem Poker) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpefcbpnjnanfacddfaaommfheilhkdb [2015-12-24]
CHR Extension: (Space TV) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkmgodgigjnbfkbobclaaafjmldcdo [2016-01-02]
CHR Extension: (Page Structure) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl [2015-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (3D Bomb Destroyer) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehlnjpihomkdokiiafpejniofjaoom [2015-12-25]
CHR Extension: (Gmail) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-06]
CHR Extension: (Chrome Media Router) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-31]
CHR Extension: (ArcadeSafari) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlmmllkclondemfbkhhkkepmkcdbjdi [2016-08-24]
CHR HKU\S-1-5-21-3857002000-416032775-3262416880-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-07-16] (WildTangent)
R2 HPSLPSVC; C:\Users\dave\AppData\Local\Temp\7zS34FB\hpslpsvc64.dll [1039360 2015-07-22] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; no ImagePath
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-31 19:23 - 2016-08-31 19:23 - 00001711 _____ C:\Users\dave\Desktop\Fixlog.txt
2016-08-31 19:21 - 2016-08-31 19:36 - 00016388 _____ C:\Users\dave\Desktop\FRST.txt
2016-08-31 19:21 - 2016-08-31 19:21 - 00000000 ____D C:\Users\dave\Desktop\FRST-OlderVersion
2016-08-30 18:48 - 2016-08-30 18:49 - 00000000 ____D C:\Users\dave\Desktop\Computer fix
2016-08-30 18:42 - 2016-08-30 18:42 - 00003288 ____N C:\bootsqm.dat
2016-08-30 10:17 - 2016-08-31 19:36 - 00000000 ____D C:\FRST
2016-08-30 10:16 - 2016-08-31 19:21 - 02397696 _____ (Farbar) C:\Users\dave\Desktop\FRST64.exe
2016-08-30 09:51 - 2016-08-30 09:51 - 03826240 _____ C:\Users\dave\Downloads\AdwCleaner (1).exe
2016-08-24 21:17 - 2016-08-25 22:02 - 00000000 ____D C:\Users\dave\AppData\Roaming\Yahoo Messenger
2016-08-24 21:17 - 2016-08-24 21:17 - 00002315 _____ C:\Users\dave\Desktop\Yahoo Messenger.lnk
2016-08-24 21:17 - 2016-08-24 21:17 - 00000000 ____D C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Inc
2016-08-24 21:17 - 2016-08-24 21:17 - 00000000 ____D C:\Users\dave\AppData\Local\yahoomessenger
2016-08-24 21:17 - 2016-08-24 21:17 - 00000000 ____D C:\Users\dave\AppData\Local\SquirrelTemp
2016-08-24 15:03 - 2016-08-31 19:05 - 00007601 _____ C:\Users\dave\AppData\Local\resmon.resmoncfg
2016-08-22 21:56 - 2016-07-08 08:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-22 21:56 - 2016-07-08 08:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-22 20:00 - 2016-08-22 20:00 - 00001630 _____ C:\Users\dave\Documents\My Movie.wlmp
2016-08-22 11:54 - 2016-08-22 11:54 - 00000000 ____D C:\Users\dave\AppData\Local\YSearchUtil
2016-08-20 23:40 - 2016-08-20 23:40 - 00000164 _____ C:\Users\Public\Desktop\Monster Match.url
2016-08-15 23:49 - 2016-08-15 23:49 - 00001976 _____ C:\Users\Public\Desktop\Play Atlantis Sky Patrol.lnk
2016-08-15 23:49 - 2016-08-15 23:49 - 00001268 _____ C:\Users\Public\Desktop\More Great Games.lnk
2016-08-15 23:48 - 2016-08-15 23:49 - 00000000 ____D C:\Program Files (x86)\Atlantis Sky Patrol
2016-08-15 23:48 - 2016-08-15 23:48 - 00000000 ____D C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atlantis Sky Patrol
2016-08-15 23:48 - 2016-08-15 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlantis Sky Patrol
2016-08-15 22:20 - 2016-08-15 22:20 - 00000000 ____D C:\Users\dave\AppData\Roaming\Artifact Quest
2016-08-10 17:59 - 2016-07-08 08:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 17:59 - 2016-07-08 08:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 17:59 - 2016-07-08 08:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 17:59 - 2016-07-08 08:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 17:59 - 2016-07-08 08:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 17:59 - 2016-07-08 08:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 17:59 - 2016-07-08 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 17:59 - 2016-07-08 08:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 17:59 - 2016-07-08 07:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 17:59 - 2016-07-08 07:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 17:59 - 2016-07-08 07:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 17:59 - 2016-07-08 07:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 17:59 - 2016-07-08 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 17:59 - 2016-07-08 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 17:58 - 2016-08-02 07:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 17:58 - 2016-08-02 07:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 17:58 - 2016-08-01 23:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 17:58 - 2016-08-01 23:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 17:58 - 2016-08-01 23:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 17:58 - 2016-08-01 23:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 17:58 - 2016-08-01 23:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 17:58 - 2016-08-01 23:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 17:58 - 2016-08-01 23:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 17:58 - 2016-08-01 23:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 17:58 - 2016-08-01 23:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 17:58 - 2016-08-01 23:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 17:58 - 2016-08-01 23:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 17:58 - 2016-08-01 23:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 17:58 - 2016-08-01 23:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 17:58 - 2016-08-01 23:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 17:58 - 2016-08-01 23:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 17:58 - 2016-08-01 23:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 17:58 - 2016-08-01 23:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 17:58 - 2016-08-01 23:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 17:58 - 2016-08-01 23:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 17:58 - 2016-08-01 23:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 17:58 - 2016-08-01 23:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 17:58 - 2016-08-01 22:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 17:58 - 2016-08-01 22:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 17:58 - 2016-08-01 22:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 17:58 - 2016-08-01 22:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 17:58 - 2016-08-01 22:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 17:58 - 2016-08-01 22:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 17:58 - 2016-08-01 22:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 17:58 - 2016-08-01 22:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 17:58 - 2016-08-01 22:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 17:58 - 2016-08-01 22:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 17:58 - 2016-08-01 22:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 17:58 - 2016-08-01 22:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 17:58 - 2016-08-01 22:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 17:58 - 2016-08-01 22:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 17:58 - 2016-08-01 22:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 17:58 - 2016-08-01 22:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 17:58 - 2016-08-01 22:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 17:58 - 2016-08-01 22:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 17:58 - 2016-08-01 22:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 17:58 - 2016-08-01 22:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 17:58 - 2016-08-01 22:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 17:58 - 2016-08-01 22:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 17:58 - 2016-08-01 22:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 17:58 - 2016-08-01 22:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 17:58 - 2016-08-01 22:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 17:58 - 2016-08-01 22:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 17:58 - 2016-08-01 22:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 17:58 - 2016-08-01 22:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 17:58 - 2016-08-01 22:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 17:58 - 2016-08-01 22:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 17:58 - 2016-08-01 22:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 17:58 - 2016-08-01 22:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 17:58 - 2016-08-01 22:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 17:58 - 2016-08-01 22:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 17:58 - 2016-08-01 22:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 17:58 - 2016-08-01 22:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 17:58 - 2016-08-01 22:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 17:58 - 2016-08-01 22:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 17:58 - 2016-08-01 22:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 17:58 - 2016-08-01 21:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 17:58 - 2016-08-01 21:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 17:58 - 2016-08-01 21:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 17:58 - 2016-08-01 21:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 17:57 - 2016-07-08 08:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-06 20:58 - 2016-08-06 20:58 - 00000226 _____ C:\Users\Public\Desktop\Deal Or No Deal Slots.url
2016-08-02 04:50 - 2016-08-02 04:50 - 00002210 _____ C:\Users\Public\Desktop\Slingo Supreme.lnk
2016-08-02 04:50 - 2016-08-02 04:50 - 00000000 ____D C:\Users\dave\Documents\Slingo Supreme Documents
2016-08-02 04:48 - 2016-08-02 04:48 - 01242016 _____ (WildTangent) C:\Users\dave\Downloads\Setup-slingosupreme-wildgames!559cb47fb3ea46f4bca3dfcbd51897f5.exe
2016-08-02 04:37 - 2016-08-02 04:37 - 01242016 _____ (WildTangent) C:\Users\dave\Downloads\Setup-greycubes-wildgames!3b6fee4cb687403f95ed721882e310ec.exe
2016-08-02 04:33 - 2016-08-02 04:33 - 01242016 _____ (WildTangent) C:\Users\dave\Downloads\Setup-triviagems-wildgames!b29f4f4aeb8a43bbb848e1bb4681cf52.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-31 19:32 - 2015-12-12 15:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1353064596d11.job
2016-08-31 19:31 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 19:09 - 2015-03-18 07:19 - 00333176 _____ C:\Windows\ntbtlog.txt
2016-08-31 18:56 - 2016-05-10 14:31 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3857002000-416032775-3262416880-1001UA1d10b06a94dc766.job
2016-08-31 18:56 - 2015-12-12 15:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d13530647de58a.job
2016-08-31 18:52 - 2016-05-06 15:52 - 00000266 _____ C:\Windows\Tasks\{54A3EC84-7AA8-874C-CA0F-3DD4963BC0F2}.job
2016-08-31 13:56 - 2016-05-10 14:31 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3857002000-416032775-3262416880-1001Core1d10b06a91c2f5c.job
2016-08-31 13:51 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-31 13:51 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 13:51 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 13:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-08-31 13:46 - 2009-07-13 22:08 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-31 13:42 - 2015-03-03 07:02 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-30 11:50 - 2009-10-28 21:56 - 00000000 ____D C:\Program Files\Google
2016-08-30 11:50 - 2009-10-28 21:56 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-30 10:47 - 2015-02-05 15:48 - 00000000 ____D C:\Users\dave\AppData\Local\Google
2016-08-30 10:47 - 2009-10-28 21:56 - 00000000 ____D C:\ProgramData\Google
2016-08-30 01:18 - 2016-05-21 11:14 - 00000000 ____D C:\Users\dave\AppData\Local\FullTilt.NET
2016-08-30 01:18 - 2015-02-06 05:41 - 00000000 ____D C:\Program Files (x86)\Full Tilt Poker.Net
2016-08-26 22:00 - 2015-02-06 01:45 - 00002416 ____N C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
2016-08-26 22:00 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-25 22:02 - 2015-02-05 15:06 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-08-25 20:40 - 2015-02-15 22:12 - 00000000 ____D C:\ProgramData\TEMP
2016-08-24 14:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-08-22 20:20 - 2015-05-07 19:06 - 00000000 ____D C:\Users\dave\AppData\Roaming\MMFApplications
2016-08-22 20:20 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-08-22 20:20 - 2015-02-05 15:17 - 00000000 ____D C:\Users\dave
2016-08-22 20:20 - 2009-10-28 22:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-08-22 20:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing
2016-08-22 20:19 - 2015-03-03 07:02 - 00000000 ____D C:\ProgramData\Oracle
2016-08-22 20:19 - 2015-02-08 15:01 - 00000000 ____D C:\Windows\system32\Macromed
2016-08-22 20:19 - 2015-02-06 01:46 - 00000000 ____D C:\Program Files (x86)\WildGames
2016-08-22 20:19 - 2009-10-28 21:42 - 00000000 ____D C:\ProgramData\WildTangent
2016-08-22 20:19 - 2009-07-14 00:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-08-22 20:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-08-22 11:51 - 2015-08-31 08:29 - 00000000 ____D C:\Users\dave\.oracle_jre_usage
2016-08-21 14:02 - 2015-02-08 15:00 - 00000000 ____D C:\Users\dave\AppData\Local\Adobe
2016-08-16 00:27 - 2015-02-05 16:46 - 00000000 ____D C:\Users\dave\AppData\Roaming\Skype
2016-08-15 23:49 - 2015-10-01 05:27 - 00005326 _____ C:\Windows\wininit.ini
2016-08-15 23:47 - 2015-02-21 10:09 - 00000000 ____D C:\BigFishCache
2016-08-11 20:16 - 2015-12-23 16:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-11 20:16 - 2015-02-05 16:46 - 00000000 ____D C:\ProgramData\Skype
2016-08-11 08:33 - 2009-07-13 21:45 - 00338344 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-11 00:27 - 2015-02-05 16:22 - 00000000 ____D C:\Windows\system32\MRT
2016-08-11 00:21 - 2015-02-05 16:22 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 20:59 - 2015-07-06 19:17 - 00002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 20:59 - 2015-07-06 19:17 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-06 20:58 - 2016-03-12 14:49 - 00000000 ____D C:\Users\Public\Downloads\WT
2016-08-02 04:50 - 2015-02-14 00:25 - 00000000 ____D C:\Users\dave\AppData\Roaming\funkitron
2016-08-02 04:48 - 2015-09-08 11:54 - 00002500 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2016-08-02 04:43 - 2009-10-28 21:42 - 00000000 ____D C:\Program Files (x86)\Gateway Games
 
==================== Files in the root of some directories =======
 
2015-07-20 14:16 - 2015-09-08 17:45 - 0000115 _____ () C:\Users\dave\AppData\Roaming\LogFile.txt
2015-09-18 15:50 - 2015-10-20 01:12 - 0000145 _____ () C:\Users\dave\AppData\Roaming\WB.CFG
2016-08-24 15:03 - 2016-08-31 19:05 - 0007601 _____ () C:\Users\dave\AppData\Local\resmon.resmoncfg
2015-09-01 03:01 - 2015-09-01 03:01 - 0000571 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Windows\Tasks\{54A3EC84-7AA8-874C-CA0F-3DD4963BC0F2}.job
 
 
Some files in TEMP:
====================
C:\Users\dave\AppData\Local\Temp\flash1679_setup.exe
C:\Users\dave\AppData\Local\Temp\flash2758_setup.exe
C:\Users\dave\AppData\Local\Temp\flash5520_setup.exe
C:\Users\dave\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\dave\AppData\Local\Temp\skype1679_setup.exe
C:\Users\dave\AppData\Local\Temp\skype4786_setup.exe
C:\Users\dave\AppData\Local\Temp\skype7656_setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-26 12:54
 
==================== End of FRST.txt ============================
 
 
(3.)  Addition.txt:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by dave (31-08-2016 19:36:28)
Running from C:\Users\dave\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-02-05 22:17:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3857002000-416032775-3262416880-500 - Administrator - Disabled)
dave (S-1-5-21-3857002000-416032775-3262416880-1001 - Administrator - Enabled) => C:\Users\dave
Guest (S-1-5-21-3857002000-416032775-3262416880-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Atlantis Sky Patrol™ (HKLM-x32\...\BFG-Atlantis Sky Patrol) (Version:  - )
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - Spintop Media, Inc)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bomb The Monsters! HD (x32 Version: 3.0.2.59 - WildTangent) Hidden
C4700_NCL_Help (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
ChromecastApp (HKU\S-1-5-21-3857002000-416032775-3262416880-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cradle Of Egypt Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Cubis Gold (HKLM-x32\...\Cubis Gold) (Version: 0.1.3.0 - MSN)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Full Tilt Poker.Net (HKLM-x32\...\{E07B7A31-E160-466D-A003-3BB7B8989D52}) (Version: 5.28.1.WIN.FullTilt.NET - )
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0812 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.2.183.13 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gummy Drop! (HKLM-x32\...\BFG-Gummy Drop!) (Version:  - )
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Jewel Quest® The Sapphire Dragon Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Mahjongg Dimensions (HKLM-x32\...\Mahjongg Dimensions) (Version: 3.0.0.0 - iWin.com)
METRIS Blocks (HKLM-x32\...\METRIS Blocks) (Version:  - iWin.com)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSN Games (HKLM-x32\...\MSNArcade) (Version: 1.1 - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{4ce5e021-a8f5-4427-bc7f-6962ea29fcb8}) (Version:  - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Puzzle Blast (x32 Version: 2.2.0.95 - WildTangent) Hidden
Sir Match-a-Lot (HKLM-x32\...\BFG-Sir Match-a-Lot) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3008 - Gateway Incorporated)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App (x32 Version: 4.1.1.14 - WildTangent) Hidden
WildTangent Games App (x32 Version: 4.1.1.8 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Yahoo Messenger (HKU\S-1-5-21-3857002000-416032775-3262416880-1001\...\yahoomessenger) (Version: 0.8.155 - Yahoo! Inc)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0655C274-27FB-4106-9AA0-C54A45288F5E} - System32\Tasks\PROPCCleanerSoft_Popup => C:\Program Files (x86)\PRO PC Cleaner Soft\Splash.exe <==== ATTENTION
Task: {0DC5F405-3373-4600-A6D3-53CB3EC5ABC5} - System32\Tasks\GoogleUpdateTaskMachineUA1d13530647de58a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {1D34A25B-5CF1-43ED-9FCA-67E7E5922C05} - System32\Tasks\{883EEDD0-E4D8-45F2-AB30-5BBDDB8850EF} => C:\Program Files (x86)\Bejeweled 3\Bejeweled3.exe [2010-12-06] ()
Task: {220EAF15-00D2-41B4-A5A4-3A3AE12C07DB} - System32\Tasks\{C52A97B2-1043-4FFE-9E4C-E7D2FE3843F4} => Chrome.exe hxxp://ui.skype.com/ui/0/7.7.0.103/en/abandoninstall?page=tsMain
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3626876F-5B95-42F4-B05E-568868C66DAB} - System32\Tasks\{D33E5D93-B25C-4B74-A72C-81B1E970689E} => pcalua.exe -a "C:\Users\dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XD0WE14V\PokerStarsInstallPM.exe" -d C:\Users\dave\Desktop
Task: {3E1741D3-4CBE-47DA-A344-4F84B96F4D5B} - System32\Tasks\{54A3EC84-7AA8-874C-CA0F-3DD4963BC0F2} => C:\Users\dave\AppData\Local\{F1A6C~1\UNINST~1.EXE <==== ATTENTION
Task: {4236E282-738A-4C6A-8E1A-CFAF50D0B73A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3857002000-416032775-3262416880-1001UA1d10b06a94dc766 => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {51B14AF1-3FFE-48F7-B58A-C4EA5210B15F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {51E1FC6C-6A07-4D72-95D3-CB77F9D35033} - System32\Tasks\{3DEBA25D-D891-4B13-BA9B-7E4771C9A2D3} => pcalua.exe -a C:\Users\dave\Downloads\LifeCam3.60.exe -d C:\Users\dave\Downloads
Task: {53409971-B37F-477E-93BF-75860387EBD3} - System32\Tasks\{00BD194D-6492-4EBA-A80F-A8B33F6FD5B4} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/et/abandoninstall?page=tsMain
Task: {5E9BFC64-0E6D-4A12-A14C-929933934DC5} - System32\Tasks\{1264F34F-5279-4EBB-B3ED-DDE890C7501D} => pcalua.exe -a "C:\Users\dave\Downloads\LifeCam3.60 (2).exe" -d C:\Users\dave\Downloads
Task: {5ED28489-2BAF-4016-BD43-37DDA78408D6} - System32\Tasks\PROPCCleanerSoftware_Start => C:\Program Files (x86)\PRO PC Cleaner Software\PROPCCleanerSoftware.exe <==== ATTENTION
Task: {63A06071-5C50-4C7D-877C-47A1070E4819} - System32\Tasks\{62DCD29A-DB69-3FBE-B647-89101B4CF25A} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\f0917844\947a34a4.dll" <==== ATTENTION
Task: {95F16B1D-C138-45A9-AC80-1FE836017CEC} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {9910B366-0F77-4A74-A4C3-D55009AFCA53} - System32\Tasks\PROPCCleanerSoftware_Popup => C:\Program Files (x86)\PRO PC Cleaner Software\Splash.exe <==== ATTENTION
Task: {A46DBFF7-0776-4B5F-8853-B9DB31C89D00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-04] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AC5BEB9A-26B6-4C59-9980-71B964E22C6B} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\MSN Games\MSNGames.exe [2016-02-11] (iWin Inc.)
Task: {B909D3C3-E444-4760-AB02-AEE6D1DA4511} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D991205C-7047-45E2-9833-88F572E0DCC7} - System32\Tasks\{E4CA0FF2-FB6B-4F98-B284-7D1FE6A49F96} => pcalua.exe -a "C:\Users\dave\Downloads\LifeCam3.60 (1).exe" -d C:\Users\dave\Downloads
Task: {DF715678-3BC9-4C72-BEAC-2C82FF643E61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {DFA067C7-A63F-4BB4-ADAB-97DFD22DDB4E} - System32\Tasks\PROPCCleanerSoft_Start => C:\Program Files (x86)\PRO PC Cleaner Soft\PROPCCleanerSoft.exe <==== ATTENTION
Task: {E622E4B2-EED9-4916-B9EE-C57728FDD996} - System32\Tasks\GoogleUpdateTaskMachineCore1d1353064596d11 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {F263ED1C-E508-4F5B-9832-BBA3525A1955} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3857002000-416032775-3262416880-1001Core1d10b06a91c2f5c => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FE37D30E-527D-4693-8E78-B0B59FF7F3AD} - System32\Tasks\{6A88C405-10F8-4048-8ADB-E2AD6147865B} => C:\Program Files (x86)\Bejeweled 3\Bejeweled3.exe [2010-12-06] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1353064596d11.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d13530647de58a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3857002000-416032775-3262416880-1001Core1d10b06a91c2f5c.job => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3857002000-416032775-3262416880-1001UA1d10b06a94dc766.job => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{54A3EC84-7AA8-874C-CA0F-3DD4963BC0F2}.job => C:\Users\dave\AppData\Local\{F1A6C~1\UNINST~1.EXE <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_okehlnjpihomkdokiiafpejniofjaoom\3D Bomb Destroyer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=okehlnjpihomkdokiiafpejniofjaoom
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2009-02-02 17:33 - 2009-02-02 17:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 17:55 - 2008-09-28 17:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 02140944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 07704336 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 00968976 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 00475408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 16:35 - 2009-07-16 16:35 - 00363792 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 00199952 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 16:35 - 2009-07-16 16:35 - 00027408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
2009-07-16 16:35 - 2009-07-16 16:35 - 11311888 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 16:34 - 2009-07-16 16:34 - 00291600 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll
2009-07-16 16:36 - 2009-07-16 16:36 - 00028944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 16:36 - 2009-07-16 16:36 - 00035088 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 16:36 - 2009-07-16 16:36 - 00138000 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2009-10-14 14:36 - 2009-10-14 14:36 - 00181592 _____ () C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0158E398 [121]
AlternateDataStreams: C:\ProgramData\TEMP:036B81D9 [370]
AlternateDataStreams: C:\ProgramData\TEMP:0506F89A [143]
AlternateDataStreams: C:\ProgramData\TEMP:1A567D7B [126]
AlternateDataStreams: C:\ProgramData\TEMP:1F39C7E1 [125]
AlternateDataStreams: C:\ProgramData\TEMP:207D7AF7 [131]
AlternateDataStreams: C:\ProgramData\TEMP:2212C7B8 [119]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2F4A0A6B [114]
AlternateDataStreams: C:\ProgramData\TEMP:3310F70A [178]
AlternateDataStreams: C:\ProgramData\TEMP:33D7490A [125]
AlternateDataStreams: C:\ProgramData\TEMP:35B921C1 [126]
AlternateDataStreams: C:\ProgramData\TEMP:3941DF1F [131]
AlternateDataStreams: C:\ProgramData\TEMP:39B14E09 [286]
AlternateDataStreams: C:\ProgramData\TEMP:3EDD05D8 [131]
AlternateDataStreams: C:\ProgramData\TEMP:4581BFC5 [130]
AlternateDataStreams: C:\ProgramData\TEMP:55422315 [148]
AlternateDataStreams: C:\ProgramData\TEMP:569783F8 [131]
AlternateDataStreams: C:\ProgramData\TEMP:5A1E97C7 [130]
AlternateDataStreams: C:\ProgramData\TEMP:5C92988B [191]
AlternateDataStreams: C:\ProgramData\TEMP:61731AC2 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66FC2E6F [148]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [183]
AlternateDataStreams: C:\ProgramData\TEMP:78D4A05B [148]
AlternateDataStreams: C:\ProgramData\TEMP:81B5B293 [131]
AlternateDataStreams: C:\ProgramData\TEMP:838FECBF [146]
AlternateDataStreams: C:\ProgramData\TEMP:A082A539 [126]
AlternateDataStreams: C:\ProgramData\TEMP:A2B9AD4B [140]
AlternateDataStreams: C:\ProgramData\TEMP:A5928F5F [146]
AlternateDataStreams: C:\ProgramData\TEMP:A5FC8FA1 [123]
AlternateDataStreams: C:\ProgramData\TEMP:A9356284 [136]
AlternateDataStreams: C:\ProgramData\TEMP:BAD046B8 [139]
AlternateDataStreams: C:\ProgramData\TEMP:C1FF1B01 [128]
AlternateDataStreams: C:\ProgramData\TEMP:C5BCA2A0 [107]
AlternateDataStreams: C:\ProgramData\TEMP:DE2B4CCA [129]
AlternateDataStreams: C:\ProgramData\TEMP:E1D6C864 [210]
AlternateDataStreams: C:\ProgramData\TEMP:E30EA035 [143]
AlternateDataStreams: C:\ProgramData\TEMP:E54DD18F [117]
AlternateDataStreams: C:\ProgramData\TEMP:E8BDF4DE [113]
AlternateDataStreams: C:\ProgramData\TEMP:EEE3A74E [125]
AlternateDataStreams: C:\ProgramData\TEMP:F3DE733A [125]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2016-05-06 21:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3857002000-416032775-3262416880-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dave\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.3.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: gusvc => 3
MSCONFIG\startupreg: WarThunderLauncher => C:\WarThunder\launcher.exe
MSCONFIG\startupreg: Yahoo Messenger Updater => C:\Users\dave\AppData\Local\yahoomessenger\app-0.8.155\resources\app.asar.unpacked\native\win32\YMUpdater.exe
MSCONFIG\startupreg: YourUpdater => C:\Program Files (x86)\YourUpdater\YourUpdater.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6ADFB818-F0F7-4902-A48B-33863F6ABA15}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AD43D93A-E2EE-4DAC-B446-7F2FB31139C2}] => (Allow) svchost.exe
FirewallRules: [{85DCE300-E0AA-4DDA-9335-D6C42CD828A7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{2E0D0C5A-1C25-4245-B4FD-D967E2D290D0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{DA443094-4C35-4252-9C3F-176438C2010B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{1E69FD9A-97AF-40A7-80B6-8EDF70DD7984}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{1FE756A4-8CA4-4440-9C54-F7E39D1EC925}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{CC7081D5-81AA-49EA-BA2C-23129E48F73D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{4216ECA0-031F-4108-A793-858935D4ACD5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{C6A9DFA6-25B0-455E-BA46-4F8097F958D4}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{731A7A98-BC65-41AC-93CC-8998C11B2B44}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{11380E4E-7851-4C63-9290-D817BCEA2AC8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{33B072C2-7815-4513-9347-C0F2D0A6A637}] => (Allow) LPort=2869
FirewallRules: [{4C0DE3E2-617D-41EA-99FB-ADD96A3C3F69}] => (Allow) LPort=1900
FirewallRules: [{5421B0EA-6E3B-43E5-B532-CEA5E9748FAD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{759B6C54-BD4D-4BC3-AFEF-65A6C12C64B8}] => (Allow) C:\Program Files (x86)\MSN Games\MSNGames.exe
FirewallRules: [{CF56CF4B-61E1-4F48-BA5C-68A0BFDBBFB8}] => (Allow) C:\Program Files (x86)\MSN Games\MSNGames.exe
FirewallRules: [{050DEEA6-529F-4DA8-935C-7A172DF54E94}] => (Allow) C:\Program Files (x86)\MSN Games\WebUpdater.exe
FirewallRules: [{555D3410-F034-4D16-9CD6-18753232F0BE}] => (Allow) C:\Program Files (x86)\MSN Games\WebUpdater.exe
FirewallRules: [TCP Query User{8F8387CC-6034-4AB1-A1E8-DCB3731EBE9E}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [UDP Query User{2EF8B76C-E700-4C29-95F3-4A237D59A1A4}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe
FirewallRules: [{F87117E2-9294-4EC4-8330-65000404811F}] => (Allow) C:\Users\dave\AppData\Local\Temp\7zS34FB\hppiw.exe
FirewallRules: [{BF8F7F1D-CEAA-4F3B-9208-B77D864B2E0B}] => (Allow) C:\Users\dave\AppData\Local\Temp\7zS34FB\hppiw.exe
FirewallRules: [{DB7B04CB-492E-4B21-B3C8-2A660814F56C}] => (Allow) C:\Users\dave\AppData\Local\Temp\7zS36EC\HPDiagnosticCoreUI.exe
FirewallRules: [{8F9B88FD-9315-4CDD-84EA-DD990515D85A}] => (Allow) C:\Users\dave\AppData\Local\Temp\7zS36EC\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{2A37D5C3-C764-4BAA-9D75-20822E4905F1}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [UDP Query User{455851F9-AFFD-4006-AA84-0FCFA9DEE470}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [{46C77E03-98A3-4255-BFC7-B04E443B55A9}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{78EF39CC-4F45-4227-A689-21E9CD831A92}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{FD05A286-EC03-40CB-ADF4-104079EE2667}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{416DF63C-289E-440F-AAE3-1101CDF4FA75}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{7D6C05E8-06EA-45CF-8BDF-C1079A63A6FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
21-08-2016 19:35:57 Windows Update
22-08-2016 20:15:49 Restore Operation
24-08-2016 12:16:05 Windows Update
25-08-2016 21:05:28 Removed service pack backup files
28-08-2016 21:10:11 Windows Update
31-08-2016 13:41:33 Removed Java 8 Update 91
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/30/2016 11:13:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Set Snapshot Context
 
Context:
   Execution Context: Requestor
 
Error: (08/30/2016 11:13:05 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name Software Provider cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Set Snapshot Context
 
Context:
   Execution Context: Requestor
 
Error: (08/30/2016 10:19:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Set Snapshot Context
 
Context:
   Execution Context: Requestor
 
Error: (08/30/2016 10:19:12 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name Software Provider cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Set Snapshot Context
 
Context:
   Execution Context: Requestor
 
Error: (08/26/2016 09:59:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameConsole-wt.exe, version: 4.3.1.35, time stamp: 0x574335fe
Faulting module name: GameConsole-wt.exe, version: 4.3.1.35, time stamp: 0x574335fe
Exception code: 0x40000015
Fault offset: 0x000cd904
Faulting process id: 0xd35c
Faulting application start time: 0x01d2001ee4f5e196
Faulting application path: C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
Faulting module path: C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe
Report Id: 1210943d-6c13-11e6-acbc-002511a5b994
 
Error: (08/26/2016 10:22:30 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)
 
Error: (08/25/2016 10:46:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program taskmgr.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a0c0
 
Start Time: 01d1ff5bb8f0237c
 
Termination Time: 42
 
Application Path: C:\Windows\system32\taskmgr.exe
 
Report Id: 4f4cce21-6b50-11e6-974c-002511a5b994
 
Error: (08/25/2016 10:38:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18427 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1264
 
Start Time: 01d1ff59fb66dd3a
 
Termination Time: 35278
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (08/25/2016 09:20:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23418, time stamp: 0x570898dc
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a857
Exception code: 0xc0000005
Fault offset: 0x000000000004e77b
Faulting process id: 0xb80
Faulting application start time: 0x01d1ff2c815d09de
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 5e5db8fb-6b44-11e6-be35-002511a5b994
 
Error: (08/25/2016 09:05:28 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {40a10647-cf79-4b08-9ada-455cfe24e1e9}
 
 
System errors:
=============
Error: (08/31/2016 07:32:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 07:26:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/31/2016 07:26:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/31/2016 07:26:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/31/2016 07:24:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/31/2016 07:24:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/31/2016 07:24:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/31/2016 07:23:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/31/2016 07:23:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/31/2016 07:23:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2015-07-06 19:39:05.742
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-07-06 19:39:05.698
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 6109.14 MB
Available physical RAM: 3974.71 MB
Total Virtual: 12216.46 MB
Available Virtual: 10241.83 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:931.51 GB) (Free:868.73 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive j: (USB20FD) (Removable) (Total:3.77 GB) (Free:3.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3BB75E0E)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
(4.)
 
I'm hesitant to say this ( don't want to jinx it ) but the computer is working like it should.  Thousands of processes are not starting up and websites are loading very quickly.
 
I do have a couple of questions for you if you don't mind...
 
Was is something in particular that caused the problem?
 
I know that Chrome has stopped using Java and it was a javaws.exe *32 process that had started thousands of times.
 
Should I reconfigure my update permission for java? 

 

As far as I know I did not have a proxy set up so I am interested in how it was set up.

 

This is actually not my computer, it belongs to a friend of mine and I was pulling my hair out over it.  

 

Thank you for your time 

 

ImCynners



#6 ImCynners

ImCynners
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:27 AM

Posted 31 August 2016 - 10:23 PM

 polskamachina,

 

One more question, when I run hijackthis it says:

 

For somereason your system denied write access to the Hosts file. If

any hijacked domains are in this file, HijackThis may NOT be able to fix this

 

then it goes into instructions on what I will have to do if HijackThis is not able to fix it.

 

Is this something to do with my security permissions being changed and if so was it due to whatever you just helped me to get rid of?

 

Thank you,

ImCynners



#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 02 September 2016 - 12:35 AM

Hi ImCynners :)

I'm hesitant to say this ( don't want to jinx it ) but the computer is working like it should.  Thousands of processes are not starting up and websites are loading very quickly.

  • Was is something in particular that caused the problem?
  • I know that Chrome has stopped using Java and it was a javaws.exe *32 process that had started thousands of times. Should I reconfigure my update permission for java? 

1. There was something in particular that caused it but I suspect the software that installed the proxy has already been removed. If it comes back, then we can do some detective work to find the source.
2. The default configurations for Java should be fine.

When I run hijackthis it says:
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this then it goes into instructions on what I will have to do if HijackThis is not able to fix it.
Is this something to do with my security permissions being changed and if so was it due to whatever you just helped me to get rid of?

HijackThis has compatibility issues with the newer operating systems (Windows 7 and above) and as such it's outdated.
 
Next, we will run another fix. These steps should be familiar to you.
 
Copy the following text in its entirety into Notepad:

CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
SearchScopes: HKU\S-1-5-21-3857002000-416032775-3262416880-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
S4 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
BHO-x32: Blazer Deals -> {f476f203-bdf1-443d-aea6-d7fe9c2a53c3} -> C:\Program Files (x86)\Blazer Deals\Extensions\f476f203-bdf1-443d-aea6-d7fe9c2a53c3.dll => No File
Toolbar: HKU\S-1-5-21-3857002000-416032775-3262416880-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3857002000-416032775-3262416880-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {0655C274-27FB-4106-9AA0-C54A45288F5E} - System32\Tasks\PROPCCleanerSoft_Popup => C:\Program Files (x86)\PRO PC Cleaner Soft\Splash.exe <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {51B14AF1-3FFE-48F7-B58A-C4EA5210B15F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {95F16B1D-C138-45A9-AC80-1FE836017CEC} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {9910B366-0F77-4A74-A4C3-D55009AFCA53} - System32\Tasks\PROPCCleanerSoftware_Popup => C:\Program Files (x86)\PRO PC Cleaner Software\Splash.exe <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DFA067C7-A63F-4BB4-ADAB-97DFD22DDB4E} - System32\Tasks\PROPCCleanerSoft_Start => C:\Program Files (x86)\PRO PC Cleaner Soft\PROPCCleanerSoft.exe <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\Windows\Tasks\{54A3EC84-7AA8-874C-CA0F-3DD4963BC0F2}.job => C:\Users\dave\AppData\Local\{F1A6C~1\UNINST~1.EXE <==== ATTENTION
Task: {3E1741D3-4CBE-47DA-A344-4F84B96F4D5B} - System32\Tasks\{54A3EC84-7AA8-874C-CA0F-3DD4963BC0F2} => C:\Users\dave\AppData\Local\{F1A6C~1\UNINST~1.EXE <==== ATTENTION
Task: {5ED28489-2BAF-4016-BD43-37DDA78408D6} - System32\Tasks\PROPCCleanerSoftware_Start => C:\Program Files (x86)\PRO PC Cleaner Software\PROPCCleanerSoftware.exe <==== ATTENTION
Task: {63A06071-5C50-4C7D-877C-47A1070E4819} - System32\Tasks\{62DCD29A-DB69-3FBE-B647-89101B4CF25A} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\f0917844\947a34a4.dll" <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:0158E398 [121]
AlternateDataStreams: C:\ProgramData\TEMP:036B81D9 [370]
AlternateDataStreams: C:\ProgramData\TEMP:0506F89A [143]
AlternateDataStreams: C:\ProgramData\TEMP:1A567D7B [126]
AlternateDataStreams: C:\ProgramData\TEMP:1F39C7E1 [125]
AlternateDataStreams: C:\ProgramData\TEMP:207D7AF7 [131]
AlternateDataStreams: C:\ProgramData\TEMP:2212C7B8 [119]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2F4A0A6B [114]
AlternateDataStreams: C:\ProgramData\TEMP:3310F70A [178]
AlternateDataStreams: C:\ProgramData\TEMP:33D7490A [125]
AlternateDataStreams: C:\ProgramData\TEMP:35B921C1 [126]
AlternateDataStreams: C:\ProgramData\TEMP:3941DF1F [131]
AlternateDataStreams: C:\ProgramData\TEMP:39B14E09 [286]
AlternateDataStreams: C:\ProgramData\TEMP:3EDD05D8 [131]
AlternateDataStreams: C:\ProgramData\TEMP:4581BFC5 [130]
AlternateDataStreams: C:\ProgramData\TEMP:55422315 [148]
AlternateDataStreams: C:\ProgramData\TEMP:569783F8 [131]
AlternateDataStreams: C:\ProgramData\TEMP:5A1E97C7 [130]
AlternateDataStreams: C:\ProgramData\TEMP:5C92988B [191]
AlternateDataStreams: C:\ProgramData\TEMP:61731AC2 [143]
AlternateDataStreams: C:\ProgramData\TEMP:66FC2E6F [148]
AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [183]
AlternateDataStreams: C:\ProgramData\TEMP:78D4A05B [148]
AlternateDataStreams: C:\ProgramData\TEMP:81B5B293 [131]
AlternateDataStreams: C:\ProgramData\TEMP:838FECBF [146]
AlternateDataStreams: C:\ProgramData\TEMP:A082A539 [126]
AlternateDataStreams: C:\ProgramData\TEMP:A2B9AD4B [140]
AlternateDataStreams: C:\ProgramData\TEMP:A5928F5F [146]
AlternateDataStreams: C:\ProgramData\TEMP:A5FC8FA1 [123]
AlternateDataStreams: C:\ProgramData\TEMP:A9356284 [136]
AlternateDataStreams: C:\ProgramData\TEMP:BAD046B8 [139]
AlternateDataStreams: C:\ProgramData\TEMP:C1FF1B01 [128]
AlternateDataStreams: C:\ProgramData\TEMP:C5BCA2A0 [107]
AlternateDataStreams: C:\ProgramData\TEMP:DE2B4CCA [129]
AlternateDataStreams: C:\ProgramData\TEMP:E1D6C864 [210]
AlternateDataStreams: C:\ProgramData\TEMP:E30EA035 [143]
AlternateDataStreams: C:\ProgramData\TEMP:E54DD18F [117]
AlternateDataStreams: C:\ProgramData\TEMP:E8BDF4DE [113]
AlternateDataStreams: C:\ProgramData\TEMP:EEE3A74E [125]
AlternateDataStreams: C:\ProgramData\TEMP:F3DE733A [125]
S3 catchme; no ImagePath
  • Save the file to your Desktop as fixlist.txt
  • Close Notepad
  • Run FRST64 again. It should take a few seconds to update which is normal.
  • Click on the Fix button
  • If your computer needs to be restarted, let it restart.
  • When the fix is complete, a new log will be created named, Fixlog.txt
  • Please copy and paste that log into your next reply to me

In summary I will need from you:

  • Fixlog.txt
  • How is your computer running now?

Let me know if you have any questions.
 
polskamachina



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 05 September 2016 - 11:06 AM

Hi ImCynners :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.

 

polskamachina



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:27 AM

Posted 07 September 2016 - 07:54 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users