Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default laptop is very slow

    ran all the scans and everything and the computer is still very slow. thank you!

    here is the log file:

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 7:59:43 PM, on 6/8/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17801)

    FIREFOX: 38.0.5 (x86 en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Users\Jay\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    C:\Users\Jay\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    C:\Users\Jay\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...4z135t56k2o36r
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = msn
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
    O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Jay\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Jay\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
    O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2976GJ6705PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Jay\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
    O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O20 - AppInit_DLLs: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 16876 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi! My name is zep516 and Welcome to Help2go!
    I'll do the best I can to resolve your computer issue
    Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    Everything gets download to the desktop and tools are "Run as administrator."

    Please download Farbar Recovery Scan Tool and save it to your Desktop. You need the 64Bit version!

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will produce a log called FRST.txt in the same directory the tool is run from.[/*]
    • Please copy and paste log back here.[/*]
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.[/*]

  3. #3
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Due to lack of feedback, this topic will be closed.

  4. #4
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default

    sorry for the delay...running that scan

  5. #5
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
    Ran by Jay (administrator) on JAY-PC on 17-06-2015 19:00:08
    Running from C:\Users\Jay\Downloads
    Loaded Profiles: Jay (Available Profiles: Jay)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Spotify Ltd) C:\Users\Jay\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    () C:\Users\Jay\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
    (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Farbar) C:\Users\Jay\Downloads\FRST64(2).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-23] (Realtek Semiconductor)
    HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
    HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
    HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-24] (Egis Technology Inc.)
    HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-24] (Egis Technology Inc.)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
    HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)
    HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
    HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-05] (Avast Software s.r.o.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-27] (Google Inc.)
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-16] (SUPERAntiSpyware)
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\Run: [Spotify Web Helper] => C:\Users\Jay\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-06-08] (Spotify Ltd)
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\Run: [Amazon Cloud Player] => C:\Users\Jay\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2014-05-08] ()
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2676584 2011-06-08] (Hewlett-Packard Co.)
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\Run: [Spotify] => C:\Users\Jay\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-06-08] (Spotify Ltd)
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\MountPoints2: {274861d5-5974-11e4-bb96-88ae1d180da6} - E:\TLBootstrap_WPP.exe
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\MountPoints2: {8e4ff503-c515-11e0-946d-88ae1d180da6} - E:\setup.exe -a
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
    Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-03-02]
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-05] (Avast Software s.r.o.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-02-01] (Egis Technology Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-02-01] (Egis Technology Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Ask.com
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...4z135t56k2o36r
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKU\S-1-5-21-164707729-4257293227-1703370167-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS392US392
    SearchScopes: HKU\S-1-5-21-164707729-4257293227-1703370167-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS392US392
    SearchScopes: HKU\S-1-5-21-164707729-4257293227-1703370167-1001 -> {8563CF9A-9372-4D2F-83C9-C97C98ABB5C6} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
    BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-05] (Avast Software s.r.o.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-05] (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-05] (Avast Software s.r.o.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-05] (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
    BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-05] (Google Inc.)
    Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-06-05] (Google Inc.)
    Toolbar: HKU\S-1-5-21-164707729-4257293227-1703370167-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-06-05] (Google Inc.)
    Toolbar: HKU\S-1-5-21-164707729-4257293227-1703370167-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-164707729-4257293227-1703370167-1001 -> No Name - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Hosts: Hosts file not detected in the default directory
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\az3nzpia.default-1411041123732
    FF DefaultSearchEngine: Yahoo! (Avast)
    FF DefaultSearchEngine.US: Yahoo! (Avast)
    FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF SelectedSearchEngine: Yahoo! (Avast)
    FF Homepage: https://www.yahoo.com/?fr=hp-avast&type=agc511
    FF Keyword.URL: https://search.yahoo.com/yhs/search
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-06] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-06] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-164707729-4257293227-1703370167-1001: @nsroblox.roblox.com/launcher -> C:\Users\Jay\AppData\Local\Roblox\Versions\version-459b702c887942d4\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-02-26] (Coupons, Inc.)
    FF SearchPlugin: C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\az3nzpia.default-1411041123732\searchplugins\yahoo-avast.xml [2015-06-06]
    FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
    FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2014-04-24]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-05]

    Chrome:
    =======
    CHR Profile: C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-05]
    CHR Extension: (Google Docs) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
    CHR Extension: (Google Drive) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-05]
    CHR Extension: (YouTube) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-05]
    CHR Extension: (Google Search) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-05]
    CHR Extension: (Google Sheets) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-05]
    CHR Extension: (Avast Online Security) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-05]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-05]
    CHR Extension: (Google Wallet) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-05]
    CHR Extension: (Gmail) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-05]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-05]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-09-03] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-05] (Avast Software s.r.o.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
    S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-05] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-05] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-05] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-05] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-05] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-05] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-05] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-05] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-08] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-17 19:00 - 2015-06-17 19:03 - 00030122 _____ C:\Users\Jay\Downloads\FRST.txt
    2015-06-17 18:58 - 2015-06-17 19:00 - 00000000 ____D C:\FRST
    2015-06-17 18:57 - 2015-06-17 18:57 - 02109952 _____ (Farbar) C:\Users\Jay\Downloads\FRST64(2).exe
    2015-06-17 18:56 - 2015-06-17 18:57 - 02109952 _____ (Farbar) C:\Users\Jay\Downloads\FRST64(1).exe
    2015-06-17 18:53 - 2015-06-17 18:53 - 02109952 _____ (Farbar) C:\Users\Jay\Downloads\FRST64.exe
    2015-06-14 12:45 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-06-14 12:45 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-06-14 12:45 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-06-14 12:45 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-06-14 12:45 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-06-14 12:45 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-06-14 12:45 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-06-14 12:45 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-06-14 12:45 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-06-14 12:45 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-06-14 12:45 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-06-14 12:45 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-06-14 12:45 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-06-14 12:45 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-06-14 12:45 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-06-14 12:45 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-06-14 12:45 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-06-14 12:45 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-06-14 12:45 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-06-14 12:45 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-06-14 12:45 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-06-14 12:45 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-06-14 12:45 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-06-14 12:45 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-06-14 12:45 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-06-14 12:45 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-06-14 12:45 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-06-14 12:45 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-06-14 12:45 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-06-14 12:45 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-06-14 12:45 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-06-14 12:45 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-06-14 12:45 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-06-14 12:45 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-06-14 12:45 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-06-14 12:45 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-06-14 12:45 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-06-14 12:45 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-06-14 12:45 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-06-14 12:45 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-06-14 12:45 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-06-14 12:45 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-06-14 12:45 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-06-14 12:45 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-06-14 12:44 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-06-14 12:44 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-06-14 12:44 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-06-14 12:44 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-06-14 12:44 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-06-14 12:44 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-06-14 12:44 - 2015-05-22 23:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-06-14 12:44 - 2015-05-22 23:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-06-14 12:44 - 2015-05-22 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-06-14 12:44 - 2015-05-22 14:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-06-14 12:44 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-06-14 12:44 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2015-06-14 12:44 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
    2015-06-14 12:43 - 2015-06-01 15:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-06-14 12:43 - 2015-06-01 14:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-06-14 12:43 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-06-14 12:43 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-06-14 12:43 - 2015-05-22 23:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-06-14 12:43 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-06-14 12:43 - 2015-05-22 23:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-06-14 12:43 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-06-14 12:43 - 2015-05-22 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-06-14 12:43 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-06-14 12:43 - 2015-05-22 23:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-06-14 12:43 - 2015-05-22 23:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-06-14 12:43 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-06-14 12:43 - 2015-05-22 23:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-06-14 12:43 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-06-14 12:43 - 2015-05-22 22:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-06-14 12:43 - 2015-05-22 22:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-06-14 12:43 - 2015-05-22 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-06-14 12:43 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-06-14 12:43 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-06-14 12:43 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-06-14 12:43 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-06-14 12:43 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-06-14 12:43 - 2015-05-22 22:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-06-14 12:43 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-06-14 12:43 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-06-14 12:43 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-06-14 12:43 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-06-14 12:43 - 2015-05-22 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-06-14 12:43 - 2015-05-22 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-06-14 12:43 - 2015-05-22 15:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-06-14 12:43 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-06-14 12:43 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-06-14 12:43 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-06-14 12:43 - 2015-05-22 14:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-06-14 12:43 - 2015-05-22 14:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-06-14 12:43 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-06-14 12:43 - 2015-05-22 14:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-06-14 12:43 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-06-14 12:43 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-06-14 12:43 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-06-14 12:43 - 2015-05-22 14:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-06-14 12:43 - 2015-05-22 14:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-06-14 12:43 - 2015-05-22 14:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-06-14 12:43 - 2015-05-22 14:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-06-14 12:43 - 2015-05-22 14:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-06-14 12:43 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-06-14 12:43 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-06-14 12:43 - 2015-05-22 14:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-06-14 12:43 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-06-14 12:43 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-06-14 12:43 - 2015-05-22 14:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-06-14 12:43 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-06-14 12:43 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-06-14 12:43 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-06-14 12:43 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-06-06 10:37 - 2015-06-06 10:37 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
    2015-06-06 10:37 - 2015-06-06 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-06-06 10:36 - 2015-06-06 10:37 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-06-06 10:36 - 2015-06-06 10:37 - 00000000 ____D C:\Program Files\iTunes
    2015-06-06 10:36 - 2015-06-06 10:36 - 00000000 ____D C:\Program Files\iPod
    2015-06-06 10:36 - 2015-06-06 10:36 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-06-06 10:27 - 2015-06-06 10:27 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2015-06-06 10:27 - 2015-06-06 10:27 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2015-06-06 09:07 - 2015-06-06 09:07 - 00000017 _____ C:\Users\Jay\AppData\Local\resmon.resmoncfg
    2015-06-05 22:46 - 2015-06-05 22:46 - 00000000 ____D C:\Users\Jay\AppData\Roaming\AVAST Software
    2015-06-05 22:44 - 2015-06-17 13:03 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-06-05 22:44 - 2015-06-05 22:44 - 00001926 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-06-05 22:44 - 2015-06-05 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-06-05 22:43 - 2015-06-14 13:00 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-06-05 22:43 - 2015-06-05 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-06-05 22:42 - 2015-06-05 22:42 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-06-05 22:42 - 2015-06-05 22:42 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-06-05 22:42 - 2015-06-05 22:42 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-06-05 22:42 - 2015-06-05 22:42 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2015-06-05 22:42 - 2015-06-05 22:42 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
    2015-06-05 22:42 - 2015-06-05 22:42 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-06-05 22:42 - 2015-06-05 22:42 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-06-05 22:42 - 2015-06-05 22:42 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2015-06-05 22:42 - 2015-06-05 22:42 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-06-05 22:42 - 2015-06-05 22:42 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
    2015-06-05 22:40 - 2015-06-05 22:40 - 00000000 ____D C:\Program Files\AVAST Software
    2015-06-05 22:39 - 2015-06-05 22:39 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Jay\Downloads\avast_free_antivirus_setup_online_cnet(1).exe
    2015-06-05 22:39 - 2015-06-05 22:39 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-06-05 22:38 - 2015-06-05 22:38 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Jay\Downloads\avast_free_antivirus_setup_online_cnet.exe
    2015-06-05 22:20 - 2015-06-05 22:20 - 00000000 ____D C:\Users\Jay\AppData\Local\GWX
    2015-06-05 19:21 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-06-05 19:21 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-06-05 19:21 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-06-05 19:21 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-06-05 19:21 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-06-05 19:21 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-06-05 19:21 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-06-05 19:21 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-06-02 18:10 - 2015-06-02 18:10 - 00000120 _____ C:\Users\Jay\Downloads\Transaction(1).qif
    2015-06-02 18:09 - 2015-06-02 18:09 - 00000120 _____ C:\Users\Jay\Downloads\Transaction.qif
    2015-06-02 18:05 - 2015-06-05 18:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-05-19 20:52 - 2015-05-19 21:26 - 00000000 ____D C:\Users\Jay\AppData\Roaming\ICAClient
    2015-05-19 20:52 - 2015-05-19 20:52 - 00001472 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
    2015-05-19 20:51 - 2015-05-19 20:53 - 00000000 ____D C:\ProgramData\Citrix
    2015-05-19 20:47 - 2015-05-19 20:52 - 00000000 ____D C:\Users\Jay\AppData\Local\Citrix
    2015-05-19 20:47 - 2015-05-19 20:52 - 00000000 ____D C:\Program Files (x86)\Citrix
    2015-05-19 20:45 - 2015-05-19 20:45 - 00001934 _____ C:\Users\Jay\Downloads\WEQ3LlJlbW90ZSBEZXNrdG9wIENvbm4-.ica
    2015-05-19 20:44 - 2015-05-19 20:45 - 48003632 _____ (Citrix Systems, Inc.) C:\Users\Jay\Downloads\CitrixReceiver.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-17 19:01 - 2014-04-24 21:57 - 00000252 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
    2015-06-17 19:00 - 2010-06-15 23:31 - 01106655 _____ C:\Windows\WindowsUpdate.log
    2015-06-17 18:51 - 2010-08-16 21:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-06-17 18:50 - 2012-06-22 08:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-17 15:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2015-06-17 13:36 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-17 13:36 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-17 13:03 - 2012-12-13 20:10 - 00000000 ____D C:\Users\Jay\AppData\Roaming\Spotify
    2015-06-17 13:02 - 2012-12-13 20:11 - 00000000 ____D C:\Users\Jay\AppData\Local\Spotify
    2015-06-17 13:00 - 2010-08-16 21:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-06-16 20:27 - 2009-07-14 01:13 - 00006206 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-16 20:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-16 20:21 - 2009-07-14 00:51 - 00106543 _____ C:\Windows\setupact.log
    2015-06-15 22:27 - 2009-07-14 00:45 - 00471152 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-06-15 22:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-06-15 22:03 - 2013-07-31 11:13 - 00000000 ____D C:\Windows\system32\MRT
    2015-06-15 21:35 - 2010-08-26 00:08 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-06-08 19:59 - 2014-09-08 21:29 - 00016878 _____ C:\Users\Jay\Downloads\hijackthis.log
    2015-06-08 19:46 - 2014-09-08 21:36 - 00000000 ____D C:\Users\Jay\Downloads\backups
    2015-06-08 19:08 - 2012-12-13 19:52 - 00000000 ____D C:\Program Files (x86)\Ask.com
    2015-06-08 18:33 - 2014-09-06 19:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-06-06 10:38 - 2012-06-22 08:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-06 10:38 - 2012-06-22 08:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-06 10:38 - 2011-06-27 10:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-06 10:36 - 2014-05-19 21:04 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2015-06-06 10:36 - 2013-12-08 20:10 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-06-06 10:34 - 2011-03-24 21:33 - 00001126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-06-06 10:34 - 2010-08-15 21:15 - 00001126 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-06-06 10:27 - 2010-08-18 20:37 - 00000000 ____D C:\Users\Jay\AppData\Local\Adobe
    2015-06-06 10:27 - 2010-08-15 08:58 - 00000000 ____D C:\Users\Jay\AppData\Roaming\Adobe
    2015-06-06 10:27 - 2010-04-27 00:15 - 00000000 ____D C:\Program Files (x86)\Adobe
    2015-06-06 08:56 - 2014-12-10 16:10 - 00000000 ____D C:\Windows\system32\appraiser
    2015-06-06 08:56 - 2014-05-10 21:26 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-06-05 22:52 - 2010-06-15 23:28 - 00244096 _____ C:\Windows\PFRO.log
    2015-06-05 22:46 - 2010-08-15 08:58 - 00000000 ____D C:\Users\Jay\AppData\Local\Google
    2015-06-05 22:43 - 2010-04-27 00:09 - 00000000 ____D C:\Program Files (x86)\Google
    2015-06-05 21:24 - 2010-08-16 21:00 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-06-05 21:24 - 2010-08-16 21:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-06-05 21:19 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\addins
    2015-06-05 18:27 - 2012-05-23 14:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-06-02 19:14 - 2010-10-13 19:26 - 00000305 _____ C:\Windows\wininit.ini
    2015-06-01 17:57 - 2012-07-05 23:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-05-20 18:02 - 2015-04-05 14:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-05-20 18:02 - 2015-04-05 14:23 - 00000000 ___SD C:\Windows\system32\GWX
    2015-05-19 21:18 - 2014-07-08 23:42 - 00000000 ____D C:\Program Files\Microsoft Office 15

    ==================== Files in the root of some directories =======

    2011-03-03 22:29 - 2011-03-03 22:29 - 0000000 _____ () C:\Users\Jay\AppData\Roaming\wklnhst.dat
    2013-03-02 14:15 - 2013-03-02 14:15 - 0003584 _____ () C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-08-23 11:38 - 2010-10-24 19:09 - 0000000 _____ () C:\Users\Jay\AppData\Local\prvlcl.dat
    2015-06-06 09:07 - 2015-06-06 09:07 - 0000017 _____ () C:\Users\Jay\AppData\Local\resmon.resmoncfg
    2014-04-24 21:53 - 2014-04-24 21:53 - 0000057 _____ () C:\ProgramData\Ament.ini

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-17 15:08

    ==================== End of log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
    Ran by Jay at 2015-06-17 19:07:47
    Running from C:\Users\Jay\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-164707729-4257293227-1703370167-500 - Administrator - Disabled)
    Guest (S-1-5-21-164707729-4257293227-1703370167-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-164707729-4257293227-1703370167-1002 - Limited - Enabled)
    Jay (S-1-5-21-164707729-4257293227-1703370167-1001 - Administrator - Enabled) => C:\Users\Jay

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
    Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.2.0 - liteon)
    Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Acer Incorporated)
    Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
    Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.0.80 - WildTangent)
    Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated)
    Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0412.2010 - Acer Incorporated)
    Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Amazon Cloud Player (HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.17.1.0 - Ask.com) <==== ATTENTION
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
    AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1997421774.48.56.33565042 - Audible, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
    Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2291.0 - Microsoft Corporation)
    Bing Bar Platform (x32 Version: 6.3.2291.0 - Microsoft Corporation) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CooupScaunnner (HKLM-x32\...\{80E8B0A0-117D-1402-7CDE-688156237115}) (Version: - CoupScAnner) <==== ATTENTION
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.5) (Version: 5.0.1.5 - Coupons.com Incorporated)
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2802.50 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Data Viewer 3.2.0.7 (HKLM-x32\...\Data Viewer_is1) (Version: - DiabloSport, Inc.)
    eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
    Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
    eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
    eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
    Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
    FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM-x32\...\{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{FB555BCF-9202-4886-9203-88C9A210D727}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
    HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{710D4D91-1924-4A6B-8659-9CDE02DC7207}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
    HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.6 - Acer Inc.)
    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Monopoly (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mystery P.I. - Lost in Los Angeles (x32 Version: 2.2.0.82 - WildTangent) Hidden
    MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
    MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
    Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
    NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
    NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
    NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
    NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
    Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
    Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
    ooVoo toolbar, powered by Ask.com Updater (HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.1.28235 - Ask.com) <==== ATTENTION
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
    PDF Creator (HKLM\...\PDF Creator) (Version: - )
    PDF Creator Packages (HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\PDF Creator Packages) (Version: - ) <==== ATTENTION
    Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
    PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
    Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6074 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
    ROBLOX Player for Jay (HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    ROBLOX Studio 2013 for Jay (HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
    Scrabble Plus (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
    Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
    Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
    Spotify (HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1006 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
    The Price is Right (x32 Version: 2.2.0.82 - WildTangent) Hidden
    TheSkyX First Light Edition version 10.2.0 Build 6408 (HKLM-x32\...\TheSkyX First Light for Windows_is1) (Version: 10.2.0 Build 6408 - )
    Update for PDF Creator (HKU\S-1-5-21-164707729-4257293227-1703370167-1001\...\Digital Sites) (Version: - Update for PDF Creator) <==== ATTENTION
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Virtual Villagers - A New Home (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
    Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.8.7 - WildTangent)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Yahtzee (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    02-06-2015 17:52:38 Windows Update
    05-06-2015 19:41:48 Windows Update
    05-06-2015 22:40:13 avast! antivirus system restore point
    05-06-2015 23:03:40 Windows Update
    06-06-2015 10:31:04 Installed iTunes
    14-06-2015 12:06:57 Windows Update
    15-06-2015 21:29:41 Windows Update
    16-06-2015 20:03:30 Windows Update

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0E1C7120-B29C-496C-95BC-E8B53A988E3F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-17] () <==== ATTENTION
    Task: {54C06737-2B5B-466C-85DE-7B7CDE2AFF74} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
    Task: {69AB111D-4A52-494C-BBC7-858361678E09} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {6EA91D92-EF6D-4458-A654-24A5E4398B37} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-05] (Avast Software s.r.o.)
    Task: {745663EC-01D4-47F2-A089-AE94937D1FD1} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
    Task: {74EB8E6A-79BF-4944-8783-2DE8AE7D69F8} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-18] (Microsoft Corporation)
    Task: {76262721-217B-4A95-AFB4-44B4D5D77BB1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {78274FFF-79BB-47F0-9477-5941B2F0E050} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
    Task: {7F607B1E-7D3C-45A0-A7FF-BF84FC173BE1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-06] (Adobe Systems Incorporated)
    Task: {8052EA70-DF62-45CF-B172-ABC55BAE701C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {81BC0271-37EF-4920-B31E-16C4235E4EEE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
    Task: {89F4A280-8238-4926-B9E5-3E7560129B18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-05] (Google Inc.)
    Task: {900BDAE3-2601-4092-90C0-BF8F5082C3FD} - \Digital Sites No Task File <==== ATTENTION
    Task: {98460D27-14D9-4826-9DEF-0932C4FB3FAA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {99EEE82D-E577-43A0-ADC6-DA34A66DA78A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-05] (Google Inc.)
    Task: {A74D0171-83E5-4B73-A8FF-46C0278D3798} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
    Task: {B0666C75-FFEC-4E6B-845B-CA4EE9125688} - System32\Tasks\hpUrlLauncher.exe_{7FD48013-248A-4550-B5C0-6B49690C34E7} => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\utils\hpUrlLauncher.exe [2011-06-08] (Hewlett-Packard Co.)
    Task: {D2615D34-D965-472F-BE96-00D12FE17579} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {D81F5188-4B13-438C-AADF-6B734E6BD0A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {F147464C-8EBD-42C9-AA14-A200388A1A85} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {F884D279-AE15-411D-B440-BCE91895548D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
    Task: {F8EE91BE-EE99-497A-9377-6C9AFEF17277} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-08-12 22:51 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-07-08 23:42 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-03-17 18:27 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-12-08 20:17 - 2014-05-08 13:26 - 03145536 _____ () C:\Users\Jay\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    2015-06-05 22:42 - 2015-06-05 22:42 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-06-05 22:42 - 2015-06-05 22:42 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-06-16 20:04 - 2015-06-16 20:04 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061602\algo.dll
    2015-06-17 18:50 - 2015-06-17 18:50 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15061702\algo.dll
    2010-03-08 20:18 - 2010-03-08 20:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
    2010-03-08 20:13 - 2010-03-08 20:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
    2010-04-26 23:41 - 2009-12-23 20:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    2010-04-27 00:23 - 2009-05-20 02:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
    2015-06-05 22:42 - 2015-06-05 22:42 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2012-12-12 14:31 - 2012-12-12 14:31 - 00012336 _____ () C:\Program Files (x86)\Citrix\SelfServicePlugin\ExtensionSDK.dll
    2015-03-17 18:27 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2012-10-17 23:08 - 2012-10-17 23:08 - 00136392 _____ () C:\Program Files (x86)\Ask.com\UpdateTask.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0Scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> 1000gratisproben.com*-*This website is for sale!*-*1000gratisproben Resources and Information.
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> 404 Not Found
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com*-*This website is for sale!*-*Sexlinks Resources and Information.
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> Gadgets And More
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> Watch Movies Online | uMovies Movie2k Online - 123Movies
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> 123Simsen-Projekte

    There are 7469 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{BEBFFECB-8631-4642-8DB0-91D8907BC764}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{121904D8-0961-4430-8E16-298DA0D89752}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{B5723A6E-8E80-497E-9E69-CDAEA5823404}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    FirewallRules: [{F6C3E3EB-3B41-490C-8AA1-EB2C966960D0}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    FirewallRules: [{7EEE4F12-65AE-444D-B905-102136DE94F3}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    FirewallRules: [{3FFCE528-38B2-4E9B-833E-4BA2DFEEE04D}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    FirewallRules: [{9EF8A6A2-8A68-4398-B927-884365EDAAB2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
    FirewallRules: [{879B4B0C-4D45-4238-B6BD-098787E109FA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{0E80FF12-B410-482D-B7E0-26395E113D17}] => (Allow) svchost.exe
    FirewallRules: [{9A4FECCB-1FBA-4E98-BCD8-31002CD2831E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{BE8CEFE8-94C1-4EB7-B70A-6B62AB7CA4DB}] => (Allow) C:\Users\Jay\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{A1479FAC-1A32-4833-A40F-0F95D583E8BE}] => (Allow) C:\Users\Jay\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{F36EF531-CC11-4AD1-972F-EBC639A04A23}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{616429B2-99A1-41C2-A16E-ADCAB2A60AD0}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [TCP Query User{2DB79F24-8A0E-41B8-85DB-66E1756A3F04}C:\users\jay\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jay\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{994C794F-0C8B-487E-85D6-C33EE563D11E}C:\users\jay\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jay\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{D58BBC08-A8BC-48A7-949C-22B3379EB997}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{34DE0D19-A888-4690-8A31-80492B7A7B34}] => (Allow) LPort=2869
    FirewallRules: [{FCB3B864-BA7B-447E-8051-17BDFC25F28D}] => (Allow) LPort=1900
    FirewallRules: [TCP Query User{A48AF44C-5920-4891-9D25-3F6FCB486FAF}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [UDP Query User{F344E1CF-23E0-4E94-B863-40359536EA3A}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [{7DBD986F-200B-4E66-9AFC-CCA5813BA766}] => (Allow) LPort=443
    FirewallRules: [{6D43F418-A9B0-41D3-A821-47B979736E73}] => (Allow) LPort=443
    FirewallRules: [{4DFBFE79-F04E-4E20-A655-E6381E732ED3}] => (Allow) LPort=37674
    FirewallRules: [{D4CE6706-2670-4386-BB00-FFC4257BF30D}] => (Allow) LPort=37674
    FirewallRules: [{35E771C6-3B3E-4D5F-B1F2-0A79864FD6B4}] => (Allow) LPort=37675
    FirewallRules: [TCP Query User{5EBCA3B6-4BEA-4BC2-8AAB-B043E63D6EA2}C:\users\jay\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jay\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{51376728-0B83-4444-8614-087127A88AF8}C:\users\jay\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jay\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{6A323BD9-AED1-4817-8A94-288972316989}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [UDP Query User{F2E78EF3-4DCD-4AEA-BE78-5C4BB74AFFB9}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [TCP Query User{23B12273-9813-4EFC-8541-3E044D61942B}C:\users\jay\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jay\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{EED00A55-AC3D-4CD8-ADE9-9F9DDC5722A8}C:\users\jay\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jay\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{19D50015-C128-41D1-B0FF-4A1468BA80F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4DE9CCEF-9CC9-49B2-8A89-70A421A2F450}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{03FEDA1C-A8D7-4BB0-9EB7-B3F94701A8D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{2FE4AF77-0019-4386-97CC-89330A5C7FFB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{5AA64CF7-2DC0-4A9F-A0D8-2198E7278434}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
    FirewallRules: [{C48A0AB3-9DA4-48A5-9D5D-81D99F8C3822}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{E0CC4D1C-2B40-4BAC-A105-248DE7CA066F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{0DA2D5A7-4234-4A4E-B1BC-F79B26B64E67}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{A637DC17-717D-47AE-9870-BA70CF5490B1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{666E8D57-3E80-4943-B3B4-390B2CCAC318}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{2FF41BF7-7248-4AB2-9F9A-7A92AD3CD3C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{CA755E79-06B2-4F2B-9619-5B855772832E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{F5FB0EE1-1CE0-4613-B042-C78BAC65400E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{36963186-3846-4718-9DD4-D93B4967DACD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
    FirewallRules: [{553B76A7-6AA4-41B0-95A5-E0BACE699960}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
    FirewallRules: [{063C004E-2207-45CF-B58C-3AA5024B04A8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{1D35C164-218E-496C-A030-A4C5BDF97E3C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/17/2015 00:58:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 58773486

    Error: (06/17/2015 00:58:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 58773486

    Error: (06/17/2015 00:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/16/2015 08:27:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (06/16/2015 08:27:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (06/16/2015 08:19:36 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070013, The media is write protected.
    .

    Error: (06/16/2015 08:19:36 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
    ]

    Error: (06/16/2015 08:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 74086154

    Error: (06/16/2015 08:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 74086154

    Error: (06/16/2015 08:02:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (06/17/2015 06:50:15 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/17/2015 06:50:13 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/17/2015 06:50:13 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/17/2015 06:50:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/17/2015 03:25:30 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/17/2015 03:25:29 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/17/2015 00:58:08 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/17/2015 00:58:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
    Description: There was an error while attempting to read the local hosts file.

    Error: (06/16/2015 08:37:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
    %%5

    Error: (06/16/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Start with the following error:
    %%5


    Microsoft Office:
    =========================
    Error: (06/17/2015 00:58:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 58773486

    Error: (06/17/2015 00:58:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 58773486

    Error: (06/17/2015 00:58:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/16/2015 08:27:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000

    Error: (06/16/2015 08:27:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: Performance1637070000000000000000000009030000

    Error: (06/16/2015 08:19:36 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x80070013, The media is write protected.

    Error: (06/16/2015 08:19:36 PM) (Source: VSS) (EventID: 13) (User: )
    Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013, The media is write protected.

    Error: (06/16/2015 08:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 74086154

    Error: (06/16/2015 08:02:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 74086154

    Error: (06/16/2015 08:02:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
    Percentage of memory in use: 96%
    Total physical RAM: 3001.97 MB
    Available physical RAM: 109.61 MB
    Total Pagefile: 6002.15 MB
    Available Pagefile: 2136.04 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:219.78 GB) (Free:130.13 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 02A328AB)
    Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
    Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=219.8 GB) - (Type=07 NTFS)

    ==================== End of log ============================

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello,

    First
    Please remove these programs "If found" from your programs an features list, Start > Control panel > Programs an features. In the list find the program listed below and uninstall it.
    • Update for PDF Creator
    • ooVoo toolbar
    • Ask Toolbar

    If a program will not remove skip it and keep following instructions please.

    Next

    You have two Anti Virus programs installed
    • AV: Microsoft Security Essentials
    • AV: avast! Antivirus

    Running two Anti Virus programs is not recommend. Please remove 1 of them now.

    Next

    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-164707729-4257293227-1703370167-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-164707729-4257293227-1703370167-1001 -> No Name - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File
    Task: {900BDAE3-2601-4092-90C0-BF8F5082C3FD} - \Digital Sites No Task File <==== ATTENTION
    FirewallRules: [{BEBFFECB-8631-4642-8DB0-91D8907BC764}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{121904D8-0961-4430-8E16-298DA0D89752}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [TCP Query User{A48AF44C-5920-4891-9D25-3F6FCB486FAF}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [UDP Query User{F344E1CF-23E0-4E94-B863-40359536EA3A}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [TCP Query User{6A323BD9-AED1-4817-8A94-288972316989}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [UDP Query User{F2E78EF3-4DCD-4AEA-BE78-5C4BB74AFFB9}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    Task: {0E1C7120-B29C-496C-95BC-E8B53A988E3F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-17] () <==== ATTENTION
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    Emptytemp:
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the logfile button and the log will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner


    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    Next unnecessary start up programs running, this is an optional step, I suggest you do it. If you see a program that you want to run don't check it
    Open Hijackthis--> Right click "Run as Adminstrator."
    This time do a system scan only. Place a check mark in the following Entries


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Jay\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\Jay\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
    O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2976GJ6705PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Jay\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

    • Click Fix Checked.
    • Close Hijackthis.
    • Reboot.



    In your next reply post;

    • Fixlog.txt
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log


    Thanks
    Joe

  7. #7
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
    Ran by Jay at 2015-06-19 19:56:50 Run:1
    Running from C:\Users\Jay\Desktop
    Loaded Profiles: Jay (Available Profiles: Jay)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-164707729-4257293227-1703370167-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-164707729-4257293227-1703370167-1001 -> No Name - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File
    Task: {900BDAE3-2601-4092-90C0-BF8F5082C3FD} - \Digital Sites No Task File <==== ATTENTION
    FirewallRules: [{BEBFFECB-8631-4642-8DB0-91D8907BC764}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{121904D8-0961-4430-8E16-298DA0D89752}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [TCP Query User{A48AF44C-5920-4891-9D25-3F6FCB486FAF}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [UDP Query User{F344E1CF-23E0-4E94-B863-40359536EA3A}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [TCP Query User{6A323BD9-AED1-4817-8A94-288972316989}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    FirewallRules: [UDP Query User{F2E78EF3-4DCD-4AEA-BE78-5C4BB74AFFB9}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
    Task: {0E1C7120-B29C-496C-95BC-E8B53A988E3F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-17] () <==== ATTENTION
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    Emptytemp:
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
    HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
    HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
    HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
    HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully
    HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully
    HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
    HKU\S-1-5-21-164707729-4257293227-1703370167-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AEB3EFD-E564-43F1-B658-5058A7C5743B} => value removed successfully
    HKCR\CLSID\{7AEB3EFD-E564-43F1-B658-5058A7C5743B} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{900BDAE3-2601-4092-90C0-BF8F5082C3FD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{900BDAE3-2601-4092-90C0-BF8F5082C3FD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => key removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BEBFFECB-8631-4642-8DB0-91D8907BC764} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{121904D8-0961-4430-8E16-298DA0D89752} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A48AF44C-5920-4891-9D25-3F6FCB486FAF}C:\program files (x86)\oovoo\oovoo.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F344E1CF-23E0-4E94-B863-40359536EA3A}C:\program files (x86)\oovoo\oovoo.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6A323BD9-AED1-4817-8A94-288972316989}C:\program files (x86)\oovoo\oovoo.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F2E78EF3-4DCD-4AEA-BE78-5C4BB74AFFB9}C:\program files (x86)\oovoo\oovoo.exe => value removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E1C7120-B29C-496C-95BC-E8B53A988E3F} => key not found.
    C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => key not found.

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    Unable to cancel {C6DECDA5-7357-43D6-95BE-9BFD279A78C2}.
    Unable to cancel {9143B6FB-7944-4276-BC80-21A7486BCCE0}.
    0 out of 2 jobs canceled.

    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => 1.8 GB temporary data Removed.


    The system needed a reboot..

    ==== End of Fixlog 20:01:20 ====




    # AdwCleaner v4.206 - Logfile created 19/06/2015 at 20:29:09
    # Updated 01/06/2015 by Xplode
    # Database : 2015-06-17.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Jay - JAY-PC
    # Running from : C:\Users\Jay\Desktop\adwcleaner_4.206.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\645610da0a2c1555
    Folder Deleted : C:\Users\Jay\AppData\Local\Conduit
    Folder Deleted : C:\Users\Jay\AppData\LocalLow\AVG Security Toolbar
    Folder Deleted : C:\Users\Jay\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Jay\AppData\Roaming\DigitalSites
    Folder Deleted : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\t0utabi6.default\Extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
    File Deleted : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\az3nzpia.default-1411041123732\user.js

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Key Deleted : HKCU\Software\Complitly
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKCU\Software\vShare.tv
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\SimplyGen
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Creator Packages
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT079149
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v38.0.5 (x86 en-US)

    [az3nzpia.default-1411041123732\prefs.js] - Line Deleted : user_pref("extensions.7dODlTzNhSRO7OuY.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]

    -\\ Google Chrome v43.0.2357.124

    [C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [4323 bytes] - [19/06/2015 20:24:59]
    AdwCleaner[S0].txt - [4040 bytes] - [19/06/2015 20:29:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4099 bytes] ##########

  8. #8
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 7.0.2 (06.18.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Jay on Fri 06/19/2015 at 20:43:40.12
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8563CF9A-9372-4D2F-83C9-C97C98ABB5C6}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{04A7253E-9943-4C17-A113-B19B851E9A38}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{0A05C433-B4F9-4F01-B84A-6F3DD69BC468}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{1567FD2A-04BE-4164-8A9D-1886AAD1BA69}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{16021546-9FB8-46A2-844A-91932F2D646B}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{1F7D8429-8BFD-496D-9B80-E690CFFE9B3C}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{26933AB5-C02A-4CAF-A87D-339AD316F8DC}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{311337C6-F3FD-4E56-93E7-0CCFE220DF66}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{3B863227-CCE7-4BE9-89D4-3C0A02A77AA5}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{3CEBCBEF-BC74-4FD0-B56F-4F4362EA1304}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{429533E5-F156-4605-85F5-97375C939E86}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{4980D367-C6C3-4FF2-9275-94402A7B4321}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{7D45C8E7-E619-4126-A6AA-8C419B264104}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{9C07D828-AE99-4756-B6B7-370534BC85F1}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{A42A7926-EBCA-460C-9792-EDDD2BD1113A}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{A6E8F127-0DD1-4807-BABB-6C96F5857B6D}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{D294D117-91D1-4CAC-94EC-52A27E473982}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{EC114538-50A7-4651-9FAF-BA2E0ED39612}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{FA743E59-47C3-475A-B02C-6A7E1AFE056F}
    Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{FFF0A527-0385-4620-9413-75898CD5C569}
    Successfully deleted: [Folder] C:\ProgramData\CooupScaunnner [BHO.Multiplug]



    ~~~ FireFox




    ~~~ Chrome


    [C:\Users\Jay\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Jay\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Jay\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Jay\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 06/19/2015 at 20:50:59.87
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  9. #9
    Member RaiderJay6's Avatar
    Join Date
    Jul 2008
    Posts
    31
    Points
    0

    Default

    Thank you Joe!

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    You're welcome,

    When time permits please;

    Download Security Check by screen317 from Here or Here
    Save it to your Desktop.
    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.



    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.


    Post the
    checkup.txt
    FRST.txt
    Additions.txt

Page 1 of 2 12 LastLast