Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

services and controller app and runSW eating CPU

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

services and controller app and runSW eating CPU

Unread postby bweight » August 23rd, 2015, 6:55 pm

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-08-2015
Ran by BOB (administrator) on BOB-PC (23-08-2015 16:11:22)
Running from C:\Users\BOB\Desktop
Loaded Profiles: BOB & UpdatusUser (Available Profiles: BOB & UpdatusUser)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\COSService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\runSW.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
() C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\odscanui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogiOptionsAppBroker] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1580312 2015-05-07] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1603544 2015-06-30] (Bitdefender)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637528 2012-10-09] (CANON INC.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\Run: [COS] => C:\Program Files\COMODO\cCloud\cCloud.exe [7195824 2014-09-03] (COMODO Security Solutions)
HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\Run: [Zoom] => [X]
HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-06-27] (Siber Systems)
HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-06-18] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-05-11]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Macro Express 3.lnk [2014-11-18]
ShortcutTarget: Macro Express 3.lnk -> C:\Program Files (x86)\Macro Express3\MacExp.exe (Insight Software Solutions, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2015-07-02]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk [2015-08-22]
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-805UB\WlanCU.exe ()
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1565286939-3632609379-517438401-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ighome.com/
HKU\S-1-5-21-1565286939-3632609379-517438401-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-1565286939-3632609379-517438401-1004] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-1565286939-3632609379-517438401-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1565286939-3632609379-517438401-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-08-13] (Bitdefender)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-27] (Siber Systems Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-08-13] (Bitdefender)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-06-27] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-17] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-17] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-27] (Siber Systems Inc.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-08-13] (Bitdefender)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-06-27] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-08-13] (Bitdefender)
Toolbar: HKU\S-1-5-21-1565286939-3632609379-517438401-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1565286939-3632609379-517438401-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-06-27] (Siber Systems Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.co ... 5.24.0.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-07-29] (Belarc, Inc.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25
Tcpip\..\Interfaces\{4E3FC72F-9A05-4208-85C4-DB3DEED334F8}: [DhcpNameServer] 192.168.0.1 205.171.3.25 205.171.2.25

FireFox:
========
FF ProfilePath: C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\lhfkohfd.default
FF DefaultSearchEngine.US: Bing
FF Homepage: hxxp://www.ighome.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT PHANTOMPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\BOB\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-07-21] (Cisco WebEx LLC)
FF Extension: Pushbullet - C:\Users\BOB\AppData\Roaming\Mozilla\Firefox\Profiles\lhfkohfd.default\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2015-07-22]
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-08-21]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-08-21]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-11-18]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-08-21]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR Profile: C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-01-07]
CHR Extension: (Google Slides) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-07]
CHR Extension: (Google Drive) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-07]
CHR Extension: (Rapport) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-07-14]
CHR Extension: (YouTube) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-07]
CHR Extension: (Google Cast) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-07]
CHR Extension: (Google Search) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-07]
CHR Extension: (NYTimes) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2015-01-07]
CHR Extension: (Weather Luv) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\edjgkmhffglapkidkikihlhaonakainj [2015-01-07]
CHR Extension: (Bitdefender Wallet) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-08-21]
CHR Extension: (Tabs to the front!) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2015-01-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-08]
CHR Extension: (miniLock) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknafpnfcafklkflhenhaldedggpciao [2015-08-23]
CHR Extension: (Pic and Click San Francisco) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpmjmcgjoidcjgdfmeaajknmjcecdii [2015-04-30]
CHR Extension: (Norton Safe) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07]
CHR Extension: (Weather Underground) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2015-01-07]
CHR Extension: (Gmail) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-07]
CHR Extension: (RoboForm Password Manager) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-01-07]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-18]
CHR HKU\S-1-5-21-1565286939-3632609379-517438401-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-05-11] (Broadcom Corporation.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-07-24] (Bitdefender)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3550400 2014-10-07] (COMODO Security Solutions)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-07-29] (IBM Corp.)
R2 RunSwUSB; C:\Windows\runSW.exe [36864 2012-12-14] () [File not signed]
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S4 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2575552 2014-10-07] (COMODO Security Solutions)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2015-04-22] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1540744 2015-07-27] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-05-28] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-05-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-05-28] (BitDefender)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-05-11] (Broadcom Corporation.)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [115800 2015-05-21] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
R0 bdisk; C:\Windows\System32\drivers\bdisk.sys [85488 2014-10-07] (COMODO Security Solutions Inc.)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R0 CBUfs; C:\Windows\System32\drivers\CBUFS.sys [230712 2014-10-07] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [677744 2014-10-07] (COMODO Security Solutions Inc.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-02-24] (BitDefender LLC)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R1 RapportCerberus_1507063; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507063.sys [958232 2015-08-22] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500088 2015-07-29] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-07-29] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-07-29] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-07-29] (IBM Corp.)
R0 reparse; C:\Windows\System32\DRIVERS\cbreparse.sys [674160 2014-10-07] (COMODO Security Solutions Inc.)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [4560640 2015-07-22] (Realtek Semiconductor Corporation )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R3 vdbus; C:\Windows\System32\drivers\vdbus.sys [826040 2014-10-07] (COMODO Security Solutions Inc.)
S3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-23 16:11 - 2015-08-23 16:13 - 00026547 _____ C:\Users\BOB\Desktop\FRST.txt
2015-08-23 16:10 - 2015-08-23 16:11 - 00000000 ____D C:\FRST
2015-08-23 16:09 - 2015-08-23 16:09 - 02173952 _____ (Farbar) C:\Users\BOB\Desktop\FRST64.exe
2015-08-23 13:16 - 2015-08-23 13:16 - 00002329 _____ C:\Users\BOB\Desktop\Chrome App Launcher.lnk
2015-08-23 13:16 - 2015-08-23 13:16 - 00000000 ____D C:\Users\BOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-22 21:38 - 2015-08-22 21:38 - 00001826 _____ C:\Users\Public\Desktop\Wireless Configuration Utility.lnk
2015-08-22 21:38 - 2015-08-22 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TRENDnet
2015-08-22 21:38 - 2013-10-25 17:45 - 00007239 _____ C:\WINDOWS\SysWOW64\Drivers\TXPWR_LMT.txt
2015-08-22 21:38 - 2013-10-25 17:45 - 00002993 _____ C:\WINDOWS\SysWOW64\Drivers\PHY_REG_PG.txt
2015-08-22 21:38 - 2012-12-14 15:54 - 00036864 _____ () C:\WINDOWS\runSW.exe
2015-08-22 21:10 - 2015-08-22 21:10 - 00000000 ____D C:\WINDOWS\LastGood
2015-08-22 21:04 - 2015-08-22 21:04 - 00001111 _____ C:\Users\BOB\Desktop\explorer.exe - Shortcut.lnk
2015-08-22 21:02 - 2015-08-22 21:02 - 00000385 _____ C:\Users\BOB\AppData\Roaminguser_gensett.xml
2015-08-22 19:44 - 2015-08-22 19:44 - 00000000 _____ C:\Recovery.txt
2015-08-22 18:09 - 2015-08-22 18:09 - 00000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2015-08-22 17:18 - 2015-08-22 17:18 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2015-08-21 19:58 - 2015-08-23 11:11 - 00000215 _____ C:\Users\BOB\AppData\Local\Lockdir6
2015-08-21 19:58 - 2015-08-23 11:05 - 00000051 _____ C:\Users\Public\Lockdir6.lg
2015-08-21 16:12 - 2015-08-21 16:12 - 00194392 _____ (IDRIX) C:\WINDOWS\system32\Drivers\veracrypt.sys
2015-08-21 15:47 - 2015-08-21 15:47 - 00492751 _____ C:\ProgramData\1440193006.bdinstall.bin
2015-08-21 15:46 - 2015-08-21 15:46 - 00000684 ____H C:\bdr-cf01
2015-08-21 15:42 - 2015-08-21 19:38 - 00000000 ____D C:\ProgramData\BDLogging
2015-08-21 15:42 - 2015-08-21 15:42 - 00002255 _____ C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2015-08-21 15:42 - 2015-08-21 15:42 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-08-21 15:42 - 2015-08-21 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-08-21 15:42 - 2014-12-15 18:04 - 00098768 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\bdfndisf6.sys
2015-08-21 15:42 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2015-08-21 15:42 - 2013-07-30 18:41 - 00079192 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2015-08-21 15:42 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2015-08-21 15:41 - 2015-08-21 15:48 - 00000000 ____D C:\Users\BOB\AppData\Roaming\Bitdefender
2015-08-21 15:41 - 2015-05-29 09:50 - 00271272 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2015-08-21 15:41 - 2015-05-28 14:21 - 00747120 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2015-08-21 15:41 - 2015-05-28 13:37 - 01369288 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2015-08-21 15:40 - 2015-08-21 15:46 - 00253404 ____H C:\bdr-ld01
2015-08-21 15:40 - 2015-08-21 15:46 - 00009216 ____H C:\bdr-ld01.mbr
2015-08-21 15:40 - 2015-05-27 17:02 - 49626058 ____H C:\bdr-im01.gz
2015-08-21 15:40 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2015-08-21 15:29 - 2015-07-05 04:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-08-21 15:25 - 2015-08-21 15:47 - 00000000 ____D C:\ProgramData\Bitdefender
2015-08-21 15:25 - 2015-08-21 15:25 - 00000000 ____D C:\Users\BOB\AppData\Roaming\QuickScan
2015-08-21 15:25 - 2015-08-21 15:25 - 00000000 ____D C:\Program Files\Bitdefender
2015-08-21 15:25 - 2015-02-24 17:52 - 00160544 ____N (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2015-08-21 15:25 - 2014-10-15 17:14 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2015-08-21 15:12 - 2015-08-21 15:25 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2015-08-21 07:13 - 2015-08-21 07:21 - 00003784 _____ C:\WINDOWS\System32\Tasks\Backup 01 and DOCS
2015-08-20 17:57 - 2015-08-20 17:57 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-08-20 07:46 - 2015-08-20 09:44 - 00000000 ____D C:\Users\BOB\AppData\Roaming\FreeFileSync
2015-08-20 07:46 - 2015-08-20 07:46 - 00001002 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2015-08-20 07:46 - 2015-08-20 07:46 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealtimeSync.lnk
2015-08-20 07:46 - 2015-08-20 07:46 - 00000000 ____D C:\Program Files\FreeFileSync
2015-08-19 19:16 - 2015-08-19 19:16 - 00000000 ___DC C:\Users\BOB\AppData\Local\MigWiz
2015-08-19 17:32 - 2015-08-19 17:33 - 01521392 _____ C:\WINDOWS\Minidump\081915-24531-01.dmp
2015-08-18 21:25 - 2015-08-10 19:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-18 21:25 - 2015-08-10 18:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-17 10:21 - 2015-08-21 07:02 - 00003272 _____ C:\WINDOWS\System32\Tasks\{23002133-56BC-4D93-AB0A-266D05144B32}
2015-08-16 14:00 - 2015-08-16 14:00 - 00002154 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2015-08-16 14:00 - 2015-08-16 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2015-08-16 14:00 - 2015-08-16 14:00 - 00000000 ____D C:\Program Files (x86)\SDA
2015-08-11 15:05 - 2015-07-30 08:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 15:05 - 2015-07-30 07:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 14:03 - 2015-07-18 19:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-11 14:03 - 2015-07-18 12:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-11 14:03 - 2015-07-18 12:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-11 14:03 - 2015-07-18 12:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-11 14:03 - 2015-07-18 12:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-11 14:03 - 2015-07-18 12:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-11 14:03 - 2015-07-18 12:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-11 14:03 - 2015-07-18 12:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-11 14:03 - 2015-07-18 12:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-11 14:03 - 2015-07-18 12:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-11 14:03 - 2015-07-18 12:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-11 14:03 - 2015-07-18 12:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-11 14:02 - 2015-07-15 18:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-11 14:02 - 2015-07-15 18:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-11 14:02 - 2015-07-15 18:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-11 14:02 - 2015-07-15 18:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-11 14:02 - 2015-07-10 11:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-11 14:01 - 2015-07-16 14:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-11 14:01 - 2015-07-16 14:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-11 14:01 - 2015-07-16 14:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-11 14:01 - 2015-07-16 14:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-11 14:01 - 2015-07-16 14:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-11 14:01 - 2015-07-16 14:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-11 14:01 - 2015-07-16 13:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-11 14:01 - 2015-07-16 13:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-11 14:01 - 2015-07-16 13:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-11 14:01 - 2015-07-16 13:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-11 14:01 - 2015-07-16 13:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-11 14:01 - 2015-07-16 13:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-11 14:01 - 2015-07-16 13:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-11 14:01 - 2015-07-16 13:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-11 14:01 - 2015-07-16 13:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-11 14:01 - 2015-07-16 13:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-11 14:01 - 2015-07-16 13:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-11 14:01 - 2015-07-16 13:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-11 14:01 - 2015-07-16 13:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-11 14:01 - 2015-07-16 13:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-11 14:01 - 2015-07-16 13:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-11 14:01 - 2015-07-16 13:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-11 14:01 - 2015-07-16 13:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-11 14:01 - 2015-07-16 13:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-11 14:01 - 2015-07-16 12:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-11 14:01 - 2015-07-16 12:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-11 14:01 - 2015-07-16 12:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-11 14:01 - 2015-07-16 12:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-11 14:01 - 2015-07-16 12:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-11 13:58 - 2015-07-13 13:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-11 13:58 - 2015-07-13 13:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-11 13:58 - 2015-07-07 03:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-11 13:58 - 2015-07-07 03:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-11 13:58 - 2015-07-07 03:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-11 13:58 - 2015-07-01 16:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-11 13:58 - 2015-07-01 16:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-11 13:58 - 2015-07-01 15:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-11 13:58 - 2015-07-01 15:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-11 13:57 - 2015-07-29 08:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-11 13:57 - 2015-07-29 08:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-11 13:57 - 2015-07-29 08:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-11 13:57 - 2015-07-24 12:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-11 13:57 - 2015-07-24 12:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-11 13:57 - 2015-07-24 12:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-11 13:57 - 2015-07-24 11:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-11 13:57 - 2015-07-24 11:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-11 13:57 - 2015-07-13 21:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-11 13:57 - 2015-07-13 21:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-11 13:57 - 2015-07-10 12:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-11 13:57 - 2015-07-10 11:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-11 13:57 - 2015-07-10 11:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-11 13:57 - 2015-07-10 11:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-11 13:57 - 2015-07-10 10:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-11 13:57 - 2015-07-10 10:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-11 13:57 - 2015-07-09 11:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-11 13:57 - 2015-07-09 11:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-11 13:57 - 2015-07-09 10:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-01 21:01 - 2015-08-01 21:01 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2015-08-01 21:01 - 2015-08-01 21:01 - 00002188 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2015-08-01 21:01 - 2015-08-01 21:01 - 00000000 ____D C:\Program Files (x86)\Belarc
2015-07-31 03:26 - 2015-08-04 16:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2015-07-30 08:02 - 2015-07-30 08:10 - 00000000 ____D C:\Users\BOB\Documents\produkey-x64
2015-07-30 07:51 - 2015-07-30 07:51 - 00001296 _____ C:\Users\UpdatusUser\Desktop\iSunshare Product Key Finder.lnk
2015-07-30 07:51 - 2015-07-30 07:51 - 00001296 _____ C:\Users\BOB\Desktop\iSunshare Product Key Finder.lnk
2015-07-30 07:51 - 2015-07-30 07:51 - 00000000 ____D C:\Users\Public\Documents\iSunshare Product Key Finder
2015-07-30 07:51 - 2015-07-30 07:51 - 00000000 ____D C:\Users\BOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iSunshare Product Key Finder
2015-07-30 07:51 - 2015-07-30 07:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSunshare Product Key Finder
2015-07-30 07:51 - 2015-07-30 07:51 - 00000000 ____D C:\Program Files (x86)\iSunshare Product Key Finder
2015-07-28 13:23 - 2015-07-28 13:23 - 00000000 ____D C:\Users\BOB\AppData\Roaming\FreeCommander
2015-07-28 11:10 - 2015-08-05 23:05 - 00000000 ____D C:\Program Files (x86)\FreeCommander XE
2015-07-28 11:10 - 2015-07-28 11:10 - 00000000 ____D C:\Users\BOB\AppData\Local\FreeCommanderXE
2015-07-28 11:10 - 2015-07-28 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander XE
2015-07-27 20:35 - 2015-07-27 20:35 - 00000000 ____D C:\Program Files (x86)\Windowz Explorer
2015-07-26 06:36 - 2015-06-12 11:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-07-26 06:36 - 2015-06-12 10:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-07-26 06:36 - 2015-06-09 12:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-26 06:35 - 2015-06-11 14:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-07-26 06:35 - 2015-06-11 14:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-07-26 06:34 - 2015-06-09 16:39 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-07-26 06:34 - 2015-06-09 16:39 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-07-26 06:34 - 2015-06-09 16:38 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-23 16:04 - 2014-11-18 19:25 - 01949172 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-23 15:43 - 2014-11-18 15:42 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1565286939-3632609379-517438401-1001
2015-08-23 14:41 - 2015-07-02 06:24 - 00000000 ____D C:\Users\BOB\AppData\Roaming\stickies
2015-08-23 14:40 - 2015-06-27 08:06 - 00005315 _____ C:\WINDOWS\runSW.log
2015-08-23 14:40 - 2015-03-13 05:43 - 00000000 ____D C:\Users\BOB\AppData\Local\HTC MediaHub
2015-08-23 14:39 - 2013-08-22 08:46 - 00011881 _____ C:\WINDOWS\setupact.log
2015-08-23 14:39 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-23 14:15 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-23 14:11 - 2013-08-22 07:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-23 14:10 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\tracing
2015-08-23 14:09 - 2014-11-18 19:29 - 00000000 ____D C:\Users\BOB
2015-08-23 14:06 - 2014-09-24 01:03 - 02107450 _____ C:\WINDOWS\PFRO.log
2015-08-23 00:01 - 2014-11-18 15:44 - 00000000 ____D C:\01STATIC
2015-08-22 21:38 - 2015-07-04 17:24 - 00000000 ____D C:\Program Files\TRENDnet
2015-08-22 21:38 - 2014-11-19 09:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-22 21:02 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-22 17:50 - 2014-12-14 12:15 - 00000000 ___DO C:\Users\BOB\OneDrive
2015-08-22 17:47 - 2014-11-18 19:26 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-22 17:33 - 2014-11-18 17:25 - 00000000 ____D C:\Users\BOB\AppData\Local\CrashDumps
2015-08-22 17:20 - 2015-04-07 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-08-22 17:18 - 2015-06-25 20:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-22 17:18 - 2015-01-07 04:42 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-22 17:18 - 2015-01-07 04:42 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-22 17:17 - 2014-11-18 15:51 - 00000000 ____D C:\ProgramData\Norton
2015-08-22 17:00 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-21 16:36 - 2015-06-23 13:50 - 00038431 _____ C:\Users\BOB\AppData\Roaming\Microsoft Excel 97-2003.ADR
2015-08-21 07:01 - 2015-06-25 20:01 - 00003720 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-21 07:01 - 2015-01-07 04:42 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-21 07:01 - 2015-01-07 04:42 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-21 07:00 - 2015-05-07 18:36 - 00003120 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-08-21 07:00 - 2015-05-07 18:36 - 00003094 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-08-21 07:00 - 2015-05-07 18:36 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-08-21 06:59 - 2015-05-07 18:36 - 00003064 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-08-21 06:59 - 2015-05-07 18:36 - 00003062 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-08-21 06:59 - 2014-11-18 17:10 - 00004234 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2015-08-21 06:20 - 2015-03-24 10:42 - 00003558 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-08-21 06:19 - 2015-06-27 20:16 - 00003888 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-08-20 16:45 - 2015-03-11 18:52 - 00000000 ____D C:\Temp
2015-08-19 19:18 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Registration
2015-08-19 17:41 - 2014-11-18 14:35 - 00000000 ____D C:\Users\BOB\AppData\Local\VirtualStore
2015-08-19 17:34 - 2012-07-26 02:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-19 17:32 - 2014-11-25 12:09 - 1032859186 _____ C:\WINDOWS\MEMORY.DMP
2015-08-19 17:32 - 2014-11-25 12:09 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-18 21:26 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-18 11:59 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-16 15:55 - 2014-11-18 14:35 - 00000000 ____D C:\Users\BOB\AppData\Roaming\Adobe
2015-08-16 15:44 - 2014-11-18 16:39 - 00000000 ____D C:\PHOTOS
2015-08-16 13:58 - 2014-12-18 08:25 - 00000000 ____D C:\Users\BOB\AppData\Local\Downloaded Installations
2015-08-16 10:45 - 2015-01-18 19:48 - 00788260 _____ C:\WINDOWS\system32\perfh019.dat
2015-08-16 10:45 - 2015-01-18 19:48 - 00161294 _____ C:\WINDOWS\system32\perfc019.dat
2015-08-16 10:45 - 2014-09-24 01:17 - 01805464 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-13 18:52 - 2012-07-26 02:12 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2015-08-13 08:30 - 2013-08-22 08:44 - 03090216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-13 08:22 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 08:22 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 08:21 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 08:21 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 04:53 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-11 15:03 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 15:03 - 2013-08-22 09:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 14:34 - 2015-07-19 12:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-11 14:34 - 2015-07-19 12:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-11 14:27 - 2015-07-19 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-11 14:23 - 2014-11-18 16:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-11 14:16 - 2014-11-18 16:26 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-11 14:16 - 2014-11-18 15:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-11 14:12 - 2012-07-25 23:26 - 00000167 _____ C:\WINDOWS\win.ini
2015-08-08 07:55 - 2014-09-24 04:03 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 07:55 - 2014-09-24 04:03 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 07:53 - 2015-06-25 05:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-07 07:53 - 2015-06-25 05:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-07 05:46 - 2015-07-02 06:24 - 00000000 ____D C:\Program Files (x86)\Stickies
2015-08-07 05:46 - 2014-11-18 16:24 - 00000000 ____D C:\Program Files (x86)\Macro Express3
2015-08-04 06:36 - 2014-11-18 15:51 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-08-02 05:58 - 2015-03-11 18:55 - 00002099 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2015-07-30 07:53 - 2015-01-01 14:14 - 00000000 ____D C:\Users\BOB\AppData\Roaming\gSyncit
2015-07-30 07:52 - 2014-09-24 00:53 - 00000000 ____D C:\WINDOWS\ShellNew
2015-07-29 22:46 - 2015-04-07 17:39 - 00394584 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-07-29 22:46 - 2015-04-07 17:39 - 00139896 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-07-29 20:04 - 2014-11-18 19:23 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-29 16:38 - 2014-11-18 19:29 - 00001908 _____ C:\WINDOWS\diagwrn.xml
2015-07-29 16:38 - 2014-11-18 19:29 - 00001908 _____ C:\WINDOWS\diagerr.xml
2015-07-29 16:31 - 2013-08-22 08:46 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-24 10:49 - 2014-12-01 21:35 - 00000000 ____D C:\Users\BOB\AppData\Roaming\Canon

==================== Files in the root of some directories =======

2014-11-18 15:08 - 2010-03-17 19:50 - 930942529 _____ () C:\Program Files\FLASH CS4.exe 2014-02-07 094106.exe
2015-06-23 13:50 - 2015-08-21 16:36 - 0038431 _____ () C:\Users\BOB\AppData\Roaming\Microsoft Excel 97-2003.ADR
2015-08-21 19:58 - 2015-08-23 11:11 - 0000215 _____ () C:\Users\BOB\AppData\Local\Lockdir6
2015-08-21 15:47 - 2015-08-21 15:47 - 0492751 _____ () C:\ProgramData\1440193006.bdinstall.bin

Some files in TEMP:
====================
C:\Users\BOB\AppData\Local\Temp\RoboForm-Setup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 18:05

==================== End of log ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-08-2015
Ran by BOB (2015-08-23 16:15:50)
Running from C:\Users\BOB\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1565286939-3632609379-517438401-500 - Administrator - Disabled)
BOB (S-1-5-21-1565286939-3632609379-517438401-1001 - Administrator - Enabled) => C:\Users\BOB
Guest (S-1-5-21-1565286939-3632609379-517438401-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1565286939-3632609379-517438401-1009 - Limited - Enabled)
UpdatusUser (S-1-5-21-1565286939-3632609379-517438401-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2130706814.4759644.48.2147344384 - Audible, Inc.)
Belarc Advisor 8.5 (HKLM-x32\...\Belarc Advisor) (Version: 8.5.0.0 - Belarc Inc.)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 19.2.0.151 - Bitdefender)
BookSmart® 3.4.5 3.4.5 (HKLM-x32\...\BookSmart® 3.4.5 3.4.5) (Version: - Blurb, Inc)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
cCloud (HKLM\...\{CF6C1B06-4F86-4C41-BD21-9E40500006B5}) (Version: 3.0.8.84 - COMODO)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.4.1.23 - COMODO)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
DriverIdentifier 4.2.8 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier)
Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Foxit PhantomPDF Standard (HKLM-x32\...\{0A33872C-25C0-4E0A-80DB-53067BB717DD}) (Version: 7.1.3.320 - Foxit Software Inc.)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: - Marek Jasinski)
FreeFileSync 7.3 (HKLM-x32\...\FreeFileSync) (Version: 7.3 - www.FreeFileSync.org)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version: - )
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.54.2 - HTC)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Options (HKLM\...\LogiOptions) (Version: - Logitech)
Macro Express 3 (HKLM-x32\...\Macro Express 3) (Version: 3.10 - Insight Software Solutions, Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MyPublisher (HKLM-x32\...\MyPublisher) (Version: - MyPublisher, Inc.)
NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Quicken 2007 (HKLM-x32\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.5.7 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Rapport (x32 Version: 3.5.1507.61 - Trusteer) Hidden
RoboForm 7-9-14-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-14-4 - Siber Systems)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.7 - startisback.com)
Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
SuperGeek Free Document OCR 4.1.7 (HKLM-x32\...\SuperGeek Free Document OCR_is1) (Version: - SuperGeek, Inc.)
System Requirements Lab (HKLM-x32\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{3DEF6E6D-B9AE-49DB-B81F-4043D84336AA}) (Version: 6.1.4.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TEW-805UB AC1200 Dual Band Wireless USB Adapter (HKLM-x32\...\{C5D706E3-BF18-4106-B02E-F55A7F22DDEE}) (Version: 1.01.0014 - TRENDnet)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.61 - Trusteer)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vivaldi (HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\Vivaldi) (Version: 1.0.118.19 - Vivaldi)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.240 - Broadcom Corporation)
WIDCOMM BTW Development Kit (HKLM-x32\...\{0B75A75A-3D2C-479B-ACA0-A17A0B4B7628}) (Version: 6.1.0.1506 - Broadcom Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windowz Explorer (HKLM-x32\...\Windowz Explorer) (Version: 1.2 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2014-12-13 20:14 - 00000857 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A153B1-BDB8-4533-BA9A-C35B3BBC3F50} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {082BA227-CCFA-4523-B26C-63CD7F48E865} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {087F3B7D-26C8-4D8F-8269-E757AE09DEE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {22A65414-CC12-4553-84B3-DE8374F6AB16} - System32\Tasks\{23002133-56BC-4D93-AB0A-266D05144B32} => pcalua.exe -a "C:\Program Files\TRENDnet\TEW-805UB_DriverUtility_(WinXP-8.1)\Autorun.exe" -d "C:\Program Files\TRENDnet\TEW-805UB_DriverUtility_(WinXP-8.1)"
Task: {3F6ACD45-1F47-43BC-BBDE-DB9CE4A88315} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLJLJHMKMGMKJLMPMCNMJKMJMJMCNLMKJKJMJCNHMOJLJKJCNJJOMKJMMKMMJMMJJNMLJOJNJJNJICMIMCNGMCNOMLMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMOMJMMMHMJNHICMPINIAJMIPIJNBJCMNLAJNJPNIKKJGJIJHJLIJNKJCMNJAJNJIIKJGJIJHJLIPLCJOJNIKJBJMJAJCJPIOJBJGIBNMJAJCJJNNICMJNDJCMKJBJJNMJCMLMFMKMKMGMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {4D92B7F4-B8C4-45D6-8579-73A1AFB3692F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {5D0F23AF-08F9-4D24-86DC-AD7D2F5BEEA5} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {66F824CA-F56D-4318-8BEB-81901E9B60E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {74C898A6-F987-4D1B-9135-3EECF7E42E03} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8A92BB3E-5F33-4734-B8DF-5461292B6873} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8F5C3829-3175-4BB2-BA56-40BF2A6105F7} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {C4449DD9-5BC1-44F1-B5A3-56B71D361A08} - System32\Tasks\Backup 01 and DOCS => C:\Program Files\FreeFileSync\FreeFileSync.exe [2015-08-01] (www.FreeFileSync.org)
Task: {E2D0B480-4816-4855-89A2-75BFE940A904} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-11] (Microsoft Corporation)
Task: {EEC9DE66-9352-46AF-ACC8-7C6B8C865B88} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {EF99648F-D007-4F97-9A93-8706A92220E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-21 15:42 - 2015-04-22 16:55 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-08-21 15:41 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-08-21 15:42 - 2015-08-13 18:36 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-08-21 15:42 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-08-21 15:50 - 2015-08-21 15:50 - 00875864 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00650_002\ashttpbr.mdl
2015-08-21 15:50 - 2015-08-21 15:50 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00650_002\ashttpdsp.mdl
2015-08-21 15:50 - 2015-08-21 15:50 - 02801464 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00650_002\ashttpph.mdl
2015-08-21 15:50 - 2015-08-21 15:50 - 01412512 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00650_002\ashttprbl.mdl
2014-11-18 19:26 - 2015-02-05 13:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-08 10:21 - 2015-01-08 10:21 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-08-22 21:38 - 2012-12-14 15:54 - 00036864 _____ () C:\Windows\runSW.exe
2015-08-22 21:38 - 2008-06-26 19:09 - 00167936 _____ () C:\Program Files\TRENDnet\TEW-805UB\WlanWpsSvc.exe
2015-07-14 15:37 - 2015-07-14 15:37 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2015-08-21 15:41 - 2015-06-25 11:06 - 00472080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdidntconp.dll
2015-08-21 15:42 - 2015-08-13 18:36 - 00188928 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\ui\bdidntconp.ui
2010-07-14 22:44 - 2010-07-14 22:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-12-18 15:06 - 2014-12-18 15:06 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00607016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-12-18 15:11 - 2014-12-18 15:11 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-12-18 15:14 - 2014-12-18 15:14 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-07-21 17:02 - 2015-07-21 17:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\BOB\OneDrive:ms-properties
AlternateDataStreams: C:\Users\BOB\Desktop\FRST64.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1565286939-3632609379-517438401-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\BOB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteAccess => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: RunSwUSB => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SynchronizationService.exe => 2
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: WlanWpsSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Macro Express 3.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\Run: => "LogiOptionsAppBroker"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS4ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe_ID0ENQBO"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\StartupApproved\Run: => "COS"
HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\StartupApproved\Run: => "WizMouse"
HKU\S-1-5-21-1565286939-3632609379-517438401-1001\...\StartupApproved\Run: => "SmileboxTray"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{D7FED5E5-E8E8-49A0-AB4D-B822B7D55EA5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{38A7A29A-246C-4B80-813E-0A8E88FB7B44}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{885D4C8A-7C1C-4AB2-93E8-30B898FB2E51}] => (Allow) LPort=5353
FirewallRules: [{275A2C46-CC47-4867-A0C2-E5DFCC98791F}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{95FC5D08-CEFD-4796-A07F-EC8A89DC9302}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{F66B62AF-18CD-46E6-AE49-A4802EAC330C}] => (Allow) LPort=3703
FirewallRules: [{EBBC806C-A444-4A58-BC43-427098D144E8}] => (Allow) LPort=3704
FirewallRules: [{439C95B3-BB07-4DB4-9F1D-E10939EEF4F0}] => (Allow) LPort=51000
FirewallRules: [{4C3CE077-710E-4100-91EF-3CED826D3A0E}] => (Allow) LPort=51001
FirewallRules: [{E6D21AEB-6844-463D-AC44-75757BEB2449}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{C4DA8470-BBC2-4480-8AAD-21945EFFBC3E}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{84C8973D-9FB1-4BD0-A74A-735282C7D72B}] => (Allow) C:\Program Files\COMODO\cCloud\cCloud.exe
FirewallRules: [{EDEE418C-F885-4D75-A793-294A09FEEA56}] => (Allow) C:\Program Files\COMODO\cCloud\cCloud.exe
FirewallRules: [{1A29DE5B-B6DC-4B8A-84E7-D9A7145C1216}] => (Allow) C:\Users\BOB\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [{CC84ADE2-FC0E-4CB6-B0CB-BF536E376417}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{BD948916-A5F6-46A6-BC73-5C57829661B2}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{14B795CB-2AAF-4B46-8311-C0893DCBD961}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{E0BC6467-A755-4218-B879-3CE1A11C57E9}] => (Allow) C:\Users\BOB\AppData\Local\Temp\nsjC095.tmp\CnetInstaller-10493998.exe
FirewallRules: [{5C48E28D-46FD-49CE-90E9-0F8B980A4A63}] => (Allow) C:\Users\BOB\AppData\Local\Temp\nsjC095.tmp\CnetInstaller-10493998.exe
FirewallRules: [{55FC16C3-DED7-4F86-BA94-9F3181DF2CDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3BA93ABF-3E72-4EDA-9431-F9E8C4F37D56}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20913313-3601-41CF-B7B4-6CABB6FF7BD2}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{77DCC445-4699-412F-882C-6A0C3D0A6DE5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2015 01:08:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\msiexec.exe /V; Description = Removed AxCrypt 1.7.3156.0; Error = 0x80042302).

Error: (08/23/2015 01:08:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (08/23/2015 01:08:22 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (08/23/2015 01:07:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\msiexec.exe /V; Description = Removed AxCrypt 1.7.3156.0; Error = 0x80042302).

Error: (08/23/2015 01:07:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (08/23/2015 01:07:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (08/23/2015 01:02:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\msiexec.exe /V; Description = Installed AxCrypt 1.7.3156.0; Error = 0x80042302).

Error: (08/23/2015 01:02:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
Instantiating VSS server

Error: (08/23/2015 01:02:17 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Instantiating VSS server

Error: (08/23/2015 01:02:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\msiexec.exe /V; Description = Installed AxCrypt 1.7.3156.0; Error = 0x80042302).


System errors:
=============
Error: (08/23/2015 03:50:29 PM) (Source: DCOM) (EventID: 10010) (User: BOB-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/23/2015 02:40:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/23/2015 02:40:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (08/23/2015 02:40:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/23/2015 02:40:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (08/23/2015 02:40:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/23/2015 02:40:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (08/23/2015 02:40:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/23/2015 02:40:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (08/23/2015 02:40:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office:
=========================
Error: (08/23/2015 01:08:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\system32\msiexec.exe /VRemoved AxCrypt 1.7.3156.00x80042302

Error: (08/23/2015 01:08:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (08/23/2015 01:08:22 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (08/23/2015 01:07:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\system32\msiexec.exe /VRemoved AxCrypt 1.7.3156.00x80042302

Error: (08/23/2015 01:07:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (08/23/2015 01:07:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (08/23/2015 01:02:17 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\system32\msiexec.exe /VInstalled AxCrypt 1.7.3156.00x80042302

Error: (08/23/2015 01:02:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (08/23/2015 01:02:17 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
Instantiating VSS server

Error: (08/23/2015 01:02:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\system32\msiexec.exe /VInstalled AxCrypt 1.7.3156.00x80042302


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 49%
Total physical RAM: 8158.05 MB
Available physical RAM: 4105.09 MB
Total Virtual: 16350.05 MB
Available Virtual: 12614.74 MB

==================== Drives ================================

Drive c: (MAIN DRIVE) (Fixed) (Total:931.17 GB) (Free:710.43 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:31.99 GB) (Free:31.71 GB) FAT32 ==>[system with boot components (obtained from reading drive)]
Drive f: (3TB-PORTABLE) (Fixed) (Total:2794.39 GB) (Free:1714.07 GB) NTFS
Drive h: () (Removable) (Total:7.46 GB) (Free:7.39 GB) FAT32
Drive t: (TRAVEL BACKUP) (Fixed) (Total:899.51 GB) (Free:828.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B8DF91DA)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C3D083B6)
Partition 1: (Active) - (Size=32 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=899.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of log ============================
bweight
Active Member
 
Posts: 5
Joined: August 23rd, 2015, 6:50 pm
Advertisement
Register to Remove

Re: services and controller app and runSW eating CPU

Unread postby Firefly » August 23rd, 2015, 10:37 pm

bweight -

My name is Firefly, and I will be happy to help you with your computer. Please do the following:


MGA Diagnostic Tool

Download MGA Diagnostic Tool to your Desktop. If you cannot access the internet, please download it on another computer, and copy to the desktop of the infected computer. It cannot be run from the USB!

  • Double click MGADiag.exe to launch the program.
  • Click Continue and let the scan run.
  • When finished it will have created a log.
  • Click Copy.
  • Next open Notepad.
    • Click Start > Run type Notepad click OK.
    • This will open an empty Notepad file.
    • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    • Save the file to your Desktop.
    • Close MGA Diagnostic Tool.
  • Copy/Paste the log in your next reply please.


CKScanner

Please download CKScanner ... Save it to your desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  1. Double-click on the CKScanner.exe icon... then click the Search For Files button.
  2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  4. Please copy/paste the contents of ckfiles.txt in your next reply.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: services and controller app and runSW eating CPU

Unread postby bweight » August 23rd, 2015, 10:53 pm

Thanks Firefly - I will do this early tomorrow since I am an old man and I get up early.

I appreciate your help
bweight
Active Member
 
Posts: 5
Joined: August 23rd, 2015, 6:50 pm

Re: services and controller app and runSW eating CPU

Unread postby bweight » August 23rd, 2015, 11:05 pm

I decided to run the scan tonight and got a "failed to create output files, hr=ox80070002. Please contact support. The scan results starts with validation unsupported OS but I know this is a good legal install of win8.1 I ran the CKScanner program and got a Not Responding in the title bar. I will look for your next instructions in the morning.

Thanks again for helping
bweight
Active Member
 
Posts: 5
Joined: August 23rd, 2015, 6:50 pm

Re: services and controller app and runSW eating CPU

Unread postby bweight » August 23rd, 2015, 11:08 pm

ckscanner finally did its thing and here are the results of ckfiles.txt:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\documents\jokes\crackpots.doc
c:\documents\o-l-data\favorites\netstuff\blackberry forums at crackberry.com.url
c:\documents\o-l-data\favorites\netstuff\blackberry forums at crackberry.com.url 2013-10-31 101943.url 2014-02-07 094106.url
c:\documents\o-l-data\favorites\netstuff\blackberry forums at crackberry.com.url 2013-12-02 193407.url 2014-02-07 094106.url
c:\documents\o-l-data\my roboform data\crackberry.rfp
c:\program files\adobe cs4\adobe flash cs4 professional keygen.exe
c:\program files\adobe cs4\adobe cs4 master collection\adobe cs4 keygen & activation\readme.txt
c:\program files\adobe cs4\adobe cs4 master collection\adobe cs4 keygen & activation\adobe cs4 keygen & activation\adobe cs4 keygen & activation\amtlib.dll
c:\program files\adobe cs4\adobe cs4 master collection\adobe cs4 keygen & activation\adobe cs4 keygen & activation\adobe cs4 keygen & activation\disable_activation.cmd
c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files (x86)\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler6.dll
c:\users\bob\appdata\locallow\siber systems\roboform\userdata\crackberry.rfp
c:\users\bob\documents\my roboform data\default profile\crackberry.rfp
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.FI.11.UKNAJZ
----- EOF -----
bweight
Active Member
 
Posts: 5
Joined: August 23rd, 2015, 6:50 pm

Re: services and controller app and runSW eating CPU

Unread postby bweight » August 24th, 2015, 10:51 am

Firefly - Should I just upgrade to win10 reformatting my hard drive C:\ in the process and starting all over?
bweight
Active Member
 
Posts: 5
Joined: August 23rd, 2015, 6:50 pm

Re: services and controller app and runSW eating CPU

Unread postby Gary R » August 25th, 2015, 11:45 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware