Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Member stokie's Avatar
    Join Date
    Apr 2005
    Posts
    74
    Points
    3

    Default I suspect I have malware

    Hello

    Recently I have had regular problems with PC freezing and web pages "not responding". I have not installed any new soft/hardware and all updates are in place.
    Superantispyware and MWB show no problems nor does Rogue Killer that I subscribe to.
    Here is the HJT log
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 10:28:15, on 22/05/2017
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18666)

    FIREFOX: 53.0 (x86 en-GB)
    Boot mode: Normal

    Running processes:
    C:\Windows\SysWOW64\HsMgr.exe
    C:\Users\alan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    C:\Program Files (x86)\WinTV\Ir.exe
    C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
    C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
    C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\alan\Documents\DAD\Diagnostics and Security\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: Norton Identity Safety - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine32\22.9.3.13\coIEPlg.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine32\22.9.3.13\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [Sound Blaster Z-Series Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe" /r
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\alan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files (x86)\WinTV\Ir.exe
    O4 - Global Startup: NETGEAR A6210 Genie.lnk = C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
    O4 - Global Startup: TMMonitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://files.creative.com/Web/softwa...3/CTPIDPDE.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://files.creative.com/Web/softwa...0323/CTPID.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Sound Blaster Audio Service (CtHdaSvc) - Creative Technology Ltd - C:\Windows\sysWow64\CtHdaSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: NetgearSwitchUSB - Unknown owner - C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\22.9.3.13\NIS.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Program Files\Macrium\Reflect\ReflectService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    Hope you can help. Thanks.

    --
    End of file - 11824 bytes

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Stokie,

    My apologies for the delay in responding. Let's run a couple scans to get a deeper look.

    Down Farbar Recovery Scan Tool to your desktop from one of the links below:

    For x32 (x86) bit systems download Farbar Recovery Scan Tool.

    • Right click on the FRST.exe and choose Run as administrator.
    • When the tool opens click Yes to disclaimer.
    • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
    • Press Scan button.
    • Please attach both logs in your next reply.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member stokie's Avatar
    Join Date
    Apr 2005
    Posts
    74
    Points
    3

    Default

    Quote Originally Posted by DonnaB View Post
    Hi Stokie,

    My apologies for the delay in responding. Let's run a couple scans to get a deeper look.

    Down Farbar Recovery Scan Tool to your desktop from one of the links below:

    For x32 (x86) bit systems download Farbar Recovery Scan Tool.

    • Right click on the FRST.exe and choose Run as administrator.
    • When the tool opens click Yes to disclaimer.
    • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
    • Press Scan button.
    • Please attach both logs in your next reply.
    Hi DonnaB

    Here are the logsScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
    Ran by alan (administrator) on ALAN-PC (23-05-2017 18:21:14)
    Running from C:\Users\alan\Documents\DAD\Diagnostics and Security
    Loaded Profiles: alan (Available Profiles: alan)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
    (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
    () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    () C:\Windows\SysWOW64\HsMgr.exe
    () C:\Windows\system\HsMgr64.exe
    (Spotify Ltd) C:\Users\alan\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
    (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\Ir.exe
    (NETGEAR) C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE
    (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
    () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.9.3.13\nis.exe
    (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
    (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.9.3.13\nis.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_25_0_0_171_ActiveX.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Mega Limited) C:\Users\alan\AppData\Local\MEGAsync\MEGAsync.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
    HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
    HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
    HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1226024 2010-02-22] (Nero AG)
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-04-01] (QFX Software Corporation)
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [170496 2009-02-06] (ArcSoft Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3184768179-1666152133-2235710419-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9772248 2017-05-05] (Piriform Ltd)
    HKU\S-1-5-21-3184768179-1666152133-2235710419-1000\...\Run: [Spotify Web Helper] => C:\Users\alan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-27] (Spotify Ltd)
    HKU\S-1-5-21-3184768179-1666152133-2235710419-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-07] (SUPERAntiSpyware)
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\alan\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\alan\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\alan\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-26] ()
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Engine\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\alan\AppData\Local\MEGAsync\ShellExtX32.dll [2017-04-26] ()
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\alan\AppData\Local\MEGAsync\ShellExtX32.dll [2017-04-26] ()
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\alan\AppData\Local\MEGAsync\ShellExtX32.dll [2017-04-26] ()
    ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Engine32\22.9.3.13\buShell.dll [2017-05-11] (Symantec Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2016-05-20]
    ShortcutTarget: AutoStart IR.lnk -> C:\Program Files (x86)\WinTV\Ir.exe (Hauppauge Computer Works)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6210 Genie.lnk [2017-04-03]
    ShortcutTarget: NETGEAR A6210 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6210\A6210.EXE (NETGEAR)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk [2017-05-21]
    ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{BC559E89-BE3A-4C63-B682-B44E70882057}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3184768179-1666152133-2235710419-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/webhp?complete=0
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3184768179-1666152133-2235710419-1000 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=GB&ver=22.9.3.13&locale=en_GB&guid=E668AC05-3F70-4FC6-AC14-CE47DED91ACF&doi=2016-09-01&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-3184768179-1666152133-2235710419-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=GB&ver=22.9.3.13&locale=en_GB&guid=E668AC05-3F70-4FC6-AC14-CE47DED91ACF&doi=2016-09-01&gct=kwd&qsrc=2869
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-05-17] (Google Inc.)
    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
    BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-05-17] (Google Inc.)
    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-05-17] (Google Inc.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine32\22.9.3.13\coIEPlg.dll [2017-05-11] (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-05-17] (Google Inc.)
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-06-19] (Belarc, Inc.)
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File

    FireFox:
    ========
    FF DefaultProfile: ch7aouh2.default
    FF ProfilePath: C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\ch7aouh2.default [2017-05-23]
    FF Homepage: Mozilla\Firefox\Profiles\ch7aouh2.default -> Google
    FF Extension: (Norton Identity Safe) - C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\ch7aouh2.default\Extensions\idsafe@norton.com.xpi [2017-02-12]
    FF Extension: (uBlock Origin) - C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\ch7aouh2.default\Extensions\uBlock0@raymondhill.net.xpi [2017-05-05]
    FF Extension: (New Tab Homepage) - C:\Users\alan\AppData\Roaming\Mozilla\Firefox\Profiles\ch7aouh2.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2016-12-25]
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.9.1.12\coFFAddon
    FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.9.1.12\coFFAddon [2017-05-21]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.9.1.12\coFFAddon
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-17] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\alan\AppData\Local\Google\Chrome\User Data\Default [2017-05-22]
    CHR Extension: (No Name) - C:\Users\alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-15]
    CHR Extension: (Google Docs) - C:\Users\alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-15]
    CHR Extension: (Google Drive) - C:\Users\alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-15]
    CHR Extension: (YouTube) - C:\Users\alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
    CHR Extension: (Gmail) - C:\Users\alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-15]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-21]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3184768179-1666152133-2235710419-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.9.3.13\Exts\Chrome.crx [2017-05-21]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2015-12-19] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
    R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2017-01-18] (Creative Technology Ltd)
    R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [586536 2016-04-26] (Hauppauge Computer Works)
    R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
    R2 NetgearSwitchUSB; C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe [192232 2015-09-17] ()
    R2 NIS; C:\Program Files\Norton Internet Security\Engine\22.9.3.13\NIS.exe [326160 2017-05-11] (Symantec Corporation)
    R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 A6210; C:\Windows\System32\DRIVERS\A6210.sys [2258608 2017-02-10] (MediaTek Inc.)
    R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [130536 2011-11-03] (ASMedia Technology Inc) [File not signed]
    R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [395752 2011-11-03] (ASMedia Technology Inc) [File not signed]
    R1 BHDrvx64; C:\Program Files\Norton Internet Security\NortonData\22.9.1.12\Definitions\BASHDefs\20170516.001\BHDrvx64.sys [1831064 2017-04-06] (Symantec Corporation)
    R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1609030.00D\ccSetx64.sys [174232 2017-05-11] (Symantec Corporation)
    S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2733568 2012-10-03] (C-Media Inc)
    R3 cthda; C:\Windows\System32\drivers\cthda.sys [1074984 2017-01-18] (Creative Technology Ltd)
    R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [33792 2017-02-13] (Creative Technology Ltd)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-11] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-11] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files\Norton Internet Security\NortonData\22.9.1.12\Definitions\IPSDefs\20170522.003\IDSvia64.sys [1053824 2017-05-21] (Symantec Corporation)
    R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
    S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-12] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1609030.00D\SRTSP64.SYS [770712 2017-05-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1609030.00D\SRTSPX64.SYS [49304 2017-05-11] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1609030.00D\SYMEFASI64.SYS [1714328 2017-05-11] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-05-21] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NISx64\1609030.00D\Ironx64.SYS [291480 2017-05-11] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1609030.00D\SYMNETS.SYS [567496 2017-05-11] (Symantec Corporation)
    R3 TBS6280_64; C:\Windows\System32\DRIVERS\TBS6280_64.sys [1902640 2015-02-10] (www.tbsdtv.com)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-05-22] ()
    S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170403.008\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170403.008\NAVEX15.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-05-23 18:20 - 2017-05-23 18:21 - 00000000 ____D C:\FRST
    2017-05-23 18:18 - 2017-05-23 18:18 - 00000000 ____D C:\Users\alan\AppData\Local\Mega Limited
    2017-05-23 18:17 - 2017-05-23 18:17 - 00001052 _____ C:\Users\alan\Desktop\MEGAsync.lnk
    2017-05-23 18:17 - 2017-05-23 18:17 - 00000000 ____D C:\Users\alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
    2017-05-23 18:17 - 2017-05-23 18:17 - 00000000 ____D C:\Users\alan\AppData\Local\MEGAsync
    2017-05-23 08:57 - 2017-05-23 08:57 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2017-05-22 12:53 - 2017-05-22 12:53 - 00000000 ____D C:\Program Files\NortonInstaller
    2017-05-21 19:33 - 2017-05-21 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
    2017-05-21 15:06 - 2017-05-21 15:06 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
    2017-05-21 15:00 - 2017-05-21 15:00 - 00003222 _____ C:\Windows\System32\Tasks\Norton WSC Integration
    2017-05-17 10:23 - 2017-05-17 10:23 - 00000000 ____D C:\Program Files\Google
    2017-05-17 10:22 - 2017-05-17 10:27 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-05-17 10:22 - 2017-05-17 10:27 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-05-17 10:22 - 2017-05-17 10:23 - 00000000 ____D C:\ProgramData\Google
    2017-05-10 10:21 - 2017-04-28 02:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-05-10 10:21 - 2017-04-28 02:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-05-10 10:21 - 2017-04-28 02:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-05-10 10:21 - 2017-04-28 02:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-05-10 10:21 - 2017-04-28 02:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-05-10 10:21 - 2017-04-28 02:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-05-10 10:21 - 2017-04-28 02:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 02:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-05-10 10:21 - 2017-04-28 01:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-05-10 10:21 - 2017-04-28 01:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-05-10 10:21 - 2017-04-28 01:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-05-10 10:21 - 2017-04-28 01:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-05-10 10:21 - 2017-04-28 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-05-10 10:21 - 2017-04-28 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-05-10 10:21 - 2017-04-28 01:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-05-10 10:21 - 2017-04-28 01:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-05-10 10:21 - 2017-04-28 01:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-05-10 10:21 - 2017-04-28 01:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-05-10 10:21 - 2017-04-28 01:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-05-10 10:21 - 2017-04-28 01:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-05-10 10:21 - 2017-04-28 01:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-05-10 10:21 - 2017-04-28 01:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-05-10 10:21 - 2017-04-28 01:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-05-10 10:21 - 2017-04-28 01:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-05-10 10:21 - 2017-04-28 01:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-05-10 10:21 - 2017-04-28 01:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-05-10 10:21 - 2017-04-28 01:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-28 01:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-05-10 10:21 - 2017-04-26 15:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-05-10 10:21 - 2017-04-21 16:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
    2017-05-10 10:21 - 2017-04-21 16:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2017-05-10 10:21 - 2017-04-20 01:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-05-10 10:21 - 2017-04-20 00:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-05-10 10:21 - 2017-04-17 16:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2017-05-10 10:21 - 2017-04-17 16:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2017-05-10 10:21 - 2017-04-17 16:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2017-05-10 10:21 - 2017-04-17 16:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
    2017-05-10 10:21 - 2017-04-17 16:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
    2017-05-10 10:21 - 2017-04-17 16:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2017-05-10 10:21 - 2017-04-17 16:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2017-05-10 10:21 - 2017-04-17 16:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
    2017-05-10 10:21 - 2017-04-17 15:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
    2017-05-10 10:21 - 2017-04-16 10:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-05-10 10:21 - 2017-04-16 10:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-05-10 10:21 - 2017-04-16 09:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-05-10 10:21 - 2017-04-16 09:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-05-10 10:21 - 2017-04-16 09:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-05-10 10:21 - 2017-04-16 09:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-05-10 10:21 - 2017-04-16 09:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-05-10 10:21 - 2017-04-16 09:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-05-10 10:21 - 2017-04-16 09:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-05-10 10:21 - 2017-04-16 09:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-05-10 10:21 - 2017-04-16 09:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-05-10 10:21 - 2017-04-16 09:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-05-10 10:21 - 2017-04-16 09:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-05-10 10:21 - 2017-04-16 09:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-05-10 10:21 - 2017-04-16 09:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-05-10 10:21 - 2017-04-16 09:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-05-10 10:21 - 2017-04-16 09:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-05-10 10:21 - 2017-04-16 09:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-05-10 10:21 - 2017-04-16 09:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-05-10 10:21 - 2017-04-16 09:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-05-10 10:21 - 2017-04-16 09:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-05-10 10:21 - 2017-04-16 09:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-05-10 10:21 - 2017-04-16 09:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-05-10 10:21 - 2017-04-16 09:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-05-10 10:21 - 2017-04-16 09:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-05-10 10:21 - 2017-04-16 09:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-05-10 10:21 - 2017-04-16 09:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-05-10 10:21 - 2017-04-16 09:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-05-10 10:21 - 2017-04-16 09:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-05-10 10:21 - 2017-04-16 09:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-05-10 10:21 - 2017-04-16 09:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-05-10 10:21 - 2017-04-16 08:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-05-10 10:21 - 2017-04-16 08:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-05-10 10:21 - 2017-04-16 08:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-05-10 10:21 - 2017-04-16 08:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-05-10 10:21 - 2017-04-16 08:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-05-10 10:21 - 2017-04-16 08:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-05-10 10:21 - 2017-04-16 08:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-05-10 10:21 - 2017-04-16 08:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-05-10 10:21 - 2017-04-16 08:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-05-10 10:21 - 2017-04-16 08:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-05-10 10:21 - 2017-04-16 08:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-05-10 10:21 - 2017-04-16 08:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-05-10 10:21 - 2017-04-16 08:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-05-10 10:21 - 2017-04-16 08:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-05-10 10:21 - 2017-04-16 08:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-05-10 10:21 - 2017-04-16 08:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-05-10 10:21 - 2017-04-16 08:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-05-10 10:21 - 2017-04-16 08:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-05-10 10:21 - 2017-04-16 08:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-05-10 10:21 - 2017-04-16 08:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-05-10 10:21 - 2017-04-16 08:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-05-10 10:21 - 2017-04-16 08:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-05-10 10:21 - 2017-04-16 08:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-05-10 10:21 - 2017-04-16 08:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-05-10 10:21 - 2017-04-16 08:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-05-10 10:21 - 2017-04-16 08:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-05-10 10:21 - 2017-04-16 08:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-05-10 10:21 - 2017-04-16 08:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-05-10 10:21 - 2017-04-16 08:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-05-10 10:21 - 2017-04-16 07:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-05-10 10:21 - 2017-04-16 07:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-05-10 10:21 - 2017-04-16 07:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-05-10 10:21 - 2017-04-16 07:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-05-10 10:21 - 2017-04-16 07:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-05-10 10:21 - 2017-04-16 07:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-05-10 10:21 - 2017-04-12 16:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2017-05-10 10:21 - 2017-04-12 16:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2017-05-10 10:21 - 2017-04-12 16:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2017-05-10 10:21 - 2017-04-12 16:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2017-05-10 10:21 - 2017-04-12 16:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2017-05-10 10:21 - 2017-04-12 16:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2017-05-10 10:21 - 2017-04-12 16:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2017-05-10 10:21 - 2017-04-12 16:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2017-05-10 10:21 - 2017-04-07 16:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-05-10 10:21 - 2017-04-07 16:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-05-10 10:21 - 2017-04-07 16:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-05-10 10:21 - 2017-04-07 16:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2017-05-10 10:21 - 2017-04-07 16:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-05-10 10:21 - 2017-04-05 15:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-05-10 10:21 - 2017-04-05 15:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-05-10 10:21 - 2017-04-05 15:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-05-10 10:21 - 2017-04-04 16:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2017-05-10 10:21 - 2017-04-04 16:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2017-05-10 10:21 - 2017-04-04 16:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2017-05-10 10:21 - 2017-04-04 15:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2017-05-10 10:21 - 2017-04-04 15:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2017-05-05 20:17 - 2017-03-10 17:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
    2017-05-05 20:17 - 2017-03-10 17:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
    2017-05-05 20:17 - 2017-03-10 17:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
    2017-05-05 20:17 - 2017-03-10 17:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
    2017-05-05 20:17 - 2017-03-10 16:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
    2017-05-05 20:17 - 2017-03-10 16:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
    2017-05-05 20:17 - 2017-03-10 16:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
    2017-05-05 20:17 - 2017-03-09 17:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-05-05 20:17 - 2017-03-09 17:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-05-05 20:17 - 2017-02-23 00:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-05-05 20:17 - 2017-02-23 00:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-05-05 20:17 - 2017-02-18 15:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-05-05 20:17 - 2017-02-18 15:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-05-05 20:17 - 2016-12-31 16:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-05-05 20:17 - 2016-12-31 16:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-05-05 20:17 - 2016-12-31 16:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-05-05 20:17 - 2016-12-31 16:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-05-05 20:17 - 2016-12-31 16:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-05-05 14:34 - 2017-05-05 14:34 - 00019624 _____ C:\Users\alan\Documents\bookmark.htm
    2017-05-05 10:17 - 2017-05-21 15:26 - 00000000 ____D C:\Program Files\Common Files\AV

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-05-23 18:05 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-05-23 18:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
    2017-05-23 18:04 - 2015-08-12 08:27 - 00000000 ___RD C:\Users\alan\Documents\DAD
    2017-05-23 10:36 - 2015-12-30 22:41 - 00000000 ____D C:\Users\alan\AppData\LocalLow\Adblock Plus for IE
    2017-05-23 08:30 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-05-23 08:30 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-05-23 08:19 - 2016-05-20 14:28 - 00000000 ____D C:\ProgramData\Hauppauge
    2017-05-23 08:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-05-22 09:35 - 2016-07-02 16:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-05-22 09:20 - 2015-08-13 21:23 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2017-05-22 08:34 - 2016-03-09 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2017-05-22 08:34 - 2016-03-09 20:46 - 00000000 ____D C:\Program Files\RogueKiller
    2017-05-21 15:00 - 2017-04-03 16:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
    2017-05-21 15:00 - 2016-04-03 14:00 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
    2017-05-21 12:25 - 2017-04-03 16:50 - 00102608 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2017-05-21 12:25 - 2017-04-03 16:50 - 00008339 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
    2017-05-17 11:15 - 2015-08-13 20:11 - 00000000 ____D C:\Users\alan\AppData\Roaming\Audacity
    2017-05-17 10:23 - 2016-08-23 15:19 - 00000000 ____D C:\Program Files (x86)\Google
    2017-05-17 09:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
    2017-05-12 13:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2017-05-10 20:54 - 2009-07-14 05:45 - 00366792 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-05-10 20:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2017-05-10 20:49 - 2015-08-12 08:05 - 00765656 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-05-10 20:46 - 2015-08-11 22:22 - 00000000 ____D C:\Windows\system32\MRT
    2017-05-10 20:44 - 2015-08-11 22:22 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-05-10 20:32 - 2015-08-12 06:01 - 00000000 ____D C:\Windows\Panther
    2017-05-09 12:10 - 2016-02-17 22:55 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-05-09 12:10 - 2015-10-03 11:54 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-05-09 12:10 - 2015-10-03 11:54 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-05-09 12:10 - 2015-08-13 14:04 - 00000000 ____D C:\Windows\system32\Macromed
    2017-05-09 12:10 - 2015-08-12 10:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2017-05-09 11:22 - 2015-08-11 21:08 - 00000000 ____D C:\Users\alan
    2017-05-07 12:29 - 2015-08-13 14:06 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-05-05 20:20 - 2015-08-12 08:58 - 00000000 ___SD C:\Windows\system32\CompatTel
    2017-05-05 20:20 - 2015-08-12 08:58 - 00000000 ____D C:\Windows\system32\appraiser
    2017-05-05 20:19 - 2015-12-19 11:21 - 00000000 ____D C:\Users\Public\Creative
    2017-05-05 19:34 - 2015-08-11 21:08 - 00001417 _____ C:\Users\alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2017-05-05 19:17 - 2016-11-18 14:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-05-05 19:17 - 2015-12-29 18:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-05-05 14:37 - 2016-11-18 14:21 - 00000000 ____D C:\Users\alan\AppData\LocalLow\Mozilla
    2017-05-05 09:50 - 2016-11-10 18:25 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2017-05-05 09:49 - 2015-10-03 22:31 - 00000000 ____D C:\ProgramData\McAfee
    2017-05-03 11:16 - 2015-08-11 21:08 - 00000000 ____D C:\Users\alan\AppData\Local\VirtualStore
    2017-04-29 18:43 - 2015-09-01 18:17 - 00000000 ____D C:\Users\alan\AppData\Local\CrashDumps
    2017-04-28 11:40 - 2015-08-13 19:59 - 00000000 ____D C:\Users\alan\AppData\Local\Spotify
    2017-04-28 09:43 - 2015-08-13 19:59 - 00000000 ____D C:\Users\alan\AppData\Roaming\Spotify

    ==================== Files in the root of some directories =======

    2015-12-10 21:11 - 2015-12-10 21:17 - 0000016 _____ () C:\Users\alan\AppData\Roaming\msregsvv.dll
    2015-12-10 21:11 - 2015-12-10 21:17 - 0000016 _____ () C:\ProgramData\autobk.inc

    Some files in TEMP:
    ====================
    2017-05-22 09:19 - 2017-04-28 02:11 - 1732864 _____ (Microsoft Corporation) C:\Users\alan\AppData\Local\Temp\dllnt_dump.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-05-14 16:54

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
    Ran by alan (23-05-2017 18:22:30)
    Running from C:\Users\alan\Documents\DAD\Diagnostics and Security
    Windows 7 Home Premium Service Pack 1 (X64) (2015-08-11 20:08:08)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3184768179-1666152133-2235710419-500 - Administrator - Disabled)
    alan (S-1-5-21-3184768179-1666152133-2235710419-1000 - Administrator - Enabled) => C:\Users\alan
    Guest (S-1-5-21-3184768179-1666152133-2235710419-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3184768179-1666152133-2235710419-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Internet Security (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton Internet Security (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
    FW: Norton Internet Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
    Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
    AmpliTube 3 version 3.14.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.14.0 - IK Multimedia)
    Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.331 - ArcSoft)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
    ASUS Xonar DS Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version: 1.00.0003 - ASUSTeK Computer Inc.)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    Belarc Advisor 8.2 (HKLM-x32\...\Belarc Advisor) (Version: 8.2.7.13 - Belarc Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
    Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
    Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
    Canon iP7200 series User Registration (HKLM-x32\...\Canon iP7200 series User Registration) (Version: - Canon Inc.‎)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
    Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
    Creative Media Toolbox 6 (Shared Components) (HKLM-x32\...\Uninstaller_B4736000_Creative Media Toolbox 6) (Version: 2.80.12 - Creative Labs)
    Creative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)
    Custom Shop version 1.5.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.5.0 - IK Multimedia)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
    DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
    Fender Universal ASIO (HKLM-x32\...\Fender Universal ASIO) (Version: - )
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
    Hauppauge WinTV 8 (HKLM-x32\...\Hauppauge WinTV 8) (Version: v8.0.34117 (CD 4.6 AAC) - Hauppauge Computer Works)
    High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden
    IK Multimedia Authorization Manager version 1.0.10 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.10 - IK Multimedia)
    Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
    Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
    Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.9.0.3 - QFX Software Corporation)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
    Macrium Reflect Free Edition (Version: 6.1.1366 - Paramount Software (UK) Ltd.) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3184768179-1666152133-2235710419-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 53.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-GB)) (Version: 53.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.0.10300.0.0 - Nero AG)
    Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.0.10300.0.0 - Nero AG)
    Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.0.10300.0.0 - Nero AG)
    Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.0.10300.0.0 - Nero AG)
    Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.0.10300.1.0 - Nero AG)
    Nero 10 Movie ThemePack 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.0.10300.1.0 - Nero AG)
    Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.0.10300.0.0 - Nero AG)
    Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.0.10300.2.0 - Nero AG)
    Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11100.14.101 - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
    Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.10600.9.100 - Nero AG)
    Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10500.7.100 - Nero AG)
    Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
    Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
    Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
    Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.11000.6.100 - Nero AG)
    Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
    Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
    Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
    Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
    Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.10500.4.100 - Nero AG)
    Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG)
    Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.10700.4.100 - Nero AG)
    Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
    NETGEAR A6210 Genie (HKLM-x32\...\InstallShield_{24352157-CF75-4215-A0B5-3AF01F78CB0A}) (Version: 36.0.0.0 - NETGEAR)
    NETGEAR A6210 Genie (x32 Version: 36.0.0.0 - NETGEAR) Hidden
    Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.9.3.13 - Symantec Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    RogueKiller version 12.10.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.9.0 - Adlice Software)
    Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
    Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
    Sound Blaster Z-Series (HKLM-x32\...\{B2C527EF-4F7B-405A-ADB4-89B432891FF2}) (Version: 1.00.28 - Creative Technology Limited)
    Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
    Spotify (HKU\S-1-5-21-3184768179-1666152133-2235710419-1000\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
    TBS 6280 Dual DVBT/T2 Tuner driver 1.0.1.3 for windows (HKLM\...\TBS 6280 Dual DVBT/T2 Tuner driver for windows_is1) (Version: - TBS Technologies)
    Windows Driver Package - TBSDTV TECHNOLOGY (TBS6280_64) MEDIA (02/10/2015 1.0.1.3) (HKLM\...\665C92F4C153D06E76F0E320F62E15D363D50AF1) (Version: 02/10/2015 1.0.1.3 - TBSDTV TECHNOLOGY)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3184768179-1666152133-2235710419-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\alan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3184768179-1666152133-2235710419-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\alan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3184768179-1666152133-2235710419-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\alan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3184768179-1666152133-2235710419-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\alan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-3184768179-1666152133-2235710419-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\alan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1DC06855-A8C1-4A89-B811-22FE66DEBEFC} - System32\Tasks\{9E21853C-3F20-4EE3-9047-381019F2B239} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
    Task: {34E2F50B-961A-47EB-AEEE-A5BBFC5DE60D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2017-05-11] (Symantec Corporation)
    Task: {42A705E8-1193-4D33-A654-705CBD9A93D4} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files\Norton Internet Security\Engine\22.9.3.13\SymErr.exe [2017-05-11] (Symantec Corporation)
    Task: {4D4CD094-0ECE-46B7-B30E-554564604EAE} - System32\Tasks\alan NBAgent 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-02-22] (Nero AG)
    Task: {4E34023F-7031-453C-A63C-4435B7B9E1DB} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3184768179-1666152133-2235710419-1000
    Task: {51FD8947-B7CE-4B37-9737-8AEA7B24B40C} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\22.9.3.13\WSCStub.exe [2017-05-11] (Symantec Corporation)
    Task: {7D7C82FE-790D-4390-BB36-F317767D88C8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-05] (Piriform Ltd)
    Task: {7F80F3C7-71EF-40B3-9E2D-57895A2EF864} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-09] (Adobe Systems Incorporated)
    Task: {B6BEA03B-09CE-4A76-AC35-72B833867D32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-17] (Google Inc.)
    Task: {D0861D6E-1CCF-426B-B051-6F850C1281DF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {E08B6CFA-F836-40FA-8589-F56509527000} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-17] (Google Inc.)
    Task: {E6F0F5C6-E8B3-438A-8126-5A1EB87DCD97} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files\Norton Internet Security\Engine\22.9.3.13\SymErr.exe [2017-05-11] (Symantec Corporation)
    Task: {F42125FD-0094-46FE-9429-A9423EB98506} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-08-13 19:07 - 2012-03-28 13:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2015-08-12 11:30 - 2008-07-11 16:04 - 00200704 _____ () C:\Windows\SysWOW64\HsMgr.exe
    2015-08-12 11:30 - 2008-07-11 16:03 - 00282112 _____ () C:\Windows\system\HsMgr64.exe
    2015-09-17 17:42 - 2015-09-17 17:42 - 00192232 _____ () C:\Program Files (x86)\NETGEAR\A6210\NetgearSwitchUSB.exe
    2017-04-26 17:32 - 2017-04-26 17:32 - 00598528 _____ () C:\Users\alan\AppData\Local\MEGAsync\ShellExtX64.dll
    2016-05-20 14:38 - 2011-08-23 13:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
    2017-04-02 20:25 - 2007-04-19 10:30 - 00039680 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\MMShellHook.dll
    2016-07-28 15:50 - 2016-07-28 15:50 - 00122880 _____ () C:\Program Files (x86)\NETGEAR\A6210\Ralink.dll
    2012-11-21 18:26 - 2012-11-21 18:26 - 01204224 _____ () C:\Program Files (x86)\NETGEAR\A6210\RaWLAPI.dll
    2016-05-20 17:17 - 2007-04-19 10:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
    2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
    2017-04-02 20:25 - 2007-04-19 10:39 - 00436992 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\fpxlib.dll
    2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-04-22 01:08 - 2016-04-22 01:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-05-20 17:17 - 2007-04-19 10:32 - 00051968 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uDx_SlideShowRes.dll
    2017-04-02 20:25 - 2008-03-25 12:26 - 00081920 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\iEPGClub.dll
    2017-04-02 20:25 - 2006-03-31 12:04 - 01064960 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\dlcllib.dll
    2017-04-02 20:25 - 2007-04-19 10:29 - 00068352 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\ComOSD.dll
    2017-04-02 20:25 - 2008-04-21 16:19 - 00114688 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\MPEG Engine\ArcNEO6.dll
    2016-04-13 09:38 - 2016-04-13 09:38 - 00482304 _____ () C:\Users\alan\AppData\Local\MEGAsync\libsodium.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2017-05-14 09:59 - 00000062 _____ C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3184768179-1666152133-2235710419-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\alan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Spotify => "C:\Users\alan\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\alan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{872F635B-B337-4323-98F6-F5F29DAD3B34}] => (Allow) LPort=3306
    FirewallRules: [{7554CD1E-CC4F-4DFC-9CB1-29BAEE7CE3C4}] => (Allow) C:\Users\alan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    FirewallRules: [{5A7369CB-84E4-4B76-A15E-35B6E10B1618}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{87238F24-AF7E-4D6E-8AF9-577E2D912841}] => (Allow) LPort=2869
    FirewallRules: [{1F1F9F45-2E0A-427D-BD72-D856FB129C7A}] => (Allow) LPort=1900
    FirewallRules: [{8F20EB47-68E3-44D3-B3EB-BB8A1734A08A}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{81E645DE-9B9F-4586-8B3D-1B57DFCE3F7C}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{E787B26D-076C-4CD6-AEB7-B8C1F3648A26}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{3056C883-DEFD-4644-9F87-95A61EE1549E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{6807F304-73EA-4DE2-8DD5-93F340960854}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{24DD6B52-F7E1-4627-9652-D4EC76E120AD}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{58ADFFF1-8DAA-49ED-9C09-FAFE7AF08F97}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{D78B8AA6-87A4-4223-8067-A1AC5726EC0E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{8AA361BB-A66A-4457-8312-577759F247FD}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{54C2CA3B-60BB-414E-B368-E42921A08F5B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [{31EC08B5-A938-4910-8D45-E25DEB6E6C37}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [{331B0AB7-A1BE-4907-9006-7A133703ED62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{20549147-090D-4CB0-B23B-C51B1FE06872}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{66227C17-300E-4C3E-AAD9-D08719A87B84}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe
    FirewallRules: [{3CC43AC2-533A-4916-AC4E-B110F2F54655}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe
    FirewallRules: [{AFC7827C-9139-4F79-9432-344463969903}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe
    FirewallRules: [{20C4FC78-64FA-4DC5-B4E8-DAE5B39C6FE8}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe
    FirewallRules: [{EDCDD1A6-2392-404C-BC7E-D1C784F733E4}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
    FirewallRules: [{CD335386-8D2C-41F6-822C-AEF00677B6ED}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
    FirewallRules: [{52A679C0-AF63-48D3-82F1-BB2D5B5E016F}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
    FirewallRules: [{9C2502C4-5F02-4C3E-9BF7-9483ACDBF0E4}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe
    FirewallRules: [{F2304B4F-857D-46C3-A67D-1E0A7919929E}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
    FirewallRules: [{11CBA48C-740A-4A78-AFB0-FDAC50AB9434}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
    FirewallRules: [{2BD6509A-22C4-4837-9388-5C2AD66B6401}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
    FirewallRules: [{F3689A5B-2C48-4D5A-BFBB-78EE89F65890}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
    FirewallRules: [{D68B2D58-E8CD-47AE-AC02-57978CCD4831}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
    FirewallRules: [{720F6400-9247-43B4-8896-FAB73937270C}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
    FirewallRules: [TCP Query User{FC598D25-1311-4045-BEAB-7313AEB59054}C:\users\alan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\alan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{1E90BC55-A82B-4558-B3D6-C0EED07613A2}C:\users\alan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\alan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{3B4803D9-1079-4E6C-871C-91015E541EA1}C:\users\alan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{A7D00638-1453-4E29-B82C-303B3BA2836A}C:\users\alan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alan\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{CF64991C-2DD4-4AEB-A494-8ABBB6FEEEF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{FD75D2CB-7247-4968-8658-490F914FD83F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{5AAFC2BA-C313-4659-9CE5-9AB256E0B35B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6D68AA1E-C887-4829-AF00-72573B330E81}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    ==================== Restore Points =========================

    06-05-2017 10:00:14 Windows Backup
    06-05-2017 21:59:25 Windows Update
    10-05-2017 20:41:43 Windows Update
    11-05-2017 10:08:39 Windows Update
    13-05-2017 10:00:25 Windows Backup
    20-05-2017 11:34:18 Windows Backup
    21-05-2017 19:32:30 Installed TotalMedia

    ==================== Faulty Device Manager Devices =============

    Name: High Definition Audio Device
    Description: High Definition Audio Device
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: HdAudAddService
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: High Definition Audio Device
    Description: High Definition Audio Device
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: HdAudAddService
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/23/2017 09:36:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1897159

    Error: (05/23/2017 09:36:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1897159

    Error: (05/23/2017 09:36:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/23/2017 08:21:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (05/22/2017 01:00:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 10015

    Error: (05/22/2017 01:00:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 10015

    Error: (05/22/2017 01:00:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/22/2017 09:59:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (05/22/2017 09:58:12 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (05/22/2017 09:58:12 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


    System errors:
    =============
    Error: (05/22/2017 09:31:06 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

    Error: (05/22/2017 09:01:37 PM) (Source: bowser) (EventID: 8003) (User: )
    Description: The master browser has received a server announcement from the computer CLAIRE-PC
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC559E89-BE3A-4C63-B682-B44E70882057}.
    The master browser is stopping or an election is being forced.

    Error: (05/22/2017 10:39:47 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.

    Error: (05/22/2017 09:58:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (05/22/2017 09:58:12 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Windows Search service terminated with service-specific error %%-1073473535.

    Error: (05/22/2017 09:54:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (05/22/2017 09:54:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (05/22/2017 08:58:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (05/22/2017 08:44:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.

    Error: (05/22/2017 08:44:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    The dependency service or group failed to start.


    CodeIntegrity:
    ===================================
    Date: 2015-11-08 21:43:44.994
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\Nero Autobackup\20151108_214146_Local Autobackup\C\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-11-08 21:43:44.977
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\Nero Autobackup\20151108_214146_Local Autobackup\C\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-11-08 21:43:44.941
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\Nero Autobackup\20151108_214146_Local Autobackup\C\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-11-08 21:43:44.914
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\Nero Autobackup\20151108_214146_Local Autobackup\C\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-11-08 19:43:42.940
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\Nero Autobackup\20151108_194146_Local Autobackup\C\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-11-08 19:43:42.922
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\Nero Autobackup\20151108_194146_Local Autobackup\C\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-11-08 19:43:42.853
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\Nero Autobackup\20151108_194146_Local Autobackup\C\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-11-08 19:43:42.804
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\Nero Autobackup\20151108_194146_Local Autobackup\C\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-11-08 17:43:37.658
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\Nero Autobackup\20151108_174146_Local Autobackup\C\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

    Date: 2015-11-08 17:43:37.628
    Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\Nero Autobackup\20151108_174146_Local Autobackup\C\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
    Percentage of memory in use: 40%
    Total physical RAM: 8103.22 MB
    Available physical RAM: 4796.6 MB
    Total Virtual: 16204.62 MB
    Available Virtual: 12034.51 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:162.05 GB) NTFS
    Drive e: () (Fixed) (Total:931.51 GB) (Free:354.36 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EEDBFC82)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9116A46)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    ==================== End of FRST.txt ============================

  4. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi stokie,

    I see that you have created a special folder to download and run the tools form in the following location:

    C:\Users\alan\Documents\DAD\Diagnostics and Security

    The majority of the tools are designed to run from the desktop for the best results. Also, once we are finished I will be having you download and run a utilty that will remove all the tools used and the log reports that they created and if they are located in an obscure location they will not be found so they can be removed. Could you please move FRST, HJT and all the logs generated by these tools to your desktop. I would truly appreciate it. Thank you.

    Good news. I see nothing of the malicious nature in your logs. I do see a few residual/orphaned files that are harmless yet cam be removed safely. Let's remove them and perform a couple other scans to what else can be found.

    Please do as follows:

    • Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
    • Please copy the entire contents of the code box below.
      (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    • Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt.

      Code:
      createrestorepoint:
      SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
      Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
      Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
      S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
      S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
      S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
      S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
      S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
      S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
      S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170403.008\NAVENG.SYS [X]
      S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170403.008\NAVEX15.SYS [X]
      emptytemp:
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
    • The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please post it to your reply.


    Next:

    Please download Junkware Removal Tool to your Desktop.
    • Please close your security software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete, depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    • Please post the contents of JRT.txt into your reply.


    Next:

    Download AdwCleaner from here. Save the file to the desktop.

    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    • Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be moved to Quarantine.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt


    In your next reply please post the following log reports:

    • Fixlog.txt
    • JRT.txt
    • C:\AdwCleaner\AdwCleaner[C0].txt
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  5. #5
    Member stokie's Avatar
    Join Date
    Apr 2005
    Posts
    74
    Points
    3

    Default

    Hi again DonnaB
    You will see I have moved everything to desktop as recommended.

    Here are the logs:-
    Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
    Ran by alan (24-05-2017 09:26:50) Run:1
    Running from C:\Users\alan\Desktop
    Loaded Profiles: alan (Available Profiles: alan)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    createrestorepoint:
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
    S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170403.008\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\22.9.1.12\Definitions\SDSDefs\20170403.008\NAVEX15.SYS [X]
    emptytemp:
    *****************

    Restore point was successfully created.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKCR\PROTOCOLS\Handler\livecall => key not found.
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
    HKCR\PROTOCOLS\Handler\msnim => key not found.
    HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
    HKLM\System\CurrentControlSet\Services\MREMP50 => key removed successfully
    MREMP50 => service removed successfully
    HKLM\System\CurrentControlSet\Services\MREMP50a64 => key removed successfully
    MREMP50a64 => service removed successfully
    HKLM\System\CurrentControlSet\Services\MREMPR5 => key removed successfully
    MREMPR5 => service removed successfully
    HKLM\System\CurrentControlSet\Services\MRENDIS5 => key removed successfully
    MRENDIS5 => service removed successfully
    HKLM\System\CurrentControlSet\Services\MRESP50 => key removed successfully
    MRESP50 => service removed successfully
    HKLM\System\CurrentControlSet\Services\MRESP50a64 => key removed successfully
    MRESP50a64 => service removed successfully
    HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
    HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23564074 B
    Java, Flash, Steam htmlcache => 839 B
    Windows/system/drivers => 14016596 B
    Edge => 0 B
    Chrome => 103424 B
    Firefox => 11389034 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 33186 B
    systemprofile32 => 33186 B
    LocalService => 33326 B
    NetworkService => 33058 B
    alan => 119552347 B

    RecycleBin => 13323778 B
    EmptyTemp: => 181.6 MB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-05-2017 09:30:24)


    Result of scheduled keys to remove after reboot:

    HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
    HKLM\System\CurrentControlSet\Services\NAVEX15 => could not remove key. Access Denied.

    ==== End of Fixlog 09:30:24 ====
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.3 (04.10.2017)
    Operating System: Windows 7 Home Premium x64
    Ran by alan (Administrator) on 24/05/2017 at 9:37:17.28
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 8

    Successfully deleted: C:\Users\alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5PWUBXQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JH8MM57L (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQ4OHG1Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\alan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6HD1KOX (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5PWUBXQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JH8MM57L (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQ4OHG1Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6HD1KOX (Temporary Internet Files Folder)



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 24/05/2017 at 9:39:33.23
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    # AdwCleaner v6.047 - Logfile created 24/05/2017 at 10:00:17
    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-05-23.1 [Local]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : alan - ALAN-PC
    # Running from : C:\Users\alan\Desktop\adwcleaner_6.047.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****



    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKU\S-1-5-21-3184768179-1666152133-2235710419-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    [-] Data restored: HKU\S-1-5-21-3184768179-1666152133-2235710419-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [1269 Bytes] - [03/04/2016 16:23:37]
    C:\AdwCleaner\AdwCleaner[C2].txt - [2654 Bytes] - [24/05/2017 09:43:30]
    C:\AdwCleaner\AdwCleaner[C3].txt - [1752 Bytes] - [24/05/2017 10:00:17]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1249 Bytes] - [03/04/2016 16:21:22]
    C:\AdwCleaner\AdwCleaner[S2].txt - [2542 Bytes] - [24/05/2017 09:42:42]
    C:\AdwCleaner\AdwCleaner[S3].txt - [694 Bytes] - [18/12/2015 20:22:01]
    C:\AdwCleaner\AdwCleaner[S4].txt - [2171 Bytes] - [24/05/2017 09:59:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2116 Bytes] ##########

  6. #6
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Stokie,

    Thank you for moving that tools to your desktop. That move will certainly make it easier for us both when it is time to clean up after ourselves here.

    How is your system running now? I suppose not much different since what was cleaned up was only, how should I say, dust particles hiding in the shadows and won't make much difference if we had left them there.

    Could you tell me more about the following issues that you have experienced, please.

    PC freezing and web pages "not responding"
    When does the PC freeze up? Does this occur when you are navigating through the PC or when you are using the browser?

    Are there any specific web pages that you receive the "not responding" message on?

    Edit > Which browser do you prefer? I see you have Firefox installed. Do you have the same issues with both Firefox and Internet Explorer?

    Let's run checkdisk just to make sure the hard drive is not experiencing issues. Please do as follows.
    1. Click on Start > Run and type in cmd
    2. Press Enter
    3. In the Command Prompt window type chkdsk c:/r (or copy and paste) and press Enter.
      Please Note the space between k c:/r
    4. The next dialog box will now show the following:

      Chkdsk cannot run because the volume is in use by another
      process. Would you like to schedule this volume to be
      checked the next time the system restarts? <Y/N>

    5. Type Y and reboot the computer.
    6. Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete.

    To find the log that is produced please do the following:

    Please download ListChkdskResult by SleepyDude to the desktop.

    1. Double click on the icon and click Run
    2. The log will appear on your desktop as a .txt file and the notepad will open.

    Please copy and paste the results in your next reply.

    Unfortunately I am off the work here in a few minutes and will catch up to you upon my return. Have a nice day.

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  7. #7
    Member stokie's Avatar
    Join Date
    Apr 2005
    Posts
    74
    Points
    3

    Default

    Hi DonnaB

    As you say no noticeable difference in performance.
    PC freezes using browser but no specific pages give "not responding" error - seems to be random.
    I used to use Firefox but it does not automatically fill website passwords using Identity Safe so I stopped using it.
    Eventually I got chkdsk to run using properties on "computer". However I can't get the log, but no errors were apparent.

    Stokie

  8. #8
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Stokie,

    PC freezes using browser but no specific pages give "not responding" error - seems to be random.
    I used to use Firefox but it does not automatically fill website passwords using Identity Safe so I stopped using it.
    Ah, ok. So I assume that you use IE11. If I remember correctly, starting with Firefox version 41, Firefox had stopped supporting the older, and what they deemed fairly unstable technology called "Binary XPCOM" used by a small number of add-on developers. Mozilla has encouraged developers to update their add-ons in order to stay safe and compatible with the latest versions of Firefox. Seems that Norton was one of those developers. This article is a couple of years old though it does state that Norton was planning some major updates.

    Personally I use the built in Password Manager included in Firefox.

    This freezing could be an add-on issue in your browser if it is the browser freezing and not the computer itself.

    Have you tried running Internet Explorer in no add-ons mode to see if you still get freezing? It will disable your Norton toolbar though to trouble shoot the freezing problem it will be necessary. In Windows 7, to run your Internet Explorer in the no add-ons mode please do as follows:

    Open Start > All Programs > Accessories > System Tools > Internet Explorer (No Add-ons).

    Browser around and bit to see if it still freezes. If it does not, you obviously have an issue with a particular add-0n, toolbar or extension. Proceed as follows:

    Open IE from the desktop and click the Tools menu, and click Manage Add-ons.
    Click Toolbars and Extensions, click each toolbar or extension, clicking Disable to turn off all of the browser extensions and toolbars.
    Restart IE11. Go back to the Manage Add-Ons window and turn on each item, one-by-one.

    After you turn each item back on, see if IE freezes, crashes or slows down. Doing it this way will help you identify the add-on that's causing IE to misbehave. After you've figured out which add-on was causing the problem, turn it off until you have an update from the manufacturer.

    Eventually I got chkdsk to run using properties on "computer". However I can't get the log, but no errors were apparent.
    That's good news but I am curious as to why you had issues running chkdsk from the command prompt and not being able to get the log with the instructions I provided above. Did you get any type of errors?
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  9. #9
    Member stokie's Avatar
    Join Date
    Apr 2005
    Posts
    74
    Points
    3

    Default

    Hi again

    I use the Norton because of the auto-fill facility which is not compatible with Firefox which used to be my favoured browser.
    As regards the freezing my PC has frozen on occasion and refused to shut down, so I don't think it's just browser orientated.
    When I tried to run chkdsk prom command prompt all I got was a flash screen then nothing further.
    I can see where you are coming from as regards add-ons but I have been using the same add-ons for ever on IE11 but the problems seem to have only just started to appear on a regular basis.
    Is Firefox autofill as secure as Norton?

    Stokie

  10. #10
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Stokie,

    I do apologize for the delay in responding. The Memorial Day Holiday kind of snuck up on me and plans had been prearranged with my family for some time.

    Is Firefox autofill as secure as Norton?
    I don't use the autofill feature in Firefox due to it's vulnerability to phishing attacks. You are much better off using a 3rd party autofill/password manager for this purpose. I only have my Firefox browser configured to save specific passwords for specific sites, so stay with Norton.

    This is a desktop, right? When is the last time that it has been given a good cleaning? If you do not have a can of compressed air, they are fairly cheap. Open up the tower and use the compressed air to blow out any dust that may have built up inside over time.

    Next, follows the instructions below to run a system file check scan. In the meantime, I noticed there are some system errors in the FRST log. I'll do a bit of research to see what they are associated with and if they could be the cause of the freezing.

    SFC Scan

    • Click on the Start button and in the search box, type cmd.exe
    • When you see cmd in the list, right-click on it and select Run as administrator
    • When command prompt opens, please type or copy/paste the following command into it, then press Enter

      sfc /scannow

      Wait for this to finish before you continue.

      Once the scan completes, type or copy/paste the following into notepad

      @echo off
      findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > sfcdetails.txt
      del %0

    • Click on File > Save As... and type sfc.bat then click Save
    • Double click on the batch file
    • This will create the file, sfcdetail.txt on your Desktop and the .bat file icon will self delete. Please attach this to your next post.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

Page 1 of 2 12 LastLast