Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
virus seems to reinstall itself during boot into shell
Message
<blockquote data-quote="KennyGordacki" data-source="post: 517508" data-attributes="member: 53506"><p>[code]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01</p><p>Ran by Administrator 1 (administrator) on ME-PC (22-06-2016 22:26:57)</p><p>Running from C:\Users\Administrator 1\Desktop</p><p>Loaded Profiles: Me & Administrator 1 & WOUTempAdmin & Guest & Classic .NET AppPool & DefaultAppPool (Available Profiles: Me & Administrator 1 & WOUTempAdmin & Guest & Classic .NET AppPool & DefaultAppPool)</p><p>Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: IE)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]</p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe</p><p>(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe</p><p>(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe</p><p>(Microsoft Corporation) C:\Windows\System32\mqsvc.exe</p><p>() C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe</p><p>(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE</p><p>(Microsoft Corporation) C:\Windows\System32\snmp.exe</p><p>(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe</p><p>(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe</p><p>(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe</p><p>(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe</p><p>(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe</p><p>(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe</p><p>(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Users\Administrator 1\Downloads\msert.exe</p><p>(Microsoft Corporation) C:\Windows\System32\cmd.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-08-25] (Synaptics Incorporated)</p><p>HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2015-03-23] (Realtek Semiconductor)</p><p>HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)</p><p>HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15003256 2015-09-19] (Logitech Inc.)</p><p>HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch</p><p>HKLM-x32\...\Run: [] => [X]</p><p>HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-12] (Nullsoft, Inc.)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1000\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\...\Policies\Explorer: [NoViewContextMenu] 0</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> </p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\...\Policies\Explorer: [NoViewContextMenu] 0</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\Policies\Explorer: [NoBandCustomize] 0</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\Policies\Explorer: [NoViewContextMenu] 0</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\Policies\Explorer: [RestrictRun] 0</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)</p><p>HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)</p><p>HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)</p><p>HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)</p><p>HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)</p><p>HKU\S-1-5-18\...\Policies\system: [NoAdminPage] 0</p><p>ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]</p><p>ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]</p><p>ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File</p><p>ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p>ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File </p><p>Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File </p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p>Tcpip\..\Interfaces\{2E8CE929-0F8D-41E0-9F1D-F2BB08560D3E}: [DhcpNameServer] 192.168.1.1</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION</p><p>HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-501\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION</p><p>HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION</p><p>HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"]www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA[/URL]</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.google.com"]www.google.com[/URL]</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://[URL="http://www.google.com"]www.google.com[/URL]</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://[URL="http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"]www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA[/URL]</p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = </p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = </p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = </p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/URL]</p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome"]www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome[/URL]</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/URL]</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://[URL="http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"]www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA[/URL]</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://[URL="http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"]www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA[/URL]</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-501\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-501\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/WOL_WCP</p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"]www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA[/URL]</p><p>SearchScopes: HKLM -> DefaultScope {86EE1317-27B5-4DE0-A8C2-2F505B915BCF} URL = hxxp://[URL="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA"]www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/URL]</p><p>SearchScopes: HKLM -> {86EE1317-27B5-4DE0-A8C2-2F505B915BCF} URL = hxxp://[URL="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA"]www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/URL]</p><p>SearchScopes: HKLM-x32 -> DefaultScope {86EE1317-27B5-4DE0-A8C2-2F505B915BCF} URL = hxxp://[URL="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA"]www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/URL]</p><p>SearchScopes: HKLM-x32 -> {86EE1317-27B5-4DE0-A8C2-2F505B915BCF} URL = hxxp://[URL="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA"]www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/URL]</p><p>SearchScopes: HKU\S-1-5-21-1965651932-3507908794-2345626874-1000 -> {EF641CB9-A500-480E-ABFC-370E51010B2B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8</p><p>SearchScopes: HKU\S-1-5-21-1965651932-3507908794-2345626874-1009 -> {01D045E4-EFC1-427C-86D1-25D5F1841A99} URL = </p><p>SearchScopes: HKU\S-1-5-21-1965651932-3507908794-2345626874-1009 -> {792B6456-FB40-4F4B-BEAD-8C167F1D40B1} URL = </p><p>SearchScopes: HKU\S-1-5-21-1965651932-3507908794-2345626874-1009 -> {EF641CB9-A500-480E-ABFC-370E51010B2B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8</p><p>SearchScopes: HKU\S-1-5-21-1965651932-3507908794-2345626874-501 -> {EF641CB9-A500-480E-ABFC-370E51010B2B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8</p><p>SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>Toolbar: HKU\S-1-5-21-1965651932-3507908794-2345626874-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File</p><p>Toolbar: HKU\S-1-5-21-1965651932-3507908794-2345626874-501 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File</p><p>Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Administrator 1\AppData\Roaming\Mozilla\Firefox\Profiles\8faqmhbu.default</p><p>FF NewTab: about:home</p><p>FF DefaultSearchEngine: Bing </p><p>FF SearchEngineOrder.3: Bing </p><p>FF SelectedSearchEngine: Bing </p><p>FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);</p><p>FF Keyword.URL: hxxp://[URL="http://www.bing.com/search?FORM=U270DF&PC=U270&q="]www.bing.com/search?FORM=U270DF&PC=U270&q=[/URL]</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled [No File]</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2016-02-19] (Adobe Systems, Inc.)</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [No File]</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-07] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-07] (Google Inc.)</p><p>FF SearchPlugin: C:\Users\Administrator 1\AppData\Roaming\Mozilla\Firefox\Profiles\8faqmhbu.default\searchplugins\bing-.xml [2015-12-14]</p><p>FF Extension: Bing Search - C:\Users\Administrator 1\AppData\Roaming\Mozilla\Firefox\Profiles\8faqmhbu.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-12-14]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt</p><p>FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2015-12-14] [not signed]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR Profile: C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Slides) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-04]</p><p>CHR Extension: (Google Docs) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-04]</p><p>CHR Extension: (Google Drive) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-04]</p><p>CHR Extension: (YouTube) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-04]</p><p>CHR Extension: (Google Sheets) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-04]</p><p>CHR Extension: (Google Docs Offline) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-04]</p><p>CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-04]</p><p>CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh [2016-06-22]</p><p>CHR Extension: (Gmail) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-04]</p><p></p><p>Opera: </p><p>=======</p><p>OPR Session Restore: -> is enabled.</p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]</p><p>R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)</p><p>R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)</p><p>S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065496 2016-06-17] ()</p><p>R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)</p><p>R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-19] (Logitech Inc.)</p><p>R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)</p><p>R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)</p><p>R2 NMSAccess; C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe [71096 2009-01-12] ()</p><p>R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)</p><p>R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)</p><p>R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)</p><p>R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-08-25] (Synaptics Incorporated)</p><p>S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)</p><p>S3 TOSHIBA HDD SSD Alert Service; C:\Program Files (x86)\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)</p><p>R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)</p><p>S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)</p><p>S2 Razer Game Scanner Service; no ImagePath</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)</p><p>S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)</p><p>R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)</p><p>S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)</p><p>S3 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [28464 2016-06-04] ()</p><p>R1 MpKsld8615e31; C:\Windows\Temp\MpKsld8615e31.sys [44928 2016-06-22] (Microsoft Corporation)</p><p>S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]</p><p>R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)</p><p>R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)</p><p>S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2015-03-23] (Windows (R) Win 7 DDK provider)</p><p>R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-25] (Synaptics Incorporated)</p><p>S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-06-22 22:22 - 2016-06-22 22:22 - 03703360 _____ C:\Users\Administrator 1\Desktop\adwcleaner_5.200.exe</p><p>2016-06-22 22:22 - 2016-06-22 22:22 - 03703360 _____ C:\Users\Administrator 1\Desktop\adwcleaner_5.200 (1).exe</p><p>2016-06-22 21:56 - 2016-06-22 22:26 - 00021587 _____ C:\Users\Administrator 1\Desktop\FRST.txt</p><p>2016-06-22 21:52 - 2016-06-22 21:53 - 02387456 _____ (Farbar) C:\Users\Administrator 1\Desktop\FRST64.exe</p><p>2016-06-22 21:40 - 2016-06-22 21:40 - 04291320 _____ (BrightFort LLC ) C:\Users\Administrator 1\Downloads\spywareblastersetup55.exe</p><p>2016-06-22 21:36 - 2016-06-22 21:37 - 139855128 _____ (Microsoft Corporation) C:\Users\Administrator 1\Downloads\msert.exe</p><p>2016-06-22 21:32 - 2016-06-22 21:32 - 00000000 ____D C:\Users\Administrator 1\Desktop\backups</p><p>2016-06-22 21:29 - 2016-06-22 21:29 - 00023083 _____ C:\Users\Administrator 1\Desktop\dds.txt</p><p>2016-06-22 21:27 - 2016-06-22 21:27 - 00688992 ____R (Swearware) C:\Users\Administrator 1\Downloads\dds.com</p><p>2016-06-22 21:27 - 2016-06-22 21:27 - 00688992 _____ (Swearware) C:\Users\Administrator 1\Downloads\dds.scr</p><p>2016-06-22 21:27 - 2016-06-22 21:27 - 00688992 _____ (Swearware) C:\Users\Administrator 1\Downloads\dds.exe</p><p>2016-06-22 20:42 - 2016-06-22 20:43 - 00033546 _____ C:\Users\Administrator 1\Downloads\MTB.txt</p><p>2016-06-22 20:41 - 2016-06-22 20:41 - 00892416 _____ (Farbar) C:\Users\Administrator 1\Downloads\MiniToolBox.exe</p><p>2016-06-22 18:59 - 2016-06-22 18:59 - 00001787 _____ C:\Users\Administrator 1\Downloads\fixlist.txt</p><p>2016-06-22 18:57 - 2016-06-22 20:05 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2016-06-22 18:56 - 2016-06-22 20:39 - 00000000 ____D C:\ProgramData\RogueKiller</p><p>2016-06-22 18:22 - 2016-06-22 18:22 - 00001200 _____ C:\Users\Administrator 1\Downloads\Fixlog.txt</p><p>2016-06-22 18:20 - 2016-06-22 18:22 - 00001344 _____ C:\Users\Administrator 1\Desktop\fixtext.txt</p><p>2016-06-22 18:09 - 2016-06-22 20:31 - 00036268 _____ C:\Users\Administrator 1\Downloads\Addition.txt</p><p>2016-06-22 18:08 - 2016-06-22 20:31 - 00064236 _____ C:\Users\Administrator 1\Downloads\FRST.txt</p><p>2016-06-22 16:42 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe</p><p>2016-06-22 16:42 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe</p><p>2016-06-22 16:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe</p><p>2016-06-22 16:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe</p><p>2016-06-22 16:42 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe</p><p>2016-06-22 16:42 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe</p><p>2016-06-22 16:42 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe</p><p>2016-06-22 16:41 - 2016-06-22 16:41 - 00000000 ____D C:\Qoobox</p><p>2016-06-22 16:37 - 2016-06-22 16:37 - 02387456 _____ (Farbar) C:\Users\Administrator 1\Downloads\FRST64.exe</p><p>2016-06-22 16:36 - 2016-06-22 18:25 - 00001787 _____ C:\Users\Administrator 1\Downloads\fixlist (1).txt</p><p>2016-06-22 15:53 - 2016-06-22 15:53 - 00000000 ____D C:\Users\Administrator 1\Downloads\mbrfix</p><p>2016-06-22 15:52 - 2016-06-22 15:52 - 00138820 _____ C:\Users\Administrator 1\Downloads\mbrfix.zip</p><p>2016-06-22 15:52 - 2016-06-22 15:52 - 00138820 _____ C:\Users\Administrator 1\Downloads\mbrfix (1).zip</p><p>2016-06-22 15:52 - 2016-06-22 15:52 - 00000000 ____D C:\Users\Administrator 1\Downloads\mbrfix (1)</p><p>2016-06-22 15:46 - 2016-06-22 16:19 - 00001711 _____ C:\Users\Administrator 1\Desktop\firsttext.txt</p><p>2016-06-22 14:48 - 2016-06-22 14:48 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\NPE</p><p>2016-06-22 14:47 - 2016-06-22 14:47 - 00001676 _____ C:\Users\Administrator 1\Desktop\Fixlog.txt</p><p>2016-06-22 12:21 - 2016-06-22 12:21 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\Adobe</p><p>2016-06-22 12:16 - 2016-06-22 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO</p><p>2016-06-22 12:00 - 2016-06-22 12:16 - 00001700 _____ C:\Users\Administrator 1\Desktop\Advanced Uninstaller PRO 12.lnk</p><p>2016-06-22 12:00 - 2016-06-22 12:00 - 00000000 ____D C:\ProgramData\Innovative Solutions</p><p>2016-06-22 11:59 - 2016-06-22 12:00 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\Innovative Solutions</p><p>2016-06-22 11:59 - 2016-06-22 11:59 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions</p><p>2016-06-22 09:56 - 2016-06-22 11:32 - 00541087 _____ C:\Windows\ZAM_Guard.krnl.trace</p><p>2016-06-22 09:56 - 2016-06-22 11:01 - 03909974 _____ C:\Windows\ZAM.krnl.trace</p><p>2016-06-22 09:42 - 2016-06-22 14:55 - 00035385 _____ C:\Users\Administrator 1\Desktop\Addition.txt</p><p>2016-06-22 09:29 - 2016-06-22 22:26 - 00000000 ____D C:\FRST</p><p>2016-06-21 22:57 - 2016-06-21 22:57 - 00000000 ____D C:\SpybotBootCD</p><p>2016-06-21 22:51 - 2016-06-21 22:51 - 01203312 _____ (Safer Networking Limited ) C:\Users\Administrator 1\Downloads\spybotbootcd-1.0.4.exe</p><p>2016-06-21 20:05 - 2016-06-21 20:05 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator 1\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe</p><p>2016-06-21 19:57 - 2016-06-21 19:57 - 00003927 _____ C:\Users\Administrator 1\Desktop\vlk product key 2.txt</p><p>2016-06-21 19:43 - 2016-06-21 19:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator 1\Desktop\HijackThis.exe</p><p>2016-06-21 17:00 - 2016-06-21 17:00 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\Alexandre_Miguel_Canotilh</p><p>2016-06-21 16:49 - 2016-06-21 16:49 - 00002804 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC</p><p>2016-06-21 16:48 - 2016-06-21 16:49 - 00000000 ____D C:\Program Files\CCleaner</p><p>2016-06-21 16:48 - 2016-06-21 16:48 - 00000877 _____ C:\Users\Public\Desktop\CCleaner.lnk</p><p>2016-06-21 16:48 - 2016-06-21 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner</p><p>2016-06-21 16:45 - 2016-06-21 16:45 - 00001900 _____ C:\Users\Public\Desktop\QuickTime Player.lnk</p><p>2016-06-21 16:44 - 2016-06-21 16:45 - 00000000 ____D C:\Program Files (x86)\QuickTime</p><p>2016-06-21 16:40 - 2016-06-21 16:52 - 41896256 _____ (Apple Inc.) C:\Users\Administrator 1\Downloads\QuickTimeInstaller.exe</p><p>2016-06-21 16:23 - 2016-06-21 16:23 - 00000000 ____D C:\ProgramData\WinZipSE</p><p>2016-06-21 16:19 - 2016-06-21 16:19 - 00001039 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk</p><p>2016-06-21 16:19 - 2016-06-21 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.1</p><p>2016-06-21 16:19 - 2016-06-21 16:19 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1</p><p>2016-06-21 16:00 - 2016-06-21 16:02 - 00000000 ____D C:\ProgramData\WRData</p><p>2016-06-21 15:56 - 2016-06-22 12:23 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\JAM Software</p><p>2016-06-21 15:56 - 2016-06-21 15:56 - 00031450 _____ C:\Users\Administrator 1\Documents\cc_20160621_155631.reg</p><p>2016-06-21 15:48 - 2016-06-21 15:48 - 02557544 _____ (Microsoft Corporation) C:\Users\Administrator 1\Downloads\NDP46-KB3122661-x86.exe</p><p>2016-06-21 15:27 - 2016-06-21 15:27 - 00001038 _____ C:\Users\Public\Desktop\Winamp.lnk</p><p>2016-06-21 15:27 - 2016-06-21 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp</p><p>2016-06-21 15:26 - 2016-06-22 19:20 - 00000000 ____D C:\Windows_Repair_Toolbox</p><p>2016-06-21 15:26 - 2016-06-21 15:53 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\Winamp</p><p>2016-06-21 15:26 - 2016-06-21 15:30 - 00000000 ____D C:\Program Files (x86)\Winamp</p><p>2016-06-21 15:26 - 2016-06-21 15:26 - 00000829 _____ C:\Users\Public\Desktop\Windows Repair Toolbox.lnk</p><p>2016-06-21 15:26 - 2016-06-21 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Repair Toolbox</p><p>2016-06-21 15:24 - 2016-06-21 15:26 - 10328598 _____ (Nullsoft, Inc.) C:\Users\Administrator 1\Downloads\winamp5666_full_en-us_redux.exe</p><p>2016-06-21 15:15 - 2016-06-21 15:16 - 02016668 _____ (Alexandre Miguel Canotilho Coelho ) C:\Users\Administrator 1\Downloads\Windows_Repair_Toolbox_setup.exe</p><p>2016-06-21 15:00 - 2016-06-21 15:00 - 00000962 _____ C:\Users\Public\Desktop\Blaze Media Pro.lnk</p><p>2016-06-21 14:59 - 2016-06-21 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blaze Media Pro</p><p>2016-06-21 14:59 - 2016-06-21 15:00 - 00000000 ____D C:\Program Files (x86)\Blaze Media Pro</p><p>2016-06-21 14:57 - 2016-06-21 15:01 - 00000000 __HDC C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6}</p><p>2016-06-21 14:51 - 2016-06-21 14:51 - 00001153 _____ C:\Users\WOUTempAdmin\Desktop\Command Cubes Viewer.lnk</p><p>2016-06-21 14:51 - 2016-06-21 14:51 - 00001153 _____ C:\Users\Me\Desktop\Command Cubes Viewer.lnk</p><p>2016-06-21 14:51 - 2016-06-21 14:51 - 00001153 _____ C:\Users\Guest\Desktop\Command Cubes Viewer.lnk</p><p>2016-06-21 14:51 - 2016-06-21 14:51 - 00001153 _____ C:\Users\Administrator 1\Desktop\Command Cubes Viewer.lnk</p><p>2016-06-21 14:51 - 2016-06-21 14:51 - 00001128 _____ C:\Users\WOUTempAdmin\Desktop\Command Cubes Server.lnk</p><p>2016-06-21 14:51 - 2016-06-21 14:51 - 00001128 _____ C:\Users\Me\Desktop\Command Cubes Server.lnk</p><p>2016-06-21 14:51 - 2016-06-21 14:51 - 00001128 _____ C:\Users\Guest\Desktop\Command Cubes Server.lnk</p><p>2016-06-21 14:51 - 2016-06-21 14:51 - 00001128 _____ C:\Users\Administrator 1\Desktop\Command Cubes Server.lnk</p><p>2016-06-21 14:51 - 2016-06-21 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command Cubes</p><p>2016-06-21 14:51 - 2016-06-21 14:51 - 00000000 ____D C:\Program Files\winamp</p><p>2016-06-21 14:51 - 2016-06-21 14:51 - 00000000 ____D C:\Program Files (x86)\Command Cubes</p><p>2016-06-21 08:05 - 2016-06-21 08:05 - 00000274 _____ C:\Users\Public\Desktop\UVKRebootExecLog.txt</p><p>2016-06-21 07:55 - 2016-06-21 07:56 - 00002541 _____ C:\DelFix.txt</p><p>2016-06-21 07:54 - 2016-06-21 07:54 - 00000000 _____ C:\Users\Administrator 1\Downloads\delfix_1.013.exe.rfva3or.partial</p><p>2016-06-21 00:00 - 2016-06-21 00:00 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini</p><p>2016-06-20 23:35 - 2016-06-20 23:35 - 00000582 _____ C:\Users\Administrator 1\Desktop\keys.txt</p><p>2016-06-20 23:30 - 2016-06-20 23:33 - 00000000 ____D C:\Users\Administrator 1\Downloads\produkey-x64 (1)</p><p>2016-06-20 23:24 - 2016-06-20 23:24 - 00000621 _____ C:\Users\Administrator 1\Desktop\Product key.vbs</p><p>2016-06-20 07:50 - 2016-05-23 18:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2016-06-20 07:50 - 2016-05-23 17:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll</p><p>2016-06-20 07:50 - 2016-05-21 12:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2016-06-20 07:50 - 2016-05-21 11:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2016-06-20 07:50 - 2016-05-20 17:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2016-06-20 07:50 - 2016-05-20 17:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll</p><p>2016-06-20 07:50 - 2016-05-20 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2016-06-20 07:50 - 2016-05-20 17:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2016-06-20 07:50 - 2016-05-20 17:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2016-06-20 07:50 - 2016-05-20 17:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec</p><p>2016-06-20 07:50 - 2016-05-20 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll</p><p>2016-06-20 07:50 - 2016-05-20 17:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2016-06-20 07:50 - 2016-05-20 17:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll</p><p>2016-06-20 07:50 - 2016-05-20 17:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2016-06-20 07:50 - 2016-05-20 17:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec</p><p>2016-06-20 07:50 - 2016-05-20 16:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2016-06-20 07:50 - 2016-05-20 16:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe</p><p>2016-06-20 07:50 - 2016-05-20 16:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe</p><p>2016-06-20 07:50 - 2016-05-20 16:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2016-06-20 07:50 - 2016-05-20 16:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2016-06-20 07:50 - 2016-05-20 16:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2016-06-20 07:50 - 2016-05-20 16:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll</p><p>2016-06-20 07:50 - 2016-05-20 16:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2016-06-20 07:50 - 2016-05-20 15:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2016-06-20 07:50 - 2016-05-20 15:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2016-06-20 07:50 - 2016-05-20 15:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2016-06-20 07:50 - 2016-05-20 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll</p><p>2016-06-20 07:50 - 2016-05-20 15:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2016-06-20 07:50 - 2016-05-20 15:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2016-06-20 07:49 - 2016-05-18 11:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll</p><p>2016-06-20 07:49 - 2016-05-18 11:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll</p><p>2016-06-20 07:49 - 2016-05-13 17:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll</p><p>2016-06-20 07:49 - 2016-05-13 17:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll</p><p>2016-06-20 07:49 - 2016-05-13 17:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll</p><p>2016-06-20 07:49 - 2016-05-13 17:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll</p><p>2016-06-20 07:49 - 2016-05-13 17:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll</p><p>2016-06-20 07:49 - 2016-05-13 16:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll</p><p>2016-06-20 07:49 - 2016-05-13 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll</p><p>2016-06-20 07:49 - 2016-05-13 16:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll</p><p>2016-06-20 07:49 - 2016-05-13 16:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll</p><p>2016-06-20 07:49 - 2016-05-13 16:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys</p><p>2016-06-20 07:49 - 2016-05-12 12:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys</p><p>2016-06-20 07:49 - 2016-05-12 12:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll</p><p>2016-06-20 07:49 - 2016-05-12 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</p><p>2016-06-20 07:49 - 2016-05-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe</p><p>2016-06-20 07:49 - 2016-05-12 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2016-06-20 07:49 - 2016-05-12 09:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys</p><p>2016-06-20 07:49 - 2016-05-12 09:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys</p><p>2016-06-20 07:49 - 2016-05-12 09:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys</p><p>2016-06-20 07:49 - 2016-05-12 09:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys</p><p>2016-06-20 07:49 - 2016-05-12 09:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys</p><p>2016-06-20 07:49 - 2016-05-12 09:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys</p><p>2016-06-20 07:49 - 2016-05-12 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe</p><p>2016-06-20 07:49 - 2016-05-12 09:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe</p><p>2016-06-20 07:49 - 2016-05-12 09:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll</p><p>2016-06-20 07:49 - 2016-05-12 08:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys</p><p>2016-06-20 07:49 - 2016-05-12 08:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll</p><p>2016-06-20 07:49 - 2016-05-12 08:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll</p><p>2016-06-20 07:49 - 2016-05-11 12:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll</p><p>2016-06-20 07:49 - 2016-05-11 12:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll</p><p>2016-06-20 07:49 - 2016-05-11 12:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll</p><p>2016-06-20 07:49 - 2016-05-11 12:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll</p><p>2016-06-20 07:49 - 2016-05-11 10:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll</p><p>2016-06-20 07:49 - 2016-05-11 10:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll</p><p>2016-06-20 07:49 - 2016-05-11 10:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll</p><p>2016-06-20 07:49 - 2016-05-11 10:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll</p><p>2016-06-20 07:49 - 2016-05-11 10:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe</p><p>2016-06-20 07:49 - 2016-05-11 10:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe</p><p>2016-06-20 07:49 - 2016-05-11 09:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys</p><p>2016-06-19 20:35 - 2016-06-19 20:35 - 00000000 ____D C:\Users\Administrator 1\Downloads\FixWin</p><p>2016-06-19 19:17 - 2016-06-19 19:17 - 00003448 _____ C:\Windows\System32\Tasks\NeoSetup Updater</p><p>2016-06-19 19:16 - 2016-06-19 19:16 - 00001377 _____ C:\Users\Administrator 1\Desktop\NeoSetup Updater.lnk</p><p>2016-06-19 19:16 - 2016-06-19 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSetup Updater</p><p>2016-06-19 19:01 - 2016-06-22 21:31 - 00003688 _____ C:\Windows\System32\Tasks\AupAvUpdate</p><p>2016-06-19 19:01 - 2016-06-22 19:04 - 00000356 _____ C:\Windows\Tasks\Health-Check.job</p><p>2016-06-19 19:01 - 2016-06-22 18:02 - 00000364 _____ C:\Windows\Tasks\Health-Check-deep.job</p><p>2016-06-19 19:01 - 2016-06-22 12:16 - 00001584 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk</p><p>2016-06-19 19:01 - 2016-06-19 19:01 - 00002960 _____ C:\Windows\System32\Tasks\Health-Check-deep</p><p>2016-06-19 19:01 - 2016-06-19 19:01 - 00002952 _____ C:\Windows\System32\Tasks\Health-Check</p><p>2016-06-19 18:53 - 2016-06-19 18:53 - 01742664 _____ (Kaspersky Lab) C:\Users\Administrator 1\Downloads\kts16.0.0.614a bcden_9363.exe</p><p>2016-06-19 18:22 - 2016-06-19 18:22 - 93585408 _____ C:\Windows\system32\config\SOFTWARE.dw_backup</p><p>2016-06-18 23:07 - 2016-06-18 23:07 - 00000000 ____D C:\.Trash-0</p><p>2016-06-06 01:44 - 2016-06-06 01:44 - 00004952 _____ C:\Users\Administrator 1\Desktop\list1.txt</p><p>2016-06-06 01:42 - 2016-06-06 01:46 - 00000234 _____ C:\Users\Administrator 1\Desktop\remove all updates.bat</p><p>2016-06-05 21:26 - 2016-06-05 21:26 - 00000000 _____ C:\Windows\system32\Drivers\etc\hosts_bak_427</p><p>2016-06-05 13:08 - 2016-06-05 23:56 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts.bak</p><p>2016-06-05 11:07 - 2016-06-05 11:07 - 00003106 _____ C:\Windows\System32\Tasks\{39EB8DBB-DEF2-4D95-ABCF-89F3EFBA04E6}</p><p>2016-06-05 07:13 - 2016-06-05 07:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com</p><p>2016-06-05 07:04 - 2016-06-05 07:04 - 00000036 _____ C:\Windows\system32\Drivers\etc\hosts_bak_110</p><p>2016-06-04 22:31 - 2016-06-04 22:32 - 00010347 _____ C:\uninstall.cmd</p><p>2016-06-04 22:26 - 2016-06-04 22:26 - 00005384 _____ C:\list.txt</p><p>2016-06-04 14:08 - 2016-06-05 06:50 - 00000000 ____D C:\Windows\SoftwareDistribution.bak</p><p>2016-06-04 14:05 - 2016-06-04 14:05 - 00000477 _____ C:\Users\Administrator 1\Desktop\Update files batch to remove windows updates installed.bat</p><p>2016-06-04 14:01 - 2016-06-04 14:01 - 00002301 _____ C:\Users\Administrator 1\Desktop\windows updates.txt</p><p>2016-06-04 13:59 - 2016-06-04 13:59 - 00052580 _____ C:\Windows\system32\%Path_of_the_text_file%</p><p>2016-06-04 13:58 - 2015-12-14 16:24 - 00130880 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys</p><p>2016-06-04 13:57 - 2016-06-04 13:57 - 00000000 _____ C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf</p><p>2016-06-04 13:57 - 2015-09-22 16:36 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys</p><p>2016-06-04 06:11 - 2016-06-04 06:11 - 05753170 _____ C:\Users\Administrator 1\Desktop\FixDotNet20160604110612454.cab</p><p>2016-06-04 05:51 - 2016-06-04 05:51 - 00042608 _____ C:\Users\Administrator 1\Documents\cc_20160604_055131.reg</p><p>2016-06-04 05:45 - 2016-06-04 05:45 - 00003184 _____ C:\Windows\System32\Tasks\{6FB40337-B808-44A2-AC05-F0990E66C9B3}</p><p>2016-06-04 04:19 - 2016-06-04 04:27 - 00028464 _____ C:\Windows\system32\Drivers\libwasys.sys</p><p>2016-06-04 04:13 - 2016-06-04 04:13 - 18247680 _____ C:\Users\Administrator 1\Downloads\OPSWAT_GEARS_CLIENT_3445-7c867995737c1853977386e89a5560c5.msi</p><p>2016-06-04 04:03 - 2016-06-04 04:03 - 00113814 _____ C:\Users\Administrator 1\Documents\cc_20160604_040303.reg</p><p>2016-06-04 03:48 - 2016-06-21 08:07 - 00000000 ____D C:\Windows\SysWOW64\directx</p><p>2016-06-04 03:04 - 2016-06-04 03:04 - 00000288 _____ C:\Windows\Tasks\User_Feed_Synchronization-{BC7E3150-8E1F-4737-90CC-2F6DBB090B78}.job</p><p>2016-06-04 00:29 - 2016-06-04 00:29 - 06311712 _____ (Carifred) C:\Users\Administrator 1\Downloads\UVKSetup (1).exe</p><p>2016-06-03 08:19 - 2015-07-22 23:20 - 00000002 _____ C:\Windows\SysWOW64\config.bak</p><p>2016-06-03 08:19 - 2015-07-22 23:20 - 00000002 _____ C:\Windows\SysWOW64\autoexec.bak</p><p>2016-06-03 07:03 - 2016-06-03 07:03 - 03719680 _____ (CoolPDF Software, Inc.) C:\Users\Administrator 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolPDFReader.exe</p><p>2016-06-03 06:44 - 2016-06-21 01:43 - 00000000 ____D C:\Program Files (x86)\Razer</p><p>2016-06-03 06:44 - 2016-06-04 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer</p><p>2016-06-02 16:28 - 2016-06-02 16:28 - 00000000 ____D C:\ProgramData\MicroWorld</p><p>2016-06-02 11:58 - 2016-06-02 11:58 - 09565825 _____ C:\Users\Administrator 1\Downloads\ThePCJukeboxSetup.zip</p><p>2016-06-02 11:56 - 2016-06-02 11:56 - 07791349 _____ (Command Cubes ) C:\Users\Administrator 1\Downloads\CommandCubes.exe</p><p>2016-06-02 11:54 - 2016-06-02 11:54 - 04772869 _____ ( ) C:\Users\Administrator 1\Downloads\jukebox.exe</p><p>2016-06-02 11:53 - 2016-06-02 11:53 - 15634201 _____ (FunVibes Sarl ) C:\Users\Administrator 1\Downloads\VirtuosaTrial.exe</p><p>2016-06-02 11:48 - 2016-06-02 11:49 - 22417072 _____ (Mystik Media ) C:\Users\Administrator 1\Downloads\setup_blazemp.exe</p><p>2016-06-02 11:45 - 2016-06-02 11:47 - 134727920 _____ (ZenPoint) C:\Users\Administrator 1\Downloads\digitalcenter.exe</p><p>2016-06-02 11:40 - 2016-06-02 11:40 - 16016336 _____ (Ventis Media Inc. ) C:\Users\Administrator 1\Downloads\MediaMonkey_4.1.12.1798.exe</p><p>2016-06-02 11:39 - 2016-06-02 11:41 - 16657668 _____ C:\Users\Administrator 1\Downloads\jukebox_setup10.exe</p><p>2016-06-02 11:38 - 2016-06-02 11:38 - 05256331 _____ (T and K Software ) C:\Users\Administrator 1\Downloads\UJSetup_3_6_2014_913.exe</p><p>2016-06-02 11:15 - 2016-06-02 11:15 - 06944960 _____ ( ) C:\Users\Administrator 1\Downloads\Soundbase.exe</p><p>2016-06-02 11:15 - 2016-06-02 11:15 - 00754662 _____ C:\Users\Administrator 1\Downloads\Winamp_Essentials_6_7_8_9_10_11_12.exe</p><p>2016-06-02 11:13 - 2016-06-02 11:13 - 06635775 _____ C:\Users\Administrator 1\Downloads\zplayer_windows_setup.zip</p><p>2016-06-02 11:12 - 2016-06-02 11:12 - 02617177 _____ C:\Users\Administrator 1\Downloads\winyl_setup.zip</p><p>2016-06-02 11:11 - 2016-06-02 11:12 - 53493817 _____ C:\Users\Administrator 1\Downloads\MiamPlayer-0.8.0.exe</p><p>2016-06-02 11:11 - 2016-06-02 11:11 - 22216771 _____ C:\Users\Administrator 1\Downloads\jajuk-1.10.9-setup.exe</p><p>2016-06-02 11:09 - 2016-06-02 11:10 - 87266194 _____ C:\Users\Administrator 1\Downloads\kodi-16.1-Jarvis.exe</p><p>2016-06-02 11:09 - 2016-06-02 11:09 - 14601896 _____ (J. River, Inc.) C:\Users\Administrator 1\Downloads\MediaJukebox140166.exe</p><p>2016-06-02 11:02 - 2016-06-02 11:02 - 00000000 ____D C:\Users\Administrator 1\Downloads\Remove_MS_Upgrade_To_10_Nag</p><p>2016-06-02 08:33 - 2016-06-02 08:33 - 03507007 _____ C:\Users\Administrator 1\Downloads\emdb.zip</p><p>2016-06-02 07:04 - 2016-06-21 12:27 - 00000000 ____D C:\ProgramData\UVK</p><p>2016-06-02 05:15 - 2016-06-02 12:10 - 00000000 ____D C:\Users\Administrator 1\Downloads\stinger64-epo (1)</p><p>2016-05-31 20:07 - 2016-05-31 20:07 - 00025458 _____ C:\Users\Administrator 1\Documents\cc_20160531_200750.reg</p><p>2016-05-31 13:37 - 2016-05-31 13:37 - 00073078 _____ C:\Users\Administrator 1\Documents\cc_20160531_133743.reg</p><p>2016-05-31 11:24 - 2016-05-31 11:24 - 00003202 _____ C:\Windows\System32\Tasks\{61611F03-EC3F-46FD-B04B-BE87E86D89AF}</p><p>2016-05-31 02:42 - 2012-11-19 19:43 - 00688992 _____ (Swearware) C:\Users\Administrator 1\Documents\dds-2.scr</p><p>2016-05-31 02:35 - 2012-11-19 19:43 - 00688992 _____ (Swearware) C:\Users\Administrator 1\Documents\dds-1.scr</p><p>2016-05-31 02:31 - 2012-11-19 19:43 - 00688992 _____ (Swearware) C:\Users\Administrator 1\Documents\dds.scr</p><p>2016-05-31 01:34 - 2016-05-31 01:34 - 93270016 _____ C:\Windows\system32\config\SOFTWARE9131fc1d</p><p>2016-05-30 10:03 - 2016-05-30 10:03 - 17408375 _____ C:\Windows\system32\scan.db</p><p>2016-05-27 17:07 - 2016-05-27 17:07 - 00020550 _____ C:\Users\Administrator 1\Documents\cc_20160527_170755.reg</p><p>2016-05-27 16:46 - 2016-05-27 16:46 - 03536596 _____ C:\Users\Administrator 1\Desktop\system.nfo</p><p>2016-05-27 16:27 - 2016-06-05 11:07 - 00000000 ____D C:\Program Files (x86)\TrojanHunter</p><p>2016-05-26 23:16 - 2016-05-26 23:16 - 00119146 _____ C:\Users\Administrator 1\Documents\cc_20160526_231628.reg</p><p>2016-05-26 23:16 - 2016-05-26 23:16 - 00012380 _____ C:\Users\Administrator 1\Documents\cc_20160526_231652.reg</p><p>2016-05-26 22:49 - 2016-06-22 21:31 - 00003468 _____ C:\Windows\System32\Tasks\UninstallMonitor</p><p>2016-05-26 22:46 - 2014-03-07 11:25 - 00042496 _____ C:\Windows\SysWOW64\AdvUninstCPL.cpl</p><p>2016-05-24 22:59 - 2016-06-04 04:26 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\Metadefender-Client</p><p>2016-05-24 22:35 - 2016-05-24 22:35 - 95682560 _____ C:\Windows\system32\config\software.bhv</p><p>2016-05-24 22:35 - 2016-05-24 22:35 - 22282240 _____ C:\Windows\system32\config\system.bhv</p><p>2016-05-24 22:35 - 2016-05-24 22:35 - 00524288 _____ C:\Windows\system32\config\default.bhv</p><p>2016-05-24 22:35 - 2016-05-24 22:35 - 00098304 _____ C:\Windows\system32\config\sam.bhv</p><p>2016-05-24 22:35 - 2016-05-24 22:35 - 00032768 _____ C:\Windows\system32\config\security.bhv</p><p>2016-05-24 21:56 - 2016-05-24 21:57 - 02248504 _____ (Runscanner.net) C:\Users\Administrator 1\Downloads\runscanner.exe</p><p>2016-05-24 04:12 - 2016-05-24 04:12 - 00000666 _____ C:\gdbdrem.dat</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-06-22 22:06 - 2015-09-19 12:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2016-06-22 22:04 - 2009-07-13 23:45 - 00025088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2016-06-22 22:04 - 2009-07-13 23:45 - 00025088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2016-06-22 21:29 - 2015-11-02 23:02 - 00022509 _____ C:\Users\Administrator 1\Desktop\attach.txt</p><p>2016-06-22 20:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf</p><p>2016-06-22 20:06 - 2015-03-23 23:02 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys</p><p>2016-06-22 19:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\inetsrv</p><p>2016-06-22 19:04 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2016-06-22 12:30 - 2015-03-18 11:28 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\ElevatedDiagnostics</p><p>2016-06-22 12:29 - 2015-06-22 19:01 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\Downloaded Installations</p><p>2016-06-22 12:23 - 2015-03-23 19:46 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\InstallShield</p><p>2016-06-22 11:57 - 2015-07-18 21:57 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\uTorrent</p><p>2016-06-22 11:56 - 2015-03-21 22:33 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\CrashDumps</p><p>2016-06-22 09:57 - 2015-12-14 17:14 - 00000000 ____D C:\Users\Administrator 1</p><p>2016-06-21 20:01 - 2016-05-21 15:07 - 00000000 ____D C:\Users\Administrator 1\Downloads\backups</p><p>2016-06-21 19:56 - 2015-12-07 22:47 - 00003927 _____ C:\Users\Administrator 1\Desktop\vlk product key.txt</p><p>2016-06-21 19:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF</p><p>2016-06-21 18:26 - 2015-08-18 22:34 - 00000945 _____ C:\Users\Administrator 1\Desktop\Auslogics Duplicate File Finder.lnk</p><p>2016-06-21 18:24 - 2009-07-14 00:08 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT</p><p>2016-06-21 17:02 - 2015-10-20 21:43 - 00000000 ____D C:\Program Files\7-Zip</p><p>2016-06-21 16:45 - 2015-06-30 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime</p><p>2016-06-21 16:20 - 2015-03-24 22:25 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\Apple Computer</p><p>2016-06-21 15:07 - 2015-08-30 15:41 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk</p><p>2016-06-21 15:07 - 2015-08-30 15:41 - 00002179 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk</p><p>2016-06-21 12:33 - 2015-12-14 17:15 - 00000000 ____D C:\Users\Classic .NET AppPool</p><p>2016-06-21 12:33 - 2015-12-14 17:14 - 00000000 ____D C:\Users\DefaultAppPool</p><p>2016-06-21 12:16 - 2015-09-21 01:33 - 00000000 ____D C:\Program Files\Java</p><p>2016-06-21 12:14 - 2009-11-12 21:45 - 00000000 ____D C:\Program Files (x86)\Java</p><p>2016-06-21 12:13 - 2015-12-15 10:02 - 00000000 ____D C:\Windows\Minidump</p><p>2016-06-21 08:35 - 2015-12-14 17:15 - 00000000 ____D C:\Users\Guest</p><p>2016-06-21 08:35 - 2015-12-14 17:14 - 00000000 ____D C:\Users\WOUTempAdmin</p><p>2016-06-21 08:35 - 2015-12-14 17:14 - 00000000 ____D C:\Users\Me</p><p>2016-06-21 08:24 - 2015-12-14 17:13 - 00850538 _____ C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2016-06-21 08:24 - 2009-07-14 00:13 - 00880878 _____ C:\Windows\system32\PerfStringBackup.INI</p><p>2016-06-21 08:13 - 2015-07-17 11:54 - 00000000 ____D C:\Windows\SysWOW64\Adobe</p><p>2016-06-21 08:13 - 2015-06-25 17:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed</p><p>2016-06-21 08:11 - 2015-08-18 16:02 - 00000000 ____D C:\Users\Administrator 1\.oracle_jre_usage</p><p>2016-06-21 07:51 - 2009-07-13 23:54 - 00000749 ____R C:\Windows\WindowsShell.Manifest</p><p>2016-06-21 07:51 - 2009-07-13 22:20 - 00000000 ___RD C:\Users\Public\Libraries</p><p>2016-06-21 07:50 - 2009-07-13 21:34 - 00000577 _____ C:\Windows\win.ini</p><p>2016-06-21 07:47 - 2015-05-02 02:19 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</p><p>2016-06-20 23:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration</p><p>2016-06-20 21:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache</p><p>2016-06-20 21:25 - 2015-12-14 21:51 - 00112560 _____ C:\Users\Administrator 1\AppData\Local\GDIPFONTCACHEV1.DAT</p><p>2016-06-20 21:21 - 2009-07-13 23:45 - 00421312 _____ C:\Windows\system32\FNTCACHE.DAT</p><p>2016-06-20 10:42 - 2014-07-17 23:20 - 00000000 ____D C:\Windows\system32\MRT</p><p>2016-06-20 10:19 - 2016-05-10 01:10 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2016-06-19 23:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Msdtc</p><p>2016-06-19 23:33 - 2015-12-14 17:11 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys</p><p>2016-06-19 18:59 - 2015-09-28 11:02 - 00000000 ____D C:\Users\new</p><p>2016-06-19 18:59 - 2015-09-24 16:51 - 00000000 ____D C:\Users\Bree</p><p>2016-06-19 18:59 - 2015-07-26 21:27 - 00000000 ____D C:\Users\Administrator</p><p>2016-06-07 00:02 - 2015-08-16 20:20 - 00000000 ____D C:\Windows\Microsoft Antimalware</p><p>2016-06-06 01:00 - 2015-04-29 21:05 - 00000000 ____D C:\Windows\pss</p><p>2016-06-05 20:46 - 2016-05-08 13:52 - 00000000 ____D C:\Users\Administrator 1\Downloads\Apup_1_4_42</p><p>2016-05-31 20:05 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini</p><p>2016-05-30 10:31 - 2009-11-12 21:47 - 00000000 ____D C:\Program Files (x86)\TOSHIBA</p><p>2016-05-30 10:31 - 2009-11-12 21:46 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information</p><p>2016-05-30 09:00 - 2013-05-21 14:43 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Corporation</p><p>2016-05-27 18:57 - 2015-12-10 14:07 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\2Browse</p><p>2016-05-27 18:30 - 2016-05-20 23:19 - 00000000 ___RD C:\Users\Administrator 1\New Briefcase</p><p>2016-05-26 19:10 - 2015-08-25 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker</p><p>2016-05-26 18:36 - 2015-03-17 09:51 - 00000000 ____D C:\Windows\erdnt</p><p>2016-05-24 22:35 - 2015-12-14 17:21 - 00000000 ____D C:\Users\TEMP</p><p>2016-05-24 22:07 - 2016-05-21 20:53 - 00000000 ____D C:\Users\Public\Downloads\Norton</p><p>2016-05-24 21:51 - 2015-12-09 00:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor</p><p>2016-05-24 21:42 - 2016-05-20 20:39 - 00000000 ____D C:\Windows\System32\Tasks\Remediation</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\Users\Administrator 1\oarpman.exe</p><p></p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\Administrator 1\AppData\Local\Temp\dllnt_dump.dll</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\dnsapi.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2016-06-20 21:51</p><p></p><p>==================== End of FRST.txt ============================</p><p></p><p></p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01</p><p>Ran by Administrator 1 (2016-06-22 22:29:31)</p><p>Running from C:\Users\Administrator 1\Desktop</p><p>Windows 7 Home Premium Service Pack 1 (X64) (2015-12-15 00:20:51)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-1965651932-3507908794-2345626874-500 - Administrator - Enabled)</p><p>Administrator 1 (S-1-5-21-1965651932-3507908794-2345626874-1003 - Administrator - Enabled) => C:\Users\Administrator 1</p><p>ASPNET (S-1-5-21-1965651932-3507908794-2345626874-1007 - Limited - Enabled)</p><p>Guest (S-1-5-21-1965651932-3507908794-2345626874-501 - Limited - Enabled) => C:\Users\Guest</p><p>HomeGroupUser$ (S-1-5-21-1965651932-3507908794-2345626874-1002 - Limited - Enabled)</p><p>Me (S-1-5-21-1965651932-3507908794-2345626874-1000 - Administrator - Enabled) => C:\Users\Me</p><p>WOUTempAdmin (S-1-5-21-1965651932-3507908794-2345626874-1009 - Administrator - Enabled) => C:\Users\WOUTempAdmin</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>µTorrent (HKU\S-1-5-21-1965651932-3507908794-2345626874-1000\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)</p><p>µTorrent (HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)</p><p>µTorrent (HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)</p><p>3ivx MPEG-4 5.0.4 (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.4) (Version: 5.0.4 - 3ivx Technologies, Pty. Ltd.)</p><p>7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)</p><p>Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\AU11_is1) (Version: 12.11.0.46 - Innovative Solutions)</p><p>Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)</p><p>Blaze Media Pro (HKLM-x32\...\Blaze Media Pro) (Version: 9.10 - Mystik Media)</p><p>Blaze Media Pro (x32 Version: 9.10 - Mystik Media) Hidden</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Brother MFL-Pro Suite DCP-L2540DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)</p><p>CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)</p><p>Command Cubes V1.1 Release 1 (HKLM-x32\...\Command Cubes_is1) (Version: 1.0 - Command Cubes)</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)</p><p>Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden</p><p>Grammarly (HKLM-x32\...\{F8ADEE0D-3143-4E71-8CCD-9423105A6199}_is1) (Version: 4.1.1.85 - Grammarly)</p><p>High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden</p><p>ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)</p><p>Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)</p><p>LightBox Free Image Editor (HKLM-x32\...\LightBox Free Image Editor) (Version: - )</p><p>Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)</p><p>Logitech Gaming Software 8.74 (HKLM\...\Logitech Gaming Software) (Version: 8.74.80 - Logitech Inc.)</p><p>Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)</p><p>M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1 (HKLM-x32\...\M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1) (Version: 1 - Softpointer Inc)</p><p>Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)</p><p>Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)</p><p>Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)</p><p>Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)</p><p>Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)</p><p>Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2015 RC Redistributable (x86) - 14.0.22816 (HKLM-x32\...\{714692fa-709b-4925-8170-821d51135f42}) (Version: 14.0.22816.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)</p><p>Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)</p><p>MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)</p><p>MP3 Converter V4.9.4 (HKLM-x32\...\MP3 Converter_is1) (Version: - MP3 Converter, Inc.)</p><p>MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)</p><p>NeoSetup Updater (HKLM-x32\...\RPD_is1) (Version: 3.9.0.0 - Innovative Solutions)</p><p>Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)</p><p>QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)</p><p>Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)</p><p>Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)</p><p>Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)</p><p>Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)</p><p>Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden</p><p>Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)</p><p>Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)</p><p>Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)</p><p>swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden</p><p>Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.18 - Synaptics Incorporated)</p><p>TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)</p><p>TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)</p><p>TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)</p><p>TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)</p><p>TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)</p><p>TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )</p><p>TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)</p><p>TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.0 - TOSHIBA Corporation)</p><p>TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)</p><p>Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)</p><p>TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)</p><p>TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)</p><p>TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)</p><p>TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )</p><p>TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )</p><p>TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )</p><p>TOSHIBA Upgrade Assistant (HKLM-x32\...\{41773726-92D0-4265-A0F8-DD980CA1AEC4}) (Version: 1.1.9 - TOSHIBA Corporation)</p><p>TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)</p><p>ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)</p><p>Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)</p><p>Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)</p><p>Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)</p><p>Windows Repair Toolbox version 1.3.1.2 (HKLM-x32\...\{A8D7DA31-9E70-437D-97C4-C4887752E029}_is1) (Version: 1.3.1.2 - Alexandre Miguel Canotilho Coelho)</p><p>Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {0557E08B-1BB3-437B-A874-4C1149D7A97B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION</p><p>Task: {08607930-9EBC-48D6-8B18-F98BC5529B2F} - System32\Tasks\NeoSetup Updater => C:\Program Files (x86)\Innovative Solutions\NeoSetup Updater\NeoSetup_Updater.exe</p><p>Task: {08C6EB6E-2258-461C-858C-3C63EA76607B} - System32\Tasks\{39EB8DBB-DEF2-4D95-ABCF-89F3EFBA04E6} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"</p><p>Task: {0CF96361-46C7-4DC2-81E7-C60879BFCC74} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION</p><p>Task: {1465BA68-91BE-4F80-8BFC-0368B34B5B71} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION</p><p>Task: {1E532EAE-B7F5-4779-A384-E366EB271B74} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2016-06-17] (Innovative Solutions GRUP SRL)</p><p>Task: {25A52A2A-AFD8-46A2-98CE-568DAA7301C4} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2016-06-17] (Innovative Solutions)</p><p>Task: {2ADE0FC8-BA6B-44A4-BDCB-628F943A0F02} - \System Cleaner Pro Auto Start -> No File <==== ATTENTION</p><p>Task: {30D94A24-739A-4828-AB8F-07C165EA0764} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION</p><p>Task: {35807094-18F3-44B7-934A-AAC32550F23C} - \Test Task -> No File <==== ATTENTION</p><p>Task: {3A772E7E-5D85-4507-9C7A-5D7A4E729732} - \{40180B8C-8803-4782-9D3F-ED666E3C2404} -> No File <==== ATTENTION</p><p>Task: {3B5AE708-05A5-4971-B2D7-B48EDA701C9D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION</p><p>Task: {461D55DB-DB36-4172-AD87-45927BA3963C} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2016-06-17] (Innovative Solutions)</p><p>Task: {46442888-E7F4-45CD-9FE1-9C6A32D7D97A} - \Papuir -> No File <==== ATTENTION</p><p>Task: {49780261-AFB6-48EB-8F79-6D155095CFE3} - System32\Tasks\Opera scheduled Autoupdate 1439869261 => C:\Program Files (x86)\Opera\launcher.exe</p><p>Task: {513E8706-0C05-48B0-9002-A8924CD31D93} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION</p><p>Task: {5F1FA2D8-4241-4B91-880A-BEB4B1D0BEE3} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)</p><p>Task: {607B3ED6-DF09-429A-BF92-E325161E871F} - \Notify Helper -> No File <==== ATTENTION</p><p>Task: {68AD79B8-E95B-4C72-AB94-95A8DE936362} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks</p><p>Task: {77D745FB-6213-4C93-82C2-B95B3B4CE933} - \{730A3329-FF00-4114-AC50-FD0663025A12} -> No File <==== ATTENTION</p><p>Task: {866E8A2F-C0D7-4E36-A012-AFDA8E95C914} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION</p><p>Task: {8EF1C0E7-B230-45C4-9749-918444EB7A12} - no filepath</p><p>Task: {90D4B127-66EA-4CC2-9365-F3EA80E43099} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION</p><p>Task: {91831711-F2D4-4F86-B0C5-D2EC3F1B869B} - \TunePro360 Updater -> No File <==== ATTENTION</p><p>Task: {9FDC86E0-8AAE-4AB5-8946-8A879E337CE1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION</p><p>Task: {A032EA25-3DEC-488E-BF55-F3D5AD95782A} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [2016-06-01] ()</p><p>Task: {A57B3E80-05EE-4BE5-8DDE-ECD24DFC9A85} - \DAHCX1 -> No File <==== ATTENTION</p><p>Task: {A5D41AFB-9201-42F2-9F91-AC23A4CCDD70} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)</p><p>Task: {B31B028C-D6AF-4605-B2FB-BD28D76F278D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION</p><p>Task: {C3F62C22-9672-4C17-9C35-F3677FCC82B2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION</p><p>Task: {C50C79DB-68D3-426B-AEA4-8487F1449BAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)</p><p>Task: {C672E131-BCE9-458E-A45F-C78F7B779828} - \{37C0DAF1-5E8F-4076-940E-48E07C1297A2} -> No File <==== ATTENTION</p><p>Task: {D13A5E88-FBA6-484F-8355-B521E7FC49FD} - \{C1F8056C-6473-4556-9D01-049B8D8160DF} -> No File <==== ATTENTION</p><p>Task: {D41E1650-F5B8-4393-984A-44B4F7F3047E} - System32\Tasks\{6FB40337-B808-44A2-AC05-F0990E66C9B3} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe" -d "C:\Program Files\SUPERAntiSpyware"</p><p>Task: {DC030481-99B8-4D93-91C3-B64086AE674C} - System32\Tasks\{61611F03-EC3F-46FD-B04B-BE87E86D89AF} => pcalua.exe -a "C:\Users\Administrator 1\Downloads\revouninstaller\revouninstaller-portable\Revouninstaller.exe"</p><p>Task: {E8A400F0-BAB3-4D8B-8EB7-B4F1A7C56FF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)</p><p>Task: {FFDCC192-969F-4CB6-AC07-573508B191CD} - \{8AB9242E-6D49-4C74-B250-0BA5F470961B} -> No File <==== ATTENTION</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe</p><p>Task: C:\Windows\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe</p><p>Task: C:\Windows\Tasks\User_Feed_Synchronization-{BC7E3150-8E1F-4737-90CC-2F6DBB090B78}.job => C:\Windows\system32\msfeedssync.exe</p><p></p><p>==================== Shortcuts =============================</p><p></p><p>(The entries could be listed to be restored or removed.)</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2009-01-12 07:15 - 2009-01-12 07:15 - 00071096 _____ () C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe</p><p>2016-05-14 15:28 - 2005-04-21 23:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll</p><p>2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF</p><p>2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll</p><p>2015-03-06 19:07 - 2015-03-06 19:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll</p><p>2015-09-19 16:20 - 2015-09-19 16:20 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll</p><p>2015-03-06 19:07 - 2015-03-06 19:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll</p><p>2015-09-19 16:20 - 2015-09-19 16:20 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll</p><p>2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF</p><p>2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll</p><p>2016-06-20 03:29 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll</p><p>2016-06-20 03:29 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll</p><p>2016-06-20 03:29 - 2016-06-15 04:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47924330.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55553409.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87815172.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47924330.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55553409.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87815172.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"</p><p></p><p>==================== Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2016-06-05 21:26 - 2016-06-21 19:18 - 00000835 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\Control Panel\Desktop\\Wallpaper -> </p><p>HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\WOUTempAdmin\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg</p><p>HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\Control Panel\Desktop\\Wallpaper -> </p><p>HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> </p><p>DNS Servers: 192.168.1.1</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\Services: !SASCORE => 2</p><p>MSCONFIG\Services: MBAMService => 2</p><p>MSCONFIG\Services: MozillaMaintenance => 3</p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe</p><p>FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe</p><p>FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe</p><p>FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe</p><p>FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe</p><p>FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe</p><p>FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe</p><p>FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe</p><p>FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe</p><p>FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe</p><p>FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe</p><p>FirewallRules: [TCP Query User{957446FC-E352-478A-A510-1144459FA375}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe</p><p>FirewallRules: [UDP Query User{979FCCCC-D141-4B14-9191-FBF553C82E51}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe</p><p></p><p>==================== Restore Points =========================</p><p></p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: ZAM Helper Driver</p><p>Description: ZAM Helper Driver</p><p>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</p><p>Manufacturer: </p><p>Service: ZAM</p><p>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</p><p>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</p><p>Devices stay in this state if they have been prepared for removal.</p><p>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</p><p></p><p>Name: ZAM Guard Driver</p><p>Description: ZAM Guard Driver</p><p>Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}</p><p>Manufacturer: </p><p>Service: ZAM_Guard</p><p>Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)</p><p>Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.</p><p>Devices stay in this state if they have been prepared for removal.</p><p>After you remove the device, this error disappears.Remove the device, and this error should be resolved.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (06/22/2016 02:52:41 PM) (Source: ESENT) (EventID: 455) (User: )</p><p>Description: DllHost (3792) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Administrator 1\AppData\Local\Microsoft\Windows\WebCache\V01001D5.log.</p><p></p><p>Error: (06/22/2016 11:47:27 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC)</p><p>Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0.</p><p></p><p>Error: (06/22/2016 11:47:27 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC)</p><p>Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0.</p><p></p><p>Error: (06/22/2016 09:31:19 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC)</p><p>Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0.</p><p></p><p>Error: (06/22/2016 09:31:19 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC)</p><p>Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0.</p><p></p><p>Error: (06/22/2016 08:03:31 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC)</p><p>Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0.</p><p></p><p>Error: (06/22/2016 08:03:31 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC)</p><p>Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0.</p><p></p><p>Error: (06/22/2016 07:26:03 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )</p><p>Description: 80004005</p><p></p><p>Error: (06/22/2016 06:06:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )</p><p>Description: 80004005</p><p></p><p>Error: (06/22/2016 05:00:46 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )</p><p>Description: Acquisition of genuine ticket failed (hr=0xC004C533) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (06/22/2016 10:14:21 PM) (Source: DCOM) (EventID: 10016) (User: Me-PC)</p><p>Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Me-PCAdministrator 1S-1-5-21-1965651932-3507908794-2345626874-1003LocalHost (Using LRPC)</p><p></p><p>Error: (06/22/2016 10:00:34 PM) (Source: LPDSVC) (EventID: 4009) (User: )</p><p>Description: \\192.168.1.46\RT-AC87U192.168.1.1</p><p></p><p>Error: (06/22/2016 09:51:13 PM) (Source: DCOM) (EventID: 10016) (User: Me-PC)</p><p>Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Me-PCAdministrator 1S-1-5-21-1965651932-3507908794-2345626874-1003LocalHost (Using LRPC)</p><p></p><p>Error: (06/22/2016 09:51:07 PM) (Source: volsnap) (EventID: 14) (User: )</p><p>Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.</p><p></p><p>Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort1.</p><p></p><p>Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort1.</p><p></p><p>Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort1.</p><p></p><p>Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort1.</p><p></p><p>Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort1.</p><p></p><p>Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: )</p><p>Description: The driver detected a controller error on \Device\Ide\IdePort1.</p><p></p><p></p><p>CodeIntegrity:</p><p>===================================</p><p> Date: 2016-06-22 16:55:45.120</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2016-06-22 16:55:45.089</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2016-05-26 19:12:09.327</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2016-05-26 19:12:09.281</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-12-04 19:29:25.319</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-12-04 19:29:25.292</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-09-27 13:16:18.962</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-09-27 13:16:18.915</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-09-27 13:15:19.994</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2015-09-27 13:15:19.994</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz</p><p>Percentage of memory in use: 75%</p><p>Total physical RAM: 2939.99 MB</p><p>Available physical RAM: 710.7 MB</p><p>Total Virtual: 5878.16 MB</p><p>Available Virtual: 2957.71 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (TI105736W0B) (Fixed) (Total:224 GB) (Free:148.09 GB) NTFS ==>[system with boot components (obtained from drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E662A431)</p><p>Partition 1: (Active) - (Size=1.5 GB) - (Type=27)</p><p>Partition 2: (Not Active) - (Size=224 GB) - (Type=07 NTFS)</p><p></p><p>==================== End of Addition.txt ============================</p><p>[/code]</p><p></p><p>[code]</p><p># AdwCleaner v5.200 - Logfile created 22/06/2016 at 23:02:23</p><p># Updated 14/06/2016 by ToolsLib</p><p># Database : 2016-06-22.1 [Server]</p><p># Operating system : Windows 7 Home Premium Service Pack 1 (X64)</p><p># Username : Administrator 1 - ME-PC</p><p># Running from : C:\Users\Administrator 1\Desktop\adwcleaner_5.200.exe</p><p># Option : Scan</p><p># Support : [URL="https://toolslib.net/forum"]ToolsLib[/URL]</p><p></p><p>***** [ Services ] *****</p><p></p><p></p><p>***** [ Folders ] *****</p><p></p><p></p><p>***** [ Files ] *****</p><p></p><p></p><p>***** [ DLL ] *****</p><p></p><p></p><p>***** [ WMI ] *****</p><p></p><p></p><p>***** [ Shortcuts ] *****</p><p></p><p></p><p>***** [ Scheduled tasks ] *****</p><p></p><p></p><p>***** [ Registry ] *****</p><p></p><p></p><p>***** [ Web browsers ] *****</p><p></p><p></p><p>*************************</p><p></p><p>C:\AdwCleaner\AdwCleaner[S1].txt - [664 bytes] - [22/06/2016 23:02:23]</p><p></p><p>########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [736 bytes] ##########[/code]</p></blockquote><p></p>
[QUOTE="KennyGordacki, post: 517508, member: 53506"] [code]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01 Ran by Administrator 1 (administrator) on ME-PC (22-06-2016 22:26:57) Running from C:\Users\Administrator 1\Desktop Loaded Profiles: Me & Administrator 1 & WOUTempAdmin & Guest & Classic .NET AppPool & DefaultAppPool (Available Profiles: Me & Administrator 1 & WOUTempAdmin & Guest & Classic .NET AppPool & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe () C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation) C:\Windows\System32\snmp.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Users\Administrator 1\Downloads\msert.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-08-25] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2015-03-23] (Realtek Semiconductor) HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15003256 2015-09-19] (Logitech Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-12] (Nullsoft, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1965651932-3507908794-2345626874-1000\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\Policies\Explorer: [NoBandCustomize] 0 HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\Policies\Explorer: [RestrictRun] 0 HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation) HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation) HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\Policies\system: [NoAdminPage] 0 ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2E8CE929-0F8D-41E0-9F1D-F2BB08560D3E}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1965651932-3507908794-2345626874-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1965651932-3507908794-2345626874-501\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"]www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.google.com"]www.google.com[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://[URL="http://www.google.com"]www.google.com[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://[URL="http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"]www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/URL] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome"]www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome[/URL] HKU\S-1-5-21-1965651932-3507908794-2345626874-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com HKU\S-1-5-21-1965651932-3507908794-2345626874-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/URL] HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://[URL="http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"]www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA[/URL] HKU\S-1-5-21-1965651932-3507908794-2345626874-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://[URL="http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"]www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA[/URL] HKU\S-1-5-21-1965651932-3507908794-2345626874-501\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com HKU\S-1-5-21-1965651932-3507908794-2345626874-501\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/WOL_WCP HKU\S-1-5-21-1965651932-3507908794-2345626874-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA"]www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA[/URL] SearchScopes: HKLM -> DefaultScope {86EE1317-27B5-4DE0-A8C2-2F505B915BCF} URL = hxxp://[URL="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA"]www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/URL] SearchScopes: HKLM -> {86EE1317-27B5-4DE0-A8C2-2F505B915BCF} URL = hxxp://[URL="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA"]www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/URL] SearchScopes: HKLM-x32 -> DefaultScope {86EE1317-27B5-4DE0-A8C2-2F505B915BCF} URL = hxxp://[URL="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA"]www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/URL] SearchScopes: HKLM-x32 -> {86EE1317-27B5-4DE0-A8C2-2F505B915BCF} URL = hxxp://[URL="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA"]www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/URL] SearchScopes: HKU\S-1-5-21-1965651932-3507908794-2345626874-1000 -> {EF641CB9-A500-480E-ABFC-370E51010B2B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8 SearchScopes: HKU\S-1-5-21-1965651932-3507908794-2345626874-1009 -> {01D045E4-EFC1-427C-86D1-25D5F1841A99} URL = SearchScopes: HKU\S-1-5-21-1965651932-3507908794-2345626874-1009 -> {792B6456-FB40-4F4B-BEAD-8C167F1D40B1} URL = SearchScopes: HKU\S-1-5-21-1965651932-3507908794-2345626874-1009 -> {EF641CB9-A500-480E-ABFC-370E51010B2B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8 SearchScopes: HKU\S-1-5-21-1965651932-3507908794-2345626874-501 -> {EF641CB9-A500-480E-ABFC-370E51010B2B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8 SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-1965651932-3507908794-2345626874-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1965651932-3507908794-2345626874-501 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Administrator 1\AppData\Roaming\Mozilla\Firefox\Profiles\8faqmhbu.default FF NewTab: about:home FF DefaultSearchEngine: Bing FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home); FF Keyword.URL: hxxp://[URL="http://www.bing.com/search?FORM=U270DF&PC=U270&q="]www.bing.com/search?FORM=U270DF&PC=U270&q=[/URL] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-07] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-07] (Google Inc.) FF SearchPlugin: C:\Users\Administrator 1\AppData\Roaming\Mozilla\Firefox\Profiles\8faqmhbu.default\searchplugins\bing-.xml [2015-12-14] FF Extension: Bing Search - C:\Users\Administrator 1\AppData\Roaming\Mozilla\Firefox\Profiles\8faqmhbu.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-12-14] FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2015-12-14] [not signed] Chrome: ======= CHR Profile: C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-04] CHR Extension: (Google Docs) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-04] CHR Extension: (Google Drive) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-04] CHR Extension: (YouTube) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-04] CHR Extension: (Google Sheets) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-04] CHR Extension: (Google Docs Offline) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-04] CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh [2016-06-22] CHR Extension: (Gmail) - C:\Users\Administrator 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-04] Opera: ======= OPR Session Restore: -> is enabled. ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed] R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1065496 2016-06-17] () R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-19] (Logitech Inc.) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation) R2 NMSAccess; C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe [71096 2009-01-12] () R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-08-25] (Synaptics Incorporated) S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation) S3 TOSHIBA HDD SSD Alert Service; C:\Program Files (x86)\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation) S2 Razer Game Scanner Service; no ImagePath ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation) S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [28464 2016-06-04] () R1 MpKsld8615e31; C:\Windows\Temp\MpKsld8615e31.sys [44928 2016-06-22] (Microsoft Corporation) S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed] R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.) S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [190232 2015-03-23] (Windows (R) Win 7 DDK provider) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-08-25] (Synaptics Incorporated) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-22 22:22 - 2016-06-22 22:22 - 03703360 _____ C:\Users\Administrator 1\Desktop\adwcleaner_5.200.exe 2016-06-22 22:22 - 2016-06-22 22:22 - 03703360 _____ C:\Users\Administrator 1\Desktop\adwcleaner_5.200 (1).exe 2016-06-22 21:56 - 2016-06-22 22:26 - 00021587 _____ C:\Users\Administrator 1\Desktop\FRST.txt 2016-06-22 21:52 - 2016-06-22 21:53 - 02387456 _____ (Farbar) C:\Users\Administrator 1\Desktop\FRST64.exe 2016-06-22 21:40 - 2016-06-22 21:40 - 04291320 _____ (BrightFort LLC ) C:\Users\Administrator 1\Downloads\spywareblastersetup55.exe 2016-06-22 21:36 - 2016-06-22 21:37 - 139855128 _____ (Microsoft Corporation) C:\Users\Administrator 1\Downloads\msert.exe 2016-06-22 21:32 - 2016-06-22 21:32 - 00000000 ____D C:\Users\Administrator 1\Desktop\backups 2016-06-22 21:29 - 2016-06-22 21:29 - 00023083 _____ C:\Users\Administrator 1\Desktop\dds.txt 2016-06-22 21:27 - 2016-06-22 21:27 - 00688992 ____R (Swearware) C:\Users\Administrator 1\Downloads\dds.com 2016-06-22 21:27 - 2016-06-22 21:27 - 00688992 _____ (Swearware) C:\Users\Administrator 1\Downloads\dds.scr 2016-06-22 21:27 - 2016-06-22 21:27 - 00688992 _____ (Swearware) C:\Users\Administrator 1\Downloads\dds.exe 2016-06-22 20:42 - 2016-06-22 20:43 - 00033546 _____ C:\Users\Administrator 1\Downloads\MTB.txt 2016-06-22 20:41 - 2016-06-22 20:41 - 00892416 _____ (Farbar) C:\Users\Administrator 1\Downloads\MiniToolBox.exe 2016-06-22 18:59 - 2016-06-22 18:59 - 00001787 _____ C:\Users\Administrator 1\Downloads\fixlist.txt 2016-06-22 18:57 - 2016-06-22 20:05 - 00000000 ____D C:\ProgramData\HitmanPro 2016-06-22 18:56 - 2016-06-22 20:39 - 00000000 ____D C:\ProgramData\RogueKiller 2016-06-22 18:22 - 2016-06-22 18:22 - 00001200 _____ C:\Users\Administrator 1\Downloads\Fixlog.txt 2016-06-22 18:20 - 2016-06-22 18:22 - 00001344 _____ C:\Users\Administrator 1\Desktop\fixtext.txt 2016-06-22 18:09 - 2016-06-22 20:31 - 00036268 _____ C:\Users\Administrator 1\Downloads\Addition.txt 2016-06-22 18:08 - 2016-06-22 20:31 - 00064236 _____ C:\Users\Administrator 1\Downloads\FRST.txt 2016-06-22 16:42 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe 2016-06-22 16:42 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe 2016-06-22 16:42 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-06-22 16:42 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-06-22 16:42 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe 2016-06-22 16:42 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe 2016-06-22 16:42 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe 2016-06-22 16:41 - 2016-06-22 16:41 - 00000000 ____D C:\Qoobox 2016-06-22 16:37 - 2016-06-22 16:37 - 02387456 _____ (Farbar) C:\Users\Administrator 1\Downloads\FRST64.exe 2016-06-22 16:36 - 2016-06-22 18:25 - 00001787 _____ C:\Users\Administrator 1\Downloads\fixlist (1).txt 2016-06-22 15:53 - 2016-06-22 15:53 - 00000000 ____D C:\Users\Administrator 1\Downloads\mbrfix 2016-06-22 15:52 - 2016-06-22 15:52 - 00138820 _____ C:\Users\Administrator 1\Downloads\mbrfix.zip 2016-06-22 15:52 - 2016-06-22 15:52 - 00138820 _____ C:\Users\Administrator 1\Downloads\mbrfix (1).zip 2016-06-22 15:52 - 2016-06-22 15:52 - 00000000 ____D C:\Users\Administrator 1\Downloads\mbrfix (1) 2016-06-22 15:46 - 2016-06-22 16:19 - 00001711 _____ C:\Users\Administrator 1\Desktop\firsttext.txt 2016-06-22 14:48 - 2016-06-22 14:48 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\NPE 2016-06-22 14:47 - 2016-06-22 14:47 - 00001676 _____ C:\Users\Administrator 1\Desktop\Fixlog.txt 2016-06-22 12:21 - 2016-06-22 12:21 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\Adobe 2016-06-22 12:16 - 2016-06-22 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 2016-06-22 12:00 - 2016-06-22 12:16 - 00001700 _____ C:\Users\Administrator 1\Desktop\Advanced Uninstaller PRO 12.lnk 2016-06-22 12:00 - 2016-06-22 12:00 - 00000000 ____D C:\ProgramData\Innovative Solutions 2016-06-22 11:59 - 2016-06-22 12:00 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\Innovative Solutions 2016-06-22 11:59 - 2016-06-22 11:59 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions 2016-06-22 09:56 - 2016-06-22 11:32 - 00541087 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-06-22 09:56 - 2016-06-22 11:01 - 03909974 _____ C:\Windows\ZAM.krnl.trace 2016-06-22 09:42 - 2016-06-22 14:55 - 00035385 _____ C:\Users\Administrator 1\Desktop\Addition.txt 2016-06-22 09:29 - 2016-06-22 22:26 - 00000000 ____D C:\FRST 2016-06-21 22:57 - 2016-06-21 22:57 - 00000000 ____D C:\SpybotBootCD 2016-06-21 22:51 - 2016-06-21 22:51 - 01203312 _____ (Safer Networking Limited ) C:\Users\Administrator 1\Downloads\spybotbootcd-1.0.4.exe 2016-06-21 20:05 - 2016-06-21 20:05 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator 1\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe 2016-06-21 19:57 - 2016-06-21 19:57 - 00003927 _____ C:\Users\Administrator 1\Desktop\vlk product key 2.txt 2016-06-21 19:43 - 2016-06-21 19:44 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator 1\Desktop\HijackThis.exe 2016-06-21 17:00 - 2016-06-21 17:00 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\Alexandre_Miguel_Canotilh 2016-06-21 16:49 - 2016-06-21 16:49 - 00002804 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-06-21 16:48 - 2016-06-21 16:49 - 00000000 ____D C:\Program Files\CCleaner 2016-06-21 16:48 - 2016-06-21 16:48 - 00000877 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-06-21 16:48 - 2016-06-21 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-06-21 16:45 - 2016-06-21 16:45 - 00001900 _____ C:\Users\Public\Desktop\QuickTime Player.lnk 2016-06-21 16:44 - 2016-06-21 16:45 - 00000000 ____D C:\Program Files (x86)\QuickTime 2016-06-21 16:40 - 2016-06-21 16:52 - 41896256 _____ (Apple Inc.) C:\Users\Administrator 1\Downloads\QuickTimeInstaller.exe 2016-06-21 16:23 - 2016-06-21 16:23 - 00000000 ____D C:\ProgramData\WinZipSE 2016-06-21 16:19 - 2016-06-21 16:19 - 00001039 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Free.lnk 2016-06-21 16:19 - 2016-06-21 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.1 2016-06-21 16:19 - 2016-06-21 16:19 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1 2016-06-21 16:00 - 2016-06-21 16:02 - 00000000 ____D C:\ProgramData\WRData 2016-06-21 15:56 - 2016-06-22 12:23 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\JAM Software 2016-06-21 15:56 - 2016-06-21 15:56 - 00031450 _____ C:\Users\Administrator 1\Documents\cc_20160621_155631.reg 2016-06-21 15:48 - 2016-06-21 15:48 - 02557544 _____ (Microsoft Corporation) C:\Users\Administrator 1\Downloads\NDP46-KB3122661-x86.exe 2016-06-21 15:27 - 2016-06-21 15:27 - 00001038 _____ C:\Users\Public\Desktop\Winamp.lnk 2016-06-21 15:27 - 2016-06-21 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2016-06-21 15:26 - 2016-06-22 19:20 - 00000000 ____D C:\Windows_Repair_Toolbox 2016-06-21 15:26 - 2016-06-21 15:53 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\Winamp 2016-06-21 15:26 - 2016-06-21 15:30 - 00000000 ____D C:\Program Files (x86)\Winamp 2016-06-21 15:26 - 2016-06-21 15:26 - 00000829 _____ C:\Users\Public\Desktop\Windows Repair Toolbox.lnk 2016-06-21 15:26 - 2016-06-21 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Repair Toolbox 2016-06-21 15:24 - 2016-06-21 15:26 - 10328598 _____ (Nullsoft, Inc.) C:\Users\Administrator 1\Downloads\winamp5666_full_en-us_redux.exe 2016-06-21 15:15 - 2016-06-21 15:16 - 02016668 _____ (Alexandre Miguel Canotilho Coelho ) C:\Users\Administrator 1\Downloads\Windows_Repair_Toolbox_setup.exe 2016-06-21 15:00 - 2016-06-21 15:00 - 00000962 _____ C:\Users\Public\Desktop\Blaze Media Pro.lnk 2016-06-21 14:59 - 2016-06-21 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blaze Media Pro 2016-06-21 14:59 - 2016-06-21 15:00 - 00000000 ____D C:\Program Files (x86)\Blaze Media Pro 2016-06-21 14:57 - 2016-06-21 15:01 - 00000000 __HDC C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6} 2016-06-21 14:51 - 2016-06-21 14:51 - 00001153 _____ C:\Users\WOUTempAdmin\Desktop\Command Cubes Viewer.lnk 2016-06-21 14:51 - 2016-06-21 14:51 - 00001153 _____ C:\Users\Me\Desktop\Command Cubes Viewer.lnk 2016-06-21 14:51 - 2016-06-21 14:51 - 00001153 _____ C:\Users\Guest\Desktop\Command Cubes Viewer.lnk 2016-06-21 14:51 - 2016-06-21 14:51 - 00001153 _____ C:\Users\Administrator 1\Desktop\Command Cubes Viewer.lnk 2016-06-21 14:51 - 2016-06-21 14:51 - 00001128 _____ C:\Users\WOUTempAdmin\Desktop\Command Cubes Server.lnk 2016-06-21 14:51 - 2016-06-21 14:51 - 00001128 _____ C:\Users\Me\Desktop\Command Cubes Server.lnk 2016-06-21 14:51 - 2016-06-21 14:51 - 00001128 _____ C:\Users\Guest\Desktop\Command Cubes Server.lnk 2016-06-21 14:51 - 2016-06-21 14:51 - 00001128 _____ C:\Users\Administrator 1\Desktop\Command Cubes Server.lnk 2016-06-21 14:51 - 2016-06-21 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command Cubes 2016-06-21 14:51 - 2016-06-21 14:51 - 00000000 ____D C:\Program Files\winamp 2016-06-21 14:51 - 2016-06-21 14:51 - 00000000 ____D C:\Program Files (x86)\Command Cubes 2016-06-21 08:05 - 2016-06-21 08:05 - 00000274 _____ C:\Users\Public\Desktop\UVKRebootExecLog.txt 2016-06-21 07:55 - 2016-06-21 07:56 - 00002541 _____ C:\DelFix.txt 2016-06-21 07:54 - 2016-06-21 07:54 - 00000000 _____ C:\Users\Administrator 1\Downloads\delfix_1.013.exe.rfva3or.partial 2016-06-21 00:00 - 2016-06-21 00:00 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini 2016-06-20 23:35 - 2016-06-20 23:35 - 00000582 _____ C:\Users\Administrator 1\Desktop\keys.txt 2016-06-20 23:30 - 2016-06-20 23:33 - 00000000 ____D C:\Users\Administrator 1\Downloads\produkey-x64 (1) 2016-06-20 23:24 - 2016-06-20 23:24 - 00000621 _____ C:\Users\Administrator 1\Desktop\Product key.vbs 2016-06-20 07:50 - 2016-05-23 18:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-06-20 07:50 - 2016-05-23 17:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-06-20 07:50 - 2016-05-21 12:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-06-20 07:50 - 2016-05-21 11:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-06-20 07:50 - 2016-05-20 17:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-06-20 07:50 - 2016-05-20 17:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-06-20 07:50 - 2016-05-20 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-06-20 07:50 - 2016-05-20 17:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-06-20 07:50 - 2016-05-20 17:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-06-20 07:50 - 2016-05-20 17:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-06-20 07:50 - 2016-05-20 17:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-06-20 07:50 - 2016-05-20 17:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-06-20 07:50 - 2016-05-20 17:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-06-20 07:50 - 2016-05-20 17:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-06-20 07:50 - 2016-05-20 17:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-06-20 07:50 - 2016-05-20 16:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-06-20 07:50 - 2016-05-20 16:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-06-20 07:50 - 2016-05-20 16:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-06-20 07:50 - 2016-05-20 16:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-06-20 07:50 - 2016-05-20 16:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-06-20 07:50 - 2016-05-20 16:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-06-20 07:50 - 2016-05-20 16:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-06-20 07:50 - 2016-05-20 16:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-06-20 07:50 - 2016-05-20 16:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-06-20 07:50 - 2016-05-20 16:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-06-20 07:50 - 2016-05-20 16:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-06-20 07:50 - 2016-05-20 16:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-06-20 07:50 - 2016-05-20 16:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-06-20 07:50 - 2016-05-20 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-06-20 07:50 - 2016-05-20 16:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-06-20 07:50 - 2016-05-20 16:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-06-20 07:50 - 2016-05-20 16:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-06-20 07:50 - 2016-05-20 16:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-06-20 07:50 - 2016-05-20 16:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-06-20 07:50 - 2016-05-20 16:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-06-20 07:50 - 2016-05-20 16:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-06-20 07:50 - 2016-05-20 16:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-06-20 07:50 - 2016-05-20 16:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-06-20 07:50 - 2016-05-20 16:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-06-20 07:50 - 2016-05-20 16:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-06-20 07:50 - 2016-05-20 16:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-06-20 07:50 - 2016-05-20 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-06-20 07:50 - 2016-05-20 16:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-06-20 07:50 - 2016-05-20 16:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-06-20 07:50 - 2016-05-20 16:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-06-20 07:50 - 2016-05-20 16:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-06-20 07:50 - 2016-05-20 16:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-06-20 07:50 - 2016-05-20 16:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-06-20 07:50 - 2016-05-20 16:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-06-20 07:50 - 2016-05-20 16:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-06-20 07:50 - 2016-05-20 16:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-06-20 07:50 - 2016-05-20 16:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-06-20 07:50 - 2016-05-20 16:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-06-20 07:50 - 2016-05-20 16:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-06-20 07:50 - 2016-05-20 16:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-06-20 07:50 - 2016-05-20 16:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-06-20 07:50 - 2016-05-20 16:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-06-20 07:50 - 2016-05-20 16:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-06-20 07:50 - 2016-05-20 16:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-06-20 07:50 - 2016-05-20 16:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-06-20 07:50 - 2016-05-20 15:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-06-20 07:50 - 2016-05-20 15:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-06-20 07:50 - 2016-05-20 15:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-06-20 07:50 - 2016-05-20 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-06-20 07:50 - 2016-05-20 15:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-06-20 07:50 - 2016-05-20 15:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-06-20 07:49 - 2016-05-18 11:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-06-20 07:49 - 2016-05-18 11:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-06-20 07:49 - 2016-05-13 17:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-06-20 07:49 - 2016-05-13 17:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-06-20 07:49 - 2016-05-13 17:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-06-20 07:49 - 2016-05-13 17:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-06-20 07:49 - 2016-05-13 17:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-06-20 07:49 - 2016-05-13 16:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-06-20 07:49 - 2016-05-13 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-06-20 07:49 - 2016-05-13 16:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-06-20 07:49 - 2016-05-13 16:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-06-20 07:49 - 2016-05-13 16:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-06-20 07:49 - 2016-05-12 12:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-06-20 07:49 - 2016-05-12 12:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-06-20 07:49 - 2016-05-12 12:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-06-20 07:49 - 2016-05-12 12:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-06-20 07:49 - 2016-05-12 12:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll 2016-06-20 07:49 - 2016-05-12 12:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-06-20 07:49 - 2016-05-12 12:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-06-20 07:49 - 2016-05-12 12:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2016-06-20 07:49 - 2016-05-12 12:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-06-20 07:49 - 2016-05-12 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-06-20 07:49 - 2016-05-12 10:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-06-20 07:49 - 2016-05-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-06-20 07:49 - 2016-05-12 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-06-20 07:49 - 2016-05-12 09:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-06-20 07:49 - 2016-05-12 09:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-06-20 07:49 - 2016-05-12 09:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-06-20 07:49 - 2016-05-12 09:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-06-20 07:49 - 2016-05-12 09:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-06-20 07:49 - 2016-05-12 09:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-06-20 07:49 - 2016-05-12 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-06-20 07:49 - 2016-05-12 09:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-06-20 07:49 - 2016-05-12 09:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-06-20 07:49 - 2016-05-12 08:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-06-20 07:49 - 2016-05-12 08:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-06-20 07:49 - 2016-05-12 08:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-06-20 07:49 - 2016-05-11 12:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2016-06-20 07:49 - 2016-05-11 12:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-06-20 07:49 - 2016-05-11 12:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2016-06-20 07:49 - 2016-05-11 12:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2016-06-20 07:49 - 2016-05-11 10:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2016-06-20 07:49 - 2016-05-11 10:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2016-06-20 07:49 - 2016-05-11 10:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2016-06-20 07:49 - 2016-05-11 10:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll 2016-06-20 07:49 - 2016-05-11 10:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2016-06-20 07:49 - 2016-05-11 10:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe 2016-06-20 07:49 - 2016-05-11 09:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2016-06-19 20:35 - 2016-06-19 20:35 - 00000000 ____D C:\Users\Administrator 1\Downloads\FixWin 2016-06-19 19:17 - 2016-06-19 19:17 - 00003448 _____ C:\Windows\System32\Tasks\NeoSetup Updater 2016-06-19 19:16 - 2016-06-19 19:16 - 00001377 _____ C:\Users\Administrator 1\Desktop\NeoSetup Updater.lnk 2016-06-19 19:16 - 2016-06-19 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSetup Updater 2016-06-19 19:01 - 2016-06-22 21:31 - 00003688 _____ C:\Windows\System32\Tasks\AupAvUpdate 2016-06-19 19:01 - 2016-06-22 19:04 - 00000356 _____ C:\Windows\Tasks\Health-Check.job 2016-06-19 19:01 - 2016-06-22 18:02 - 00000364 _____ C:\Windows\Tasks\Health-Check-deep.job 2016-06-19 19:01 - 2016-06-22 12:16 - 00001584 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk 2016-06-19 19:01 - 2016-06-19 19:01 - 00002960 _____ C:\Windows\System32\Tasks\Health-Check-deep 2016-06-19 19:01 - 2016-06-19 19:01 - 00002952 _____ C:\Windows\System32\Tasks\Health-Check 2016-06-19 18:53 - 2016-06-19 18:53 - 01742664 _____ (Kaspersky Lab) C:\Users\Administrator 1\Downloads\kts16.0.0.614a bcden_9363.exe 2016-06-19 18:22 - 2016-06-19 18:22 - 93585408 _____ C:\Windows\system32\config\SOFTWARE.dw_backup 2016-06-18 23:07 - 2016-06-18 23:07 - 00000000 ____D C:\.Trash-0 2016-06-06 01:44 - 2016-06-06 01:44 - 00004952 _____ C:\Users\Administrator 1\Desktop\list1.txt 2016-06-06 01:42 - 2016-06-06 01:46 - 00000234 _____ C:\Users\Administrator 1\Desktop\remove all updates.bat 2016-06-05 21:26 - 2016-06-05 21:26 - 00000000 _____ C:\Windows\system32\Drivers\etc\hosts_bak_427 2016-06-05 13:08 - 2016-06-05 23:56 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts.bak 2016-06-05 11:07 - 2016-06-05 11:07 - 00003106 _____ C:\Windows\System32\Tasks\{39EB8DBB-DEF2-4D95-ABCF-89F3EFBA04E6} 2016-06-05 07:13 - 2016-06-05 07:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2016-06-05 07:04 - 2016-06-05 07:04 - 00000036 _____ C:\Windows\system32\Drivers\etc\hosts_bak_110 2016-06-04 22:31 - 2016-06-04 22:32 - 00010347 _____ C:\uninstall.cmd 2016-06-04 22:26 - 2016-06-04 22:26 - 00005384 _____ C:\list.txt 2016-06-04 14:08 - 2016-06-05 06:50 - 00000000 ____D C:\Windows\SoftwareDistribution.bak 2016-06-04 14:05 - 2016-06-04 14:05 - 00000477 _____ C:\Users\Administrator 1\Desktop\Update files batch to remove windows updates installed.bat 2016-06-04 14:01 - 2016-06-04 14:01 - 00002301 _____ C:\Users\Administrator 1\Desktop\windows updates.txt 2016-06-04 13:59 - 2016-06-04 13:59 - 00052580 _____ C:\Windows\system32\%Path_of_the_text_file% 2016-06-04 13:58 - 2015-12-14 16:24 - 00130880 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys 2016-06-04 13:57 - 2016-06-04 13:57 - 00000000 _____ C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf 2016-06-04 13:57 - 2015-09-22 16:36 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys 2016-06-04 06:11 - 2016-06-04 06:11 - 05753170 _____ C:\Users\Administrator 1\Desktop\FixDotNet20160604110612454.cab 2016-06-04 05:51 - 2016-06-04 05:51 - 00042608 _____ C:\Users\Administrator 1\Documents\cc_20160604_055131.reg 2016-06-04 05:45 - 2016-06-04 05:45 - 00003184 _____ C:\Windows\System32\Tasks\{6FB40337-B808-44A2-AC05-F0990E66C9B3} 2016-06-04 04:19 - 2016-06-04 04:27 - 00028464 _____ C:\Windows\system32\Drivers\libwasys.sys 2016-06-04 04:13 - 2016-06-04 04:13 - 18247680 _____ C:\Users\Administrator 1\Downloads\OPSWAT_GEARS_CLIENT_3445-7c867995737c1853977386e89a5560c5.msi 2016-06-04 04:03 - 2016-06-04 04:03 - 00113814 _____ C:\Users\Administrator 1\Documents\cc_20160604_040303.reg 2016-06-04 03:48 - 2016-06-21 08:07 - 00000000 ____D C:\Windows\SysWOW64\directx 2016-06-04 03:04 - 2016-06-04 03:04 - 00000288 _____ C:\Windows\Tasks\User_Feed_Synchronization-{BC7E3150-8E1F-4737-90CC-2F6DBB090B78}.job 2016-06-04 00:29 - 2016-06-04 00:29 - 06311712 _____ (Carifred) C:\Users\Administrator 1\Downloads\UVKSetup (1).exe 2016-06-03 08:19 - 2015-07-22 23:20 - 00000002 _____ C:\Windows\SysWOW64\config.bak 2016-06-03 08:19 - 2015-07-22 23:20 - 00000002 _____ C:\Windows\SysWOW64\autoexec.bak 2016-06-03 07:03 - 2016-06-03 07:03 - 03719680 _____ (CoolPDF Software, Inc.) C:\Users\Administrator 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolPDFReader.exe 2016-06-03 06:44 - 2016-06-21 01:43 - 00000000 ____D C:\Program Files (x86)\Razer 2016-06-03 06:44 - 2016-06-04 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2016-06-02 16:28 - 2016-06-02 16:28 - 00000000 ____D C:\ProgramData\MicroWorld 2016-06-02 11:58 - 2016-06-02 11:58 - 09565825 _____ C:\Users\Administrator 1\Downloads\ThePCJukeboxSetup.zip 2016-06-02 11:56 - 2016-06-02 11:56 - 07791349 _____ (Command Cubes ) C:\Users\Administrator 1\Downloads\CommandCubes.exe 2016-06-02 11:54 - 2016-06-02 11:54 - 04772869 _____ ( ) C:\Users\Administrator 1\Downloads\jukebox.exe 2016-06-02 11:53 - 2016-06-02 11:53 - 15634201 _____ (FunVibes Sarl ) C:\Users\Administrator 1\Downloads\VirtuosaTrial.exe 2016-06-02 11:48 - 2016-06-02 11:49 - 22417072 _____ (Mystik Media ) C:\Users\Administrator 1\Downloads\setup_blazemp.exe 2016-06-02 11:45 - 2016-06-02 11:47 - 134727920 _____ (ZenPoint) C:\Users\Administrator 1\Downloads\digitalcenter.exe 2016-06-02 11:40 - 2016-06-02 11:40 - 16016336 _____ (Ventis Media Inc. ) C:\Users\Administrator 1\Downloads\MediaMonkey_4.1.12.1798.exe 2016-06-02 11:39 - 2016-06-02 11:41 - 16657668 _____ C:\Users\Administrator 1\Downloads\jukebox_setup10.exe 2016-06-02 11:38 - 2016-06-02 11:38 - 05256331 _____ (T and K Software ) C:\Users\Administrator 1\Downloads\UJSetup_3_6_2014_913.exe 2016-06-02 11:15 - 2016-06-02 11:15 - 06944960 _____ ( ) C:\Users\Administrator 1\Downloads\Soundbase.exe 2016-06-02 11:15 - 2016-06-02 11:15 - 00754662 _____ C:\Users\Administrator 1\Downloads\Winamp_Essentials_6_7_8_9_10_11_12.exe 2016-06-02 11:13 - 2016-06-02 11:13 - 06635775 _____ C:\Users\Administrator 1\Downloads\zplayer_windows_setup.zip 2016-06-02 11:12 - 2016-06-02 11:12 - 02617177 _____ C:\Users\Administrator 1\Downloads\winyl_setup.zip 2016-06-02 11:11 - 2016-06-02 11:12 - 53493817 _____ C:\Users\Administrator 1\Downloads\MiamPlayer-0.8.0.exe 2016-06-02 11:11 - 2016-06-02 11:11 - 22216771 _____ C:\Users\Administrator 1\Downloads\jajuk-1.10.9-setup.exe 2016-06-02 11:09 - 2016-06-02 11:10 - 87266194 _____ C:\Users\Administrator 1\Downloads\kodi-16.1-Jarvis.exe 2016-06-02 11:09 - 2016-06-02 11:09 - 14601896 _____ (J. River, Inc.) C:\Users\Administrator 1\Downloads\MediaJukebox140166.exe 2016-06-02 11:02 - 2016-06-02 11:02 - 00000000 ____D C:\Users\Administrator 1\Downloads\Remove_MS_Upgrade_To_10_Nag 2016-06-02 08:33 - 2016-06-02 08:33 - 03507007 _____ C:\Users\Administrator 1\Downloads\emdb.zip 2016-06-02 07:04 - 2016-06-21 12:27 - 00000000 ____D C:\ProgramData\UVK 2016-06-02 05:15 - 2016-06-02 12:10 - 00000000 ____D C:\Users\Administrator 1\Downloads\stinger64-epo (1) 2016-05-31 20:07 - 2016-05-31 20:07 - 00025458 _____ C:\Users\Administrator 1\Documents\cc_20160531_200750.reg 2016-05-31 13:37 - 2016-05-31 13:37 - 00073078 _____ C:\Users\Administrator 1\Documents\cc_20160531_133743.reg 2016-05-31 11:24 - 2016-05-31 11:24 - 00003202 _____ C:\Windows\System32\Tasks\{61611F03-EC3F-46FD-B04B-BE87E86D89AF} 2016-05-31 02:42 - 2012-11-19 19:43 - 00688992 _____ (Swearware) C:\Users\Administrator 1\Documents\dds-2.scr 2016-05-31 02:35 - 2012-11-19 19:43 - 00688992 _____ (Swearware) C:\Users\Administrator 1\Documents\dds-1.scr 2016-05-31 02:31 - 2012-11-19 19:43 - 00688992 _____ (Swearware) C:\Users\Administrator 1\Documents\dds.scr 2016-05-31 01:34 - 2016-05-31 01:34 - 93270016 _____ C:\Windows\system32\config\SOFTWARE9131fc1d 2016-05-30 10:03 - 2016-05-30 10:03 - 17408375 _____ C:\Windows\system32\scan.db 2016-05-27 17:07 - 2016-05-27 17:07 - 00020550 _____ C:\Users\Administrator 1\Documents\cc_20160527_170755.reg 2016-05-27 16:46 - 2016-05-27 16:46 - 03536596 _____ C:\Users\Administrator 1\Desktop\system.nfo 2016-05-27 16:27 - 2016-06-05 11:07 - 00000000 ____D C:\Program Files (x86)\TrojanHunter 2016-05-26 23:16 - 2016-05-26 23:16 - 00119146 _____ C:\Users\Administrator 1\Documents\cc_20160526_231628.reg 2016-05-26 23:16 - 2016-05-26 23:16 - 00012380 _____ C:\Users\Administrator 1\Documents\cc_20160526_231652.reg 2016-05-26 22:49 - 2016-06-22 21:31 - 00003468 _____ C:\Windows\System32\Tasks\UninstallMonitor 2016-05-26 22:46 - 2014-03-07 11:25 - 00042496 _____ C:\Windows\SysWOW64\AdvUninstCPL.cpl 2016-05-24 22:59 - 2016-06-04 04:26 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\Metadefender-Client 2016-05-24 22:35 - 2016-05-24 22:35 - 95682560 _____ C:\Windows\system32\config\software.bhv 2016-05-24 22:35 - 2016-05-24 22:35 - 22282240 _____ C:\Windows\system32\config\system.bhv 2016-05-24 22:35 - 2016-05-24 22:35 - 00524288 _____ C:\Windows\system32\config\default.bhv 2016-05-24 22:35 - 2016-05-24 22:35 - 00098304 _____ C:\Windows\system32\config\sam.bhv 2016-05-24 22:35 - 2016-05-24 22:35 - 00032768 _____ C:\Windows\system32\config\security.bhv 2016-05-24 21:56 - 2016-05-24 21:57 - 02248504 _____ (Runscanner.net) C:\Users\Administrator 1\Downloads\runscanner.exe 2016-05-24 04:12 - 2016-05-24 04:12 - 00000666 _____ C:\gdbdrem.dat ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-22 22:06 - 2015-09-19 12:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-22 22:04 - 2009-07-13 23:45 - 00025088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-22 22:04 - 2009-07-13 23:45 - 00025088 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-22 21:29 - 2015-11-02 23:02 - 00022509 _____ C:\Users\Administrator 1\Desktop\attach.txt 2016-06-22 20:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-06-22 20:06 - 2015-03-23 23:02 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-06-22 19:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\inetsrv 2016-06-22 19:04 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-22 12:30 - 2015-03-18 11:28 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\ElevatedDiagnostics 2016-06-22 12:29 - 2015-06-22 19:01 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\Downloaded Installations 2016-06-22 12:23 - 2015-03-23 19:46 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\InstallShield 2016-06-22 11:57 - 2015-07-18 21:57 - 00000000 ____D C:\Users\Administrator 1\AppData\Roaming\uTorrent 2016-06-22 11:56 - 2015-03-21 22:33 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\CrashDumps 2016-06-22 09:57 - 2015-12-14 17:14 - 00000000 ____D C:\Users\Administrator 1 2016-06-21 20:01 - 2016-05-21 15:07 - 00000000 ____D C:\Users\Administrator 1\Downloads\backups 2016-06-21 19:56 - 2015-12-07 22:47 - 00003927 _____ C:\Users\Administrator 1\Desktop\vlk product key.txt 2016-06-21 19:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF 2016-06-21 18:26 - 2015-08-18 22:34 - 00000945 _____ C:\Users\Administrator 1\Desktop\Auslogics Duplicate File Finder.lnk 2016-06-21 18:24 - 2009-07-14 00:08 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-06-21 17:02 - 2015-10-20 21:43 - 00000000 ____D C:\Program Files\7-Zip 2016-06-21 16:45 - 2015-06-30 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2016-06-21 16:20 - 2015-03-24 22:25 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\Apple Computer 2016-06-21 15:07 - 2015-08-30 15:41 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk 2016-06-21 15:07 - 2015-08-30 15:41 - 00002179 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk 2016-06-21 12:33 - 2015-12-14 17:15 - 00000000 ____D C:\Users\Classic .NET AppPool 2016-06-21 12:33 - 2015-12-14 17:14 - 00000000 ____D C:\Users\DefaultAppPool 2016-06-21 12:16 - 2015-09-21 01:33 - 00000000 ____D C:\Program Files\Java 2016-06-21 12:14 - 2009-11-12 21:45 - 00000000 ____D C:\Program Files (x86)\Java 2016-06-21 12:13 - 2015-12-15 10:02 - 00000000 ____D C:\Windows\Minidump 2016-06-21 08:35 - 2015-12-14 17:15 - 00000000 ____D C:\Users\Guest 2016-06-21 08:35 - 2015-12-14 17:14 - 00000000 ____D C:\Users\WOUTempAdmin 2016-06-21 08:35 - 2015-12-14 17:14 - 00000000 ____D C:\Users\Me 2016-06-21 08:24 - 2015-12-14 17:13 - 00850538 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-06-21 08:24 - 2009-07-14 00:13 - 00880878 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-21 08:13 - 2015-07-17 11:54 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2016-06-21 08:13 - 2015-06-25 17:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-06-21 08:11 - 2015-08-18 16:02 - 00000000 ____D C:\Users\Administrator 1\.oracle_jre_usage 2016-06-21 07:51 - 2009-07-13 23:54 - 00000749 ____R C:\Windows\WindowsShell.Manifest 2016-06-21 07:51 - 2009-07-13 22:20 - 00000000 ___RD C:\Users\Public\Libraries 2016-06-21 07:50 - 2009-07-13 21:34 - 00000577 _____ C:\Windows\win.ini 2016-06-21 07:47 - 2015-05-02 02:19 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-20 23:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration 2016-06-20 21:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2016-06-20 21:25 - 2015-12-14 21:51 - 00112560 _____ C:\Users\Administrator 1\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-20 21:21 - 2009-07-13 23:45 - 00421312 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-20 10:42 - 2014-07-17 23:20 - 00000000 ____D C:\Windows\system32\MRT 2016-06-20 10:19 - 2016-05-10 01:10 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-06-19 23:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Msdtc 2016-06-19 23:33 - 2015-12-14 17:11 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2016-06-19 18:59 - 2015-09-28 11:02 - 00000000 ____D C:\Users\new 2016-06-19 18:59 - 2015-09-24 16:51 - 00000000 ____D C:\Users\Bree 2016-06-19 18:59 - 2015-07-26 21:27 - 00000000 ____D C:\Users\Administrator 2016-06-07 00:02 - 2015-08-16 20:20 - 00000000 ____D C:\Windows\Microsoft Antimalware 2016-06-06 01:00 - 2015-04-29 21:05 - 00000000 ____D C:\Windows\pss 2016-06-05 20:46 - 2016-05-08 13:52 - 00000000 ____D C:\Users\Administrator 1\Downloads\Apup_1_4_42 2016-05-31 20:05 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini 2016-05-30 10:31 - 2009-11-12 21:47 - 00000000 ____D C:\Program Files (x86)\TOSHIBA 2016-05-30 10:31 - 2009-11-12 21:46 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2016-05-30 09:00 - 2013-05-21 14:43 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Corporation 2016-05-27 18:57 - 2015-12-10 14:07 - 00000000 ____D C:\Users\Administrator 1\AppData\Local\2Browse 2016-05-27 18:30 - 2016-05-20 23:19 - 00000000 ___RD C:\Users\Administrator 1\New Briefcase 2016-05-26 19:10 - 2015-08-25 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker 2016-05-26 18:36 - 2015-03-17 09:51 - 00000000 ____D C:\Windows\erdnt 2016-05-24 22:35 - 2015-12-14 17:21 - 00000000 ____D C:\Users\TEMP 2016-05-24 22:07 - 2016-05-21 20:53 - 00000000 ____D C:\Users\Public\Downloads\Norton 2016-05-24 21:51 - 2015-12-09 00:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor 2016-05-24 21:42 - 2016-05-20 20:39 - 00000000 ____D C:\Windows\System32\Tasks\Remediation Files to move or delete: ==================== C:\Users\Administrator 1\oarpman.exe Some files in TEMP: ==================== C:\Users\Administrator 1\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-20 21:51 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01 Ran by Administrator 1 (2016-06-22 22:29:31) Running from C:\Users\Administrator 1\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2015-12-15 00:20:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1965651932-3507908794-2345626874-500 - Administrator - Enabled) Administrator 1 (S-1-5-21-1965651932-3507908794-2345626874-1003 - Administrator - Enabled) => C:\Users\Administrator 1 ASPNET (S-1-5-21-1965651932-3507908794-2345626874-1007 - Limited - Enabled) Guest (S-1-5-21-1965651932-3507908794-2345626874-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-1965651932-3507908794-2345626874-1002 - Limited - Enabled) Me (S-1-5-21-1965651932-3507908794-2345626874-1000 - Administrator - Enabled) => C:\Users\Me WOUTempAdmin (S-1-5-21-1965651932-3507908794-2345626874-1009 - Administrator - Enabled) => C:\Users\WOUTempAdmin ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1965651932-3507908794-2345626874-1000\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-1965651932-3507908794-2345626874-501\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) 3ivx MPEG-4 5.0.4 (remove only) (HKLM-x32\...\3ivx MPEG-4 5.0.4) (Version: 5.0.4 - 3ivx Technologies, Pty. Ltd.) 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Advanced Uninstaller PRO - Version 12 (HKLM-x32\...\AU11_is1) (Version: 12.11.0.46 - Innovative Solutions) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.) Blaze Media Pro (HKLM-x32\...\Blaze Media Pro) (Version: 9.10 - Mystik Media) Blaze Media Pro (x32 Version: 9.10 - Mystik Media) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brother MFL-Pro Suite DCP-L2540DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform) Command Cubes V1.1 Release 1 (HKLM-x32\...\Command Cubes_is1) (Version: 1.0 - Command Cubes) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Grammarly (HKLM-x32\...\{F8ADEE0D-3143-4E71-8CCD-9423105A6199}_is1) (Version: 4.1.1.85 - Grammarly) High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel) LightBox Free Image Editor (HKLM-x32\...\LightBox Free Image Editor) (Version: - ) Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech) Logitech Gaming Software 8.74 (HKLM\...\Logitech Gaming Software) (Version: 8.74.80 - Logitech Inc.) Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1 (HKLM-x32\...\M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1) (Version: 1 - Softpointer Inc) Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816 (HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 - Microsoft Corporation) Microsoft Visual C++ 2015 RC Redistributable (x86) - 14.0.22816 (HKLM-x32\...\{714692fa-709b-4925-8170-821d51135f42}) (Version: 14.0.22816.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) MP3 Converter V4.9.4 (HKLM-x32\...\MP3 Converter_is1) (Version: - MP3 Converter, Inc.) MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz) NeoSetup Updater (HKLM-x32\...\RPD_is1) (Version: 3.9.0.0 - Innovative Solutions) Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.18 - Synaptics Incorporated) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA) TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA) TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - ) TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.0 - TOSHIBA Corporation) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION) Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA) TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Upgrade Assistant (HKLM-x32\...\{41773726-92D0-4265-A0F8-DD980CA1AEC4}) (Version: 1.1.9 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation) ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Repair Toolbox version 1.3.1.2 (HKLM-x32\...\{A8D7DA31-9E70-437D-97C4-C4887752E029}_is1) (Version: 1.3.1.2 - Alexandre Miguel Canotilho Coelho) Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0557E08B-1BB3-437B-A874-4C1149D7A97B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {08607930-9EBC-48D6-8B18-F98BC5529B2F} - System32\Tasks\NeoSetup Updater => C:\Program Files (x86)\Innovative Solutions\NeoSetup Updater\NeoSetup_Updater.exe Task: {08C6EB6E-2258-461C-858C-3C63EA76607B} - System32\Tasks\{39EB8DBB-DEF2-4D95-ABCF-89F3EFBA04E6} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe" Task: {0CF96361-46C7-4DC2-81E7-C60879BFCC74} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {1465BA68-91BE-4F80-8BFC-0368B34B5B71} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {1E532EAE-B7F5-4779-A384-E366EB271B74} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe [2016-06-17] (Innovative Solutions GRUP SRL) Task: {25A52A2A-AFD8-46A2-98CE-568DAA7301C4} - System32\Tasks\Health-Check => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2016-06-17] (Innovative Solutions) Task: {2ADE0FC8-BA6B-44A4-BDCB-628F943A0F02} - \System Cleaner Pro Auto Start -> No File <==== ATTENTION Task: {30D94A24-739A-4828-AB8F-07C165EA0764} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {35807094-18F3-44B7-934A-AAC32550F23C} - \Test Task -> No File <==== ATTENTION Task: {3A772E7E-5D85-4507-9C7A-5D7A4E729732} - \{40180B8C-8803-4782-9D3F-ED666E3C2404} -> No File <==== ATTENTION Task: {3B5AE708-05A5-4971-B2D7-B48EDA701C9D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {461D55DB-DB36-4172-AD87-45927BA3963C} - System32\Tasks\Health-Check-deep => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe [2016-06-17] (Innovative Solutions) Task: {46442888-E7F4-45CD-9FE1-9C6A32D7D97A} - \Papuir -> No File <==== ATTENTION Task: {49780261-AFB6-48EB-8F79-6D155095CFE3} - System32\Tasks\Opera scheduled Autoupdate 1439869261 => C:\Program Files (x86)\Opera\launcher.exe Task: {513E8706-0C05-48B0-9002-A8924CD31D93} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {5F1FA2D8-4241-4B91-880A-BEB4B1D0BEE3} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION) Task: {607B3ED6-DF09-429A-BF92-E325161E871F} - \Notify Helper -> No File <==== ATTENTION Task: {68AD79B8-E95B-4C72-AB94-95A8DE936362} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks Task: {77D745FB-6213-4C93-82C2-B95B3B4CE933} - \{730A3329-FF00-4114-AC50-FD0663025A12} -> No File <==== ATTENTION Task: {866E8A2F-C0D7-4E36-A012-AFDA8E95C914} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {8EF1C0E7-B230-45C4-9749-918444EB7A12} - no filepath Task: {90D4B127-66EA-4CC2-9365-F3EA80E43099} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {91831711-F2D4-4F86-B0C5-D2EC3F1B869B} - \TunePro360 Updater -> No File <==== ATTENTION Task: {9FDC86E0-8AAE-4AB5-8946-8A879E337CE1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {A032EA25-3DEC-488E-BF55-F3D5AD95782A} - System32\Tasks\AupAvUpdate => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe [2016-06-01] () Task: {A57B3E80-05EE-4BE5-8DDE-ECD24DFC9A85} - \DAHCX1 -> No File <==== ATTENTION Task: {A5D41AFB-9201-42F2-9F91-AC23A4CCDD70} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd) Task: {B31B028C-D6AF-4605-B2FB-BD28D76F278D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {C3F62C22-9672-4C17-9C35-F3677FCC82B2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {C50C79DB-68D3-426B-AEA4-8487F1449BAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {C672E131-BCE9-458E-A45F-C78F7B779828} - \{37C0DAF1-5E8F-4076-940E-48E07C1297A2} -> No File <==== ATTENTION Task: {D13A5E88-FBA6-484F-8355-B521E7FC49FD} - \{C1F8056C-6473-4556-9D01-049B8D8160DF} -> No File <==== ATTENTION Task: {D41E1650-F5B8-4393-984A-44B4F7F3047E} - System32\Tasks\{6FB40337-B808-44A2-AC05-F0990E66C9B3} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe" -d "C:\Program Files\SUPERAntiSpyware" Task: {DC030481-99B8-4D93-91C3-B64086AE674C} - System32\Tasks\{61611F03-EC3F-46FD-B04B-BE87E86D89AF} => pcalua.exe -a "C:\Users\Administrator 1\Downloads\revouninstaller\revouninstaller-portable\Revouninstaller.exe" Task: {E8A400F0-BAB3-4D8B-8EB7-B4F1A7C56FF4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {FFDCC192-969F-4CB6-AC07-573508B191CD} - \{8AB9242E-6D49-4C74-B250-0BA5F470961B} -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Health-Check-deep.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe Task: C:\Windows\Tasks\Health-Check.job => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{BC7E3150-8E1F-4737-90CC-2F6DBB090B78}.job => C:\Windows\system32\msfeedssync.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2009-01-12 07:15 - 2009-01-12 07:15 - 00071096 _____ () C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe 2016-05-14 15:28 - 2005-04-21 23:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2015-03-06 19:07 - 2015-03-06 19:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2015-09-19 16:20 - 2015-09-19 16:20 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-06 19:07 - 2015-03-06 19:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2015-09-19 16:20 - 2015-09-19 16:20 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-06-20 03:29 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-20 03:29 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2016-06-20 03:29 - 2016-06-15 04:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47924330.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55553409.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87815172.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47924330.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55553409.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87815172.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-06-05 21:26 - 2016-06-21 19:18 - 00000835 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1965651932-3507908794-2345626874-1003\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-1965651932-3507908794-2345626874-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\WOUTempAdmin\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe FirewallRules: [TCP Query User{957446FC-E352-478A-A510-1144459FA375}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{979FCCCC-D141-4B14-9191-FBF553C82E51}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: ZAM Helper Driver Description: ZAM Helper Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ZAM Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: ZAM Guard Driver Description: ZAM Guard Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ZAM_Guard Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (06/22/2016 02:52:41 PM) (Source: ESENT) (EventID: 455) (User: ) Description: DllHost (3792) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Administrator 1\AppData\Local\Microsoft\Windows\WebCache\V01001D5.log. Error: (06/22/2016 11:47:27 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC) Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0. Error: (06/22/2016 11:47:27 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC) Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0. Error: (06/22/2016 09:31:19 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC) Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0. Error: (06/22/2016 09:31:19 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC) Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0. Error: (06/22/2016 08:03:31 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC) Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0. Error: (06/22/2016 08:03:31 AM) (Source: MsiInstaller) (EventID: 11606) (User: Me-PC) Description: Product: AntimalwareEngine -- Error 1606. Could not access network location \Antimalware Engine\3.0.129.0. Error: (06/22/2016 07:26:03 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (06/22/2016 06:06:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (06/22/2016 05:00:46 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: ) Description: Acquisition of genuine ticket failed (hr=0xC004C533) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f System errors: ============= Error: (06/22/2016 10:14:21 PM) (Source: DCOM) (EventID: 10016) (User: Me-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Me-PCAdministrator 1S-1-5-21-1965651932-3507908794-2345626874-1003LocalHost (Using LRPC) Error: (06/22/2016 10:00:34 PM) (Source: LPDSVC) (EventID: 4009) (User: ) Description: \\192.168.1.46\RT-AC87U192.168.1.1 Error: (06/22/2016 09:51:13 PM) (Source: DCOM) (EventID: 10016) (User: Me-PC) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Me-PCAdministrator 1S-1-5-21-1965651932-3507908794-2345626874-1003LocalHost (Using LRPC) Error: (06/22/2016 09:51:07 PM) (Source: volsnap) (EventID: 14) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (06/22/2016 09:50:19 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort1. CodeIntegrity: =================================== Date: 2016-06-22 16:55:45.120 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-06-22 16:55:45.089 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-26 19:12:09.327 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-26 19:12:09.281 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-04 19:29:25.319 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-04 19:29:25.292 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\TrueSight.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-27 13:16:18.962 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-27 13:16:18.915 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-27 13:15:19.994 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-27 13:15:19.994 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LGBusEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz Percentage of memory in use: 75% Total physical RAM: 2939.99 MB Available physical RAM: 710.7 MB Total Virtual: 5878.16 MB Available Virtual: 2957.71 MB ==================== Drives ================================ Drive c: (TI105736W0B) (Fixed) (Total:224 GB) (Free:148.09 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E662A431) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=224 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ [/code] [code] # AdwCleaner v5.200 - Logfile created 22/06/2016 at 23:02:23 # Updated 14/06/2016 by ToolsLib # Database : 2016-06-22.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : Administrator 1 - ME-PC # Running from : C:\Users\Administrator 1\Desktop\adwcleaner_5.200.exe # Option : Scan # Support : [URL="https://toolslib.net/forum"]ToolsLib[/URL] ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* C:\AdwCleaner\AdwCleaner[S1].txt - [664 bytes] - [22/06/2016 23:02:23] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [736 bytes] ##########[/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top