Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Shuts down

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Shuts down

Unread postby albert1949 » May 6th, 2015, 7:44 pm

My computer is set up to go to sleep after not being used for a few minutes. Instead, the computer shuts down. I cannot get it to come back using the mouse or keyboard even though they are both set up to wake the computer. When I hit the power button I get a black screen with a message that windows did not shut down successfully.

Another issue that I have, which i am not sure if it is related, is that i cannot update itunes. When itunes tells me that i have an update and i tell it to update, nothing happens.

Any assistance that you can provide is greatly appreciated.

Albertg

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17728 BrowserJavaVersion: 11.31.2
Run by AL at 19:28:04 on 2015-05-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3895.2030 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={25F85CB3-8669-4FE6-965E-09B5F3DD42DD}&mid=4e518717ab0347cdb0fad16c220e0508-ad0e7999c551a9a68e9873bb70afebe9650dd904&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-03 10:58:00&v=4.1.0.411&pid=wtu&sg=&sap=hp
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{047CB1BA-2C54-4E11-ABDA-AD617CA8CEEC} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-3-11 213984]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-3-11 344544]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-4-3 137184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-4-9 284128]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-4-15 256992]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-4-7 291296]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-4-15 3438032]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-4-15 311792]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2014-12-11 89864]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-9-18 14624]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2014-12-14 232192]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2014-11-28 1363160]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2014-11-28 765144]
R2 vToolbarUpdater18.4.0;vToolbarUpdater18.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [2015-5-3 1875480]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2015-5-3 620056]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2014-11-28 18456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-4-14 114688]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-26 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-16 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-28 1255736]
.
=============== Created Last 30 ================
.
2015-05-03 14:58:18 -------- d-----w- C:\Users\AL\AppData\Local\AVG Web TuneUp
2015-05-03 14:58:15 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2015-05-03 14:57:56 -------- d-----w- C:\ProgramData\AVG Secure Search
2015-05-03 14:57:55 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2015-05-03 14:57:52 -------- d-----w- C:\ProgramData\AVG Web TuneUp
2015-05-03 14:57:47 -------- d-----w- C:\Program Files (x86)\AVG Web TuneUp
2015-04-15 18:05:15 -------- d-s---w- C:\Windows\System32\CompatTel
2015-04-15 18:05:15 -------- d-----w- C:\Windows\System32\appraiser
2015-04-15 17:06:02 256992 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2015-04-14 21:33:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2015-04-09 18:11:14 284128 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2015-04-09 00:54:59 -------- d-----w- C:\Users\AL\AppData\Local\AudioLabel
2015-04-09 00:54:58 -------- d-----w- C:\Program Files (x86)\AudioLabel
2015-04-07 16:39:26 291296 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
==================== Find3M ====================
.
2015-04-15 00:16:46 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-15 00:16:46 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-03 13:34:12 137184 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll
2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-03-25 03:00:57 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-03-25 03:00:57 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-03-25 03:00:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-03-23 03:25:15 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-03-23 03:25:01 769536 ----a-w- C:\Windows\System32\invagent.dll
2015-03-23 03:24:56 419840 ----a-w- C:\Windows\System32\devinv.dll
2015-03-23 03:24:54 957952 ----a-w- C:\Windows\System32\appraiser.dll
2015-03-23 03:24:53 30720 ----a-w- C:\Windows\System32\acmigration.dll
2015-03-23 03:24:53 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-03-23 03:24:53 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-03-23 03:17:39 1111552 ----a-w- C:\Windows\System32\aeinv.dll
2015-03-20 16:18:18 40928 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2015-03-17 05:22:37 5557696 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-03-17 05:22:35 95672 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-17 05:22:35 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-17 05:19:37 1727904 ----a-w- C:\Windows\System32\ntdll.dll
2015-03-17 05:17:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-03-17 05:17:00 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-03-17 05:17:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-03-17 05:15:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-17 05:15:44 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-03-17 05:15:40 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-17 05:13:29 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-17 05:13:17 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-17 05:01:09 3976632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-03-17 05:01:09 3920824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-03-17 04:59:26 1309696 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-03-17 04:57:25 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-17 04:57:21 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-17 04:57:20 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-03-17 04:57:17 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-17 04:57:17 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-17 04:57:13 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-03-17 04:57:12 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-17 04:57:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-17 04:57:07 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-17 04:56:59 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-17 04:56:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-03-17 04:56:41 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-03-17 04:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-17 04:56:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-17 04:56:01 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-03-17 04:56:00 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-03-17 04:53:35 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-17 04:53:13 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-17 03:45:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-03-17 03:45:23 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-03-17 03:43:04 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 03:43:04 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 03:43:04 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-03-17 03:43:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-03-13 04:25:14 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-03-13 04:25:01 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-03-13 04:09:12 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-03-13 04:08:33 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-03-13 04:08:27 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-03-13 04:08:17 417280 ----a-w- C:\Windows\System32\html.iec
2015-03-13 04:06:54 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-03-13 03:54:11 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-03-13 03:54:00 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-03-13 03:53:22 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-03-13 03:50:45 6025216 ----a-w- C:\Windows\System32\jscript9.dll
2015-03-13 03:44:48 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-03-13 03:42:18 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-03-13 03:32:48 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-03-13 03:28:48 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-03-13 03:28:37 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-03-13 03:27:51 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-03-13 03:27:35 340992 ----a-w- C:\Windows\SysWow64\html.iec
2015-03-13 03:26:19 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-03-13 03:16:26 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-03-13 03:15:40 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-03-13 03:05:50 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-03-13 03:05:24 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-03-13 03:01:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-03-13 02:49:21 4305408 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-03-13 02:45:57 2358784 ----a-w- C:\Windows\System32\wininet.dll
2015-03-13 02:43:41 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-03-13 02:42:47 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-03-13 02:20:28 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-03-11 16:16:06 162784 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2015-03-11 16:13:36 344544 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2015-03-11 16:13:28 213984 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2015-03-10 03:25:10 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2015-03-10 03:21:42 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-03-10 03:08:26 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-03-10 03:05:39 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-03-10 00:22:12 96784 ----a-w- C:\Windows\SysWow64\packet.dll
2015-03-10 00:22:12 369168 ----a-w- C:\Windows\System32\wpcap.dll
2015-03-10 00:22:12 35344 ----a-w- C:\Windows\System32\drivers\npf.sys
2015-03-10 00:22:12 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll
.
============= FINISH: 19:28:39.30 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/25/2014 6:28:46 PM
System Uptime: 5/6/2015 7:14:43 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0C2KJT
Processor: Intel(R) Pentium(R) CPU G6950 @ 2.80GHz | CPU 1 | 2800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 184.339 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 466 GiB total, 109.221 GiB free.
K: is FIXED (NTFS) - 0 GiB total, 0.06 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP63: 4/12/2015 7:33:52 PM - Windows Backup
RP64: 4/14/2015 10:11:22 PM - Windows Update
RP65: 4/19/2015 8:55:13 PM - Windows Backup
RP66: 4/24/2015 10:59:25 PM - Installed AVG 2015
RP67: 4/26/2015 7:00:20 PM - Windows Backup
RP68: 5/3/2015 7:48:27 PM - Windows Backup
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Digital Editions 4.0
Adobe Flash Player 17 ActiveX
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AudioLabel
AVG 2015
AVG Web TuneUp
Bing Bar
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
BufferChm
Coupon Printer for Windows
D110
Definition Update for Microsoft Office 2010 (KB2965299) 64-Bit Edition
Dell Resource CD
Destinations
DeviceDiscovery
GeniusBox 2.0
Google Chrome
Google Update Helper
GPBaseService2
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Support Solutions Framework
HP Update
HPAppStudio
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
iTunes
Java 8 Update 31
Java Auto Updater
MarketResearch
Microsoft .NET Framework 4.5.2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Modem Diagnostic Tool
MP3 Rocket
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR Genie
NetWaiting
Network64
PS_AIO_07_D110_SW_Min
QuickTransfer
Scan
Secunia PSI (3.0.0.10004)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2889839) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2553428) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
TurboTax 2014
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wrapper
Update for Microsoft Access 2010 (KB2837601) 64-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 64-Bit Edition
Update for Microsoft Excel 2010 (KB2956084) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2881026) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 64-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 64-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 64-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 64-Bit Edition
Update for Microsoft Office 2010 (KB2920813) 64-Bit Edition
Update for Microsoft Office 2010 (KB2956141) 64-Bit Edition
Update for Microsoft Office 2010 (KB2956191) 64-Bit Edition
Update for Microsoft Office 2010 (KB2965235) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2956205) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2965295) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2956190) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2881025) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2881021) 64-Bit Edition
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WebReg
Windows Live ID Sign-in Assistant
.
==== Event Viewer Messages From Past Week ========
.
5/4/2015 8:51:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
5/4/2015 8:51:24 PM, Error: Service Control Manager [7000] - The HP Support Solutions Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/3/2015 8:21:15 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
.
==== End Of File ===========================
albert1949
Active Member
 
Posts: 13
Joined: January 12th, 2015, 11:45 pm
Advertisement
Register to Remove

Re: Computer Shuts down

Unread postby wannabeageek » May 7th, 2015, 10:54 am

Hello albert1949, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Computer Shuts down

Unread postby wannabeageek » May 7th, 2015, 11:09 am

Hi albert1949,

Below are a list of tax programs that contain personal information.
You are strongly recommended to remove all data files from these programs.
The reason for this is we are a public forum and all posts are easily viewable as such.
Our scans may reveal personal information contained in these files on your computer.
The last thing you want is any of your personal information spread across the web.
Please post back confirming that you have removed all data containing personal information.

After you post back confirming removal, we shall continue.
TurboTax 2014
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wrapper
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Computer Shuts down

Unread postby albert1949 » May 8th, 2015, 4:59 pm

I have backed up the files.

Thank you.
albert1949
Active Member
 
Posts: 13
Joined: January 12th, 2015, 11:45 pm

Re: Computer Shuts down

Unread postby wannabeageek » May 9th, 2015, 10:19 am

Hi albert1949,

I noticed you recently installed AVG 2015.
Step 1.
Was there a problem with the previous AV that came on the computer?


Step 2.
Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. then press enter.
    • Locate the following program(s):
      Coupon Printer for Windows
      Java 8 Update 31
      MP3 Rocket
    • Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    • Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.


Step 3.
FRST - Farbar Recovery Scanner Tool Image

Please download FRST64.exe ... by Farbar. Save it to your desktop.

  1. Right click on FRST64.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it. When the tool opens click Yes to disclaimer.
  2. Press Scan button. ... A log will be created FRST.txt in the same directory the tool is run.
  3. Please copy/paste FRST.txt it to your reply.
  4. Please copy/paste Addition.txt in your reply.


What I need back from you:
Post each step separately.
  1. Answer to my question. (Step 1.)
  2. Contents of FRST.txt (Step 3.)
  3. Contents of Addition.txt (Step 3.)
  4. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Computer Shuts down

Unread postby albert1949 » May 10th, 2015, 11:14 am

1. I download an AV toolbar by mistake. Orignial antivirus that came with computer expired and I downloaded AVG because it had good reviews.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by AL (administrator) on AL-PC on 10-05-2015 11:10:08
Running from C:\Users\AL\Downloads
Loaded Profiles: AL (Available profiles: AL)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-27] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-03-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-01-19]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1544753468-1480976245-751527611-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={25F85CB3-8669-4FE6-965E-09B5F3DD42DD}&mid=4e518717ab0347cdb0fad16c220e0508-ad0e7999c551a9a68e9873bb70afebe9650dd904&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-03 10:58:00&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1544753468-1480976245-751527611-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1544753468-1480976245-751527611-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.finded.co/?opts=fb&hp=g&c=no ... 7AodNyMA7g
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1544753468-1480976245-751527611-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={25F85CB3-8669-4FE6-965E-09B5F3DD42DD}&mid=4e518717ab0347cdb0fad16c220e0508-ad0e7999c551a9a68e9873bb70afebe9650dd904&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-03 10:58:00&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-03-03]
FF HKU\S-1-5-21-1544753468-1480976245-751527611-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3 ... E5A8&SSPV=
CHR StartupUrls: Default -> "hxxp://Taplika.com/?f=7&a=tpl_tight2_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0E0A0E0C0F0ByDzyyBzztN0D0Tzu0StCtCtDyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAyDtDyC0A0D0D0BtGzytAyE0DtGtDzyyEtAtGzz0F0AtBtGtBtByD0ByCtByCzyyD0B0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0DyCzyyByD0EtCtG0F0A0E0BtGyE0F0A0EtG0AtD0A0CtGtAyDtDyDzz0CzztC0F0AtAzy2Q&cr=173989028&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-26]
CHR Extension: (Google Docs) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-26]
CHR Extension: (Google Drive) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-26]
CHR Extension: (YouTube) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-26]
CHR Extension: (Google Search) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-26]
CHR Extension: (Google Sheets) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-26]
CHR Extension: (Bookmark Manager) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-26]
CHR Extension: (Gmail) - C:\Users\AL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-12-14] (NETGEAR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-04-07] (AVG Technologies CZ, s.r.o.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-03-09] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 11:10 - 2015-05-10 11:10 - 00015384 _____ () C:\Users\AL\Downloads\FRST.txt
2015-05-10 11:09 - 2015-05-10 11:10 - 00000000 ____D () C:\FRST
2015-05-10 11:09 - 2015-05-10 11:09 - 02102784 _____ (Farbar) C:\Users\AL\Downloads\FRST64.exe
2015-05-10 10:29 - 2015-05-10 10:29 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-10 10:29 - 2015-05-10 10:29 - 00000000 ____D () C:\ProgramData\Licenses
2015-05-10 10:28 - 2015-05-10 10:29 - 00000000 ____D () C:\Program Files\Remo Repair Outlook [PST]
2015-05-10 10:28 - 2015-05-10 10:28 - 00001381 _____ () C:\Windows\SysWOW64\rsrorx32.LOG
2015-05-10 10:28 - 2015-05-10 10:28 - 00000919 _____ () C:\Users\AL\Desktop\Remo Repair Outlook [PST].lnk
2015-05-10 10:28 - 2015-05-10 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Repair Outlook [PST]
2015-05-10 10:28 - 2010-07-10 17:11 - 07224875 _____ (dimastr.com) C:\Windows\system32\rsror64.dll
2015-05-10 10:28 - 2010-07-10 17:07 - 04280832 _____ (dimastr.com) C:\Windows\SysWOW64\rsror32.dll
2015-05-10 10:28 - 2010-07-10 17:07 - 00856064 _____ (dimastr.com) C:\Windows\SysWOW64\rsrorx32.dll
2015-05-10 10:28 - 2010-05-10 00:18 - 01356317 _____ (dimastr.com) C:\Windows\system32\rsrorx64.dll
2015-05-06 19:27 - 2015-05-06 19:27 - 00688992 ____R (Swearware) C:\Users\AL\Downloads\dds (2).scr
2015-05-03 10:58 - 2015-05-09 20:31 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-05-03 10:57 - 2015-05-09 12:16 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-04-26 09:46 - 2015-04-26 09:46 - 00688992 ____R (Swearware) C:\Users\AL\Downloads\dds (1).scr
2015-04-26 09:23 - 2015-04-26 09:23 - 00688992 ____R (Swearware) C:\Users\AL\Downloads\dds.scr
2015-04-15 17:58 - 2015-04-15 17:58 - 00408776 _____ (TweakBit) C:\Users\AL\Downloads\fix-my-pc-setup.exe
2015-04-15 14:05 - 2015-04-15 14:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 14:05 - 2015-04-15 14:05 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 13:06 - 2015-04-15 13:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-04-14 17:34 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 17:34 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 17:34 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 17:34 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 17:34 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 17:34 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 17:34 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 17:34 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 17:34 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 17:34 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 17:34 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 17:34 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 17:34 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 17:34 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 17:34 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 17:34 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 17:34 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 17:34 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 17:34 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 17:34 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 17:34 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 17:34 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 17:34 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 17:34 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 17:34 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 17:34 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 17:34 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 17:34 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 17:34 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 17:34 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 17:34 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 17:34 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 17:34 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 17:34 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 17:34 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 17:34 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 17:34 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 17:34 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 17:34 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 17:34 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 17:34 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 17:34 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 17:34 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 17:34 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 17:34 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 17:34 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 17:34 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 17:34 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 17:34 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 17:34 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 17:34 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 17:34 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 17:34 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 17:34 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 17:34 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 17:34 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 17:34 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 17:34 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 17:34 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 17:34 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 17:34 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 17:34 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 17:34 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 17:34 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 17:34 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 17:34 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 17:34 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 17:34 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 17:34 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 17:34 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 17:34 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 17:34 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 17:34 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 17:34 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 17:34 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 17:34 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 17:34 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 17:34 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 17:34 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 17:34 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 17:34 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 17:34 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 17:34 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 17:34 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 17:34 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 17:34 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 17:34 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 17:34 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 17:34 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 17:34 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 17:34 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 17:34 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 17:34 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 17:34 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 17:34 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 17:34 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 17:34 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 17:34 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 17:34 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 17:34 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 17:34 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 17:34 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 17:34 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 17:34 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 17:34 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 17:34 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 17:34 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 17:34 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 17:34 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 17:34 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 17:34 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 17:34 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 17:34 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-14 17:33 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 17:33 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 17:33 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 17:33 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 17:33 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 17:33 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 17:33 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 17:33 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 17:33 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 17:33 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 17:33 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 17:33 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 17:33 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 17:33 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 17:33 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 17:33 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 17:33 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 17:33 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 17:33 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 17:33 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 17:33 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 17:33 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 17:29 - 2015-04-14 17:31 - 00002901 _____ () C:\Users\AL\Downloads\attachment1

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 10:50 - 2014-11-25 19:58 - 00000000 ____D () C:\Users\AL\Documents\Outlook Files
2015-05-10 10:47 - 2014-11-26 20:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-10 10:36 - 2014-11-25 19:46 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{32C26912-984F-40C4-8FC2-167F68B6534C}
2015-05-10 10:33 - 2015-01-19 21:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-10 09:54 - 2009-07-14 00:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-10 09:54 - 2009-07-14 00:45 - 00020720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-10 09:53 - 2014-11-27 15:49 - 00000000 ____D () C:\Users\AL\AppData\Roaming\MP3Rocket
2015-05-10 09:53 - 2014-11-27 15:49 - 00000000 ____D () C:\Program Files (x86)\MP3 Rocket
2015-05-10 09:51 - 2015-03-03 23:33 - 00000000 ____D () C:\Program Files (x86)\Coupons
2015-05-10 09:51 - 2014-11-25 20:13 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-10 09:51 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-10 09:50 - 2014-11-25 19:27 - 01702374 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 09:47 - 2014-12-22 17:29 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-05-10 09:46 - 2014-11-26 20:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 09:46 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-10 09:46 - 2009-07-14 00:51 - 00061857 _____ () C:\Windows\setupact.log
2015-05-08 20:11 - 2009-07-14 01:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-07 21:43 - 2015-02-04 18:05 - 00000000 ____D () C:\Users\AL\Documents\TurboTax
2015-05-05 22:47 - 2014-11-25 19:29 - 00000000 ____D () C:\Users\AL
2015-05-01 08:49 - 2014-11-26 20:37 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-24 23:02 - 2014-11-25 20:01 - 00088478 _____ () C:\Windows\PFRO.log
2015-04-24 23:00 - 2015-01-24 11:00 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-24 23:00 - 2014-11-25 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-16 11:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 16:15 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-14 22:21 - 2014-11-25 19:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 22:19 - 2014-11-28 20:17 - 00773912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 22:18 - 2014-11-25 20:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 22:14 - 2014-11-25 20:09 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 22:12 - 2009-07-13 22:34 - 00000513 _____ () C:\Windows\win.ini
2015-04-14 20:16 - 2015-01-19 21:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 20:16 - 2014-11-25 20:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 20:16 - 2014-11-25 20:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-10 17:54 - 2015-03-03 23:43 - 00000000 ____D () C:\Users\AL\Documents\My Scans

==================== Files in the root of some directories =======

2015-01-11 20:42 - 2015-01-11 20:42 - 0000064 _____ () C:\Users\AL\AppData\Local\543103c6c673b3f823f1c9d2b31c229b
2014-11-25 19:55 - 2015-03-03 23:37 - 0008769 _____ () C:\ProgramData\hpzinstall.log
2015-02-04 18:00 - 2015-02-04 18:02 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\AL\AppData\Local\Temp\ade.exe
C:\Users\AL\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\AL\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 20:34

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by AL at 2015-05-10 11:10:47
Running from C:\Users\AL\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1544753468-1480976245-751527611-500 - Administrator - Disabled)
AL (S-1-5-21-1544753468-1480976245-751527611-1000 - Administrator - Enabled) => C:\Users\AL
Guest (S-1-5-21-1544753468-1480976245-751527611-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1544753468-1480976245-751527611-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudioLabel (HKLM-x32\...\AudioLabel) (Version: 4.40 (Build 9) - Registered - CDCoverSoft)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG 2015 (Version: 15.0.4342 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{5569655A-9653-42CD-A599-5617DF767D2A}) (Version: 12.37.01 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
D110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.57 - NETGEAR Inc.)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.54 - BVRP Software, Inc)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Remo Repair Outlook [PST] (HKLM\...\{9F198151-82C8-4AE0-9290-4248B416BDF4}_is1) (Version: 3.0.0.9 - Remo Software)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

14-04-2015 22:11:22 Windows Update
19-04-2015 20:55:13 Windows Backup
24-04-2015 22:59:25 Installed AVG 2015
26-04-2015 19:00:20 Windows Backup
03-05-2015 19:48:27 Windows Backup
10-05-2015 09:51:48 Removed Java 8 Update 31

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0284C3A2-9C12-407B-B369-65EE18A6DC3B} - System32\Tasks\Check Updates => C:\Users\AL\AppData\Local\GeniusBox\updater.exe
Task: {0A1A4196-D192-4751-89D9-BE01EECBE8C3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1CF60762-74C5-4C2D-B4D5-2061B1D8AB9D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {2672AD9C-4446-4386-A767-23F2570C5BB6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {383BF525-6C6B-48D9-B94F-C3391DF58AEC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {41BBB9CA-6DC7-4DF3-8F87-D4AF099D4481} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {5AECD7E5-41C9-489E-895D-0D396A1DAB02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-26] (Google Inc.)
Task: {5BEC3C21-014F-4966-A71B-A9C7B913358A} - System32\Tasks\Validate Installation => C:\Users\AL\AppData\Local\GeniusBox\updater.exe <==== ATTENTION
Task: {6F91B6F9-19C7-460B-A370-D9A6F865D390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-26] (Google Inc.)
Task: {B26B96E2-E8B1-4BC5-8F06-AF7DAC82ABC9} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\AL\AppData\Local\GeniusBox\client.exe" <==== ATTENTION
Task: {C5E947A4-9F2F-4942-B473-D68D421D34FF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DD8CF5FE-AF8B-498D-87E3-FF66FA913400} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {ED51586C-6205-49DF-9991-EAC0044E025A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-12-22] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-01 08:49 - 2015-04-27 22:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-05-01 08:49 - 2015-04-27 22:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1544753468-1480976245-751527611-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\AL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{005640EF-61FF-4A35-8A14-2F9620F52440}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{81B58BC3-042F-4621-932A-50524864C075}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A0247259-3E45-4AE6-AD38-9CDFF5C26ACC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDD7F12A-9DA7-4373-9D89-39CD5DDF280E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{43DEE322-B87A-481A-9046-C317AE61BE91}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{D455C441-4EC7-4494-832F-CC6F778ED96F}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{7FF4BBEB-C1B2-47E6-A1FB-83953C400BDB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{00693328-D0A8-47FB-9881-4F2F683D7643}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{B88F15A2-3CEC-4952-BC38-5F2C86A4935B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D645346B-0DAC-4B0E-B22D-9899964562A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{040A9F4D-CC7A-4042-989A-01A3847AF840}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{36F39107-3ED7-4421-9D52-24F07D571DD2}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{70437CF1-02DE-45A1-9BAE-0EC062C9B695}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{07EC0449-BFE0-44CB-BD80-FB6EEBED3973}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D352E351-DBEE-4544-89AE-92F04A227014}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E770B390-C1B2-4041-9806-AA70FC636573}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{31937FD4-4FCF-4E22-89A3-76DC6E79F0B9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{7717000D-8260-4483-9069-91CA84F5BC10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C8ADE330-4B1B-479B-8E5E-25C431B71013}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{DC7996D7-72B9-454A-961E-469530D0F2C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{08C88207-122E-4CBF-AA39-41750942F089}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{2AFB4620-AA37-4FE3-8B59-33444FFB785A}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{CBDAABCC-5C12-4263-A6BF-B83934F8BCE1}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{D4218A7C-35D4-4970-AEBB-F5FA0ECB00B4}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{BDFF2FCD-F588-499D-B254-A221111A56DB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{BDF17B33-58E8-4C3E-A317-D32128B7F5AF}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{30C01D13-1237-4876-9D1E-B29A31AB051C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{F903BE48-A901-425E-B664-D605BF2C78A9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{08EB93DE-EDF0-4278-9B68-64BFEFEBCBAB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C13B0EED-39AB-498B-9290-B151610A8A0C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6196257F-8D6D-49D7-9129-69FAB84FE3A6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{AC0F5DC1-602F-4E37-8BA5-EF232F735D38}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2355E21B-FBB1-4E84-B89F-8D66F94D0EEA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{D5F02F68-4B50-49F9-8E97-553973F46DAC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{989E417D-5021-4748-8049-038AE2EA5F5E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2015 10:28:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/10/2015 10:28:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/10/2015 10:28:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/10/2015 10:28:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/04/2015 10:31:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (05/04/2015 10:31:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (05/04/2015 10:31:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2015 09:13:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.2.0, time stamp: 0x53c9a9a0
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0x810
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3

Error: (04/12/2015 09:13:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
at System.Diagnostics.EventLogInternal.GetEntryAtNoThrow(Int32)
at System.Diagnostics.EventLogEntryCollection+EntriesEnumerator.MoveNext()
at ..(.)
at ..(.)
at ..()

Error: (04/11/2015 10:07:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.2.0, time stamp: 0x53c9a9a0
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xe0434352
Fault offset: 0x000000000000940d
Faulting process id: 0x744
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3


System errors:
=============
Error: (05/09/2015 11:27:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:22:52 PM on ‎5/‎9/‎2015 was unexpected.

Error: (05/09/2015 08:28:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:09:15 PM on ‎5/‎9/‎2015 was unexpected.

Error: (05/09/2015 05:22:12 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/09/2015 05:21:45 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/09/2015 05:21:36 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/09/2015 04:47:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (05/09/2015 04:47:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (05/09/2015 04:47:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (05/09/2015 04:09:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:16:48 PM on ‎5/‎9/‎2015 was unexpected.

Error: (05/09/2015 11:53:05 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:43:49 AM on ‎5/‎9/‎2015 was unexpected.


Microsoft Office Sessions:
=========================
Error: (05/10/2015 10:28:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Remo Repair Outlook [PST]\rs-ror.exe.Manifest

Error: (05/10/2015 10:28:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Remo Repair Outlook [PST]\rs-ror.exe.Manifest

Error: (05/10/2015 10:28:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Remo Repair Outlook [PST]\rs-ror.exe.Manifest

Error: (05/10/2015 10:28:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\Remo Repair Outlook [PST]\rs-ror.exe.Manifest

Error: (05/04/2015 10:31:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (05/04/2015 10:31:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (05/04/2015 10:31:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2015 09:13:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoKMS.exe2.5.2.053c9a9a0KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d81001d07522624d22adC:\Windows\AutoKMS\AutoKMS.exeC:\Windows\system32\KERNELBASE.dlla9fcb3ec-e115-11e4-83fd-002564eaecfb

Error: (04/12/2015 09:13:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Stack:
at System.Diagnostics.EventLogInternal.GetEntryAtNoThrow(Int32)
at System.Diagnostics.EventLogEntryCollection+EntriesEnumerator.MoveNext()
at ..(.)
at ..(.)
at ..()

Error: (04/11/2015 10:07:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoKMS.exe2.5.2.053c9a9a0KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940d74401d07460c14a24bfC:\Windows\AutoKMS\AutoKMS.exeC:\Windows\system32\KERNELBASE.dll087081d3-e054-11e4-811b-002564eaecfb


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G6950 @ 2.80GHz
Percentage of memory in use: 47%
Total physical RAM: 3895.12 MB
Available physical RAM: 2060.32 MB
Total Pagefile: 7788.43 MB
Available Pagefile: 5702.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.73 GB) (Free:185.12 GB) NTFS
Drive k: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 90000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

I had no problems with your instructions.

Thank you again.
albert1949
Active Member
 
Posts: 13
Joined: January 12th, 2015, 11:45 pm

Re: Computer Shuts down

Unread postby wannabeageek » May 10th, 2015, 1:16 pm

Hi albert1949,


You never specified which version/brand of AV/SP you removed prior to installing AVG. I never asked about any toolbar;
I noticed you recently installed AVG 2015.
Step 1.
Was there a problem with the previous AV that came on the computer?
What was the name of the previously installed Anti-Virus/SpyWare program you had removed?

Please run the following:

Step 1.
Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.




Step 2.
Download and run MGA Diagnostic Tool
  1. Click here to download the MGA Diagnostics Tool from Microsoft and save it to your Desktop. The MGADiag.exe icon will appear on your Desktop.
  2. Right-click the MGADiag.exe icon on your Desktop and then select Run As Administrator from the popup menu.. The tools' window will be displayed.
  3. Click the Continue button. The scan will be performed. Once the scan is complete the report information will be displayed and a Copy button will be provided.
  4. Click the Copy button.
  5. Open Notepad and paste the contents of the report into the Notepad window.
  6. Save the report and paste the contents into your reply.



What I need back from you:
Post each separately.
  1. Contents of CKFiles.txt (Step 1.)
  2. Contents of MGADiag results (Step 2.)
  3. What Anti-Virus/SpyWare program was installed prior to AVG2015?
  4. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Computer Shuts down

Unread postby albert1949 » May 11th, 2015, 8:39 pm

1. Previous AV was Norton AV. Nothing was wrong with the program, I just did not want to pay for it.

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\windows\autokms\autokms.exe
c:\windows\prefetch\autokms.exe-7cc2d49e.pf
scanner sequence 3.AA.11.RXAPJZ
----- EOF -----
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-788W3-H689G-6P6GT
Windows Product Key Hash: yr8OHoeXhbT4dc6MxGYjdAStSPY=
Windows Product ID: 00371-OEM-8992671-00008
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {C7F7315F-C2A8-4A88-ABDB-84090FDFD831}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.150316-1654
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C7F7315F-C2A8-4A88-ABDB-84090FDFD831}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6P6GT</PKey><PID>00371-OEM-8992671-00008</PID><PIDType>2</PIDType><SID>S-1-5-21-1544753468-1480976245-751527611</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 580 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A03</Version><SMBIOSVersion major="2" minor="6"/><Date>20100201000000.000000+000</Date></BIOS><HWID>C6813007018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700008-02-1033-7600.0000-3292014
Installation ID: 000802897005318626912984089110275792440983943626988005
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 6P6GT
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 5/11/2015 8:34:03 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 2:26:2015 23:12
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LgAAAAEAAgABAAEAAAACAAAAAQABAAEA6GFi0vbaJnqAlhKHsBnGaQTWyGtcXQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL FX09
FACP DELL FX09
HPET DELL OEMHPET
MCFG DELL OEMMCFG
SLIC ACRSYS ACRPRDCT
OSFR DELL FX09
OEMB DELL FX09
ASF! LEGEND I865PASF
GSCI DELL GMCHSCI
SSDT DpgPmm CpuPm
albert1949
Active Member
 
Posts: 13
Joined: January 12th, 2015, 11:45 pm

Re: Computer Shuts down

Unread postby Cypher » May 12th, 2015, 6:19 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware