Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Something is not right

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Something is not right

Unread postby starter005 » February 8th, 2016, 4:26 pm

I'm having issues with my PC. I have a Dell i5-3330CPU@3GHz with 8GB RAM x64 running Win 10. It just doesn't seem to be working right. Today I went on and my taskbar at the bottom of the screen had no icons and I had to reboot a couple of times before they showed up. I've also been having a lot of trouble with yahoo crashing in Microsoft Edge as well as Yahoo mail freezing. I ran all my anti viral and Malware programs but nothing shows. When I ran HiJack I got this message: For some reason your system denied access to the Hosts file. If any Hijacked domains are in this file, HiJack may not be able to fix this. If that happens, you need to edit the file yourself. To do this, Click START, RUN, and type: notepad C:\Windows\System32\drivers\etc\hosts and press ENTER. Find the line(s) HiJack This Reports and delete them. Save the file as 'HOSTS' (with quotes) and reboot. I didn't do it because I wasn't sure this was legit.

Thanks for your help
Ralph

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by start_000 (administrator) on RALPH (08-02-2016 15:22:29)
Running from C:\Users\start_000\Downloads
Loaded Profiles: start_000 (Available Profiles: start_000 & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Brother Industries Ltd.) C:\Brother\BPRSP\resources\BrSupSsp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-06] (AVAST Software)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-08-12] (CyberLink Corp.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
HKLM-x32\...\Run: [BrHelp] => c:\program files (x86)\brother\brother help\brotherhelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-22] (SUPERAntiSpyware)
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\RunOnce: [Uninstall C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-04] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother BPRSP.lnk [2015-08-28]
ShortcutTarget: Brother BPRSP.lnk -> C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_6861D01CB00C428FAA7298BB572A9511.exe (Flexera Software LLC)
Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8def33c9-d402-4c1f-b94b-3b2aca53daa6}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{aa55db39-edac-4607-a04d-bf2130a2cd71}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> {729582B7-CDB9-4D1F-A6EA-3CE1F3F03E02} URL =
SearchScopes: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> {96CAAC3F-DDAC-429C-8D64-745C19A15013} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_72\bin\ssv.dll [2016-01-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-04] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-01-22] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO-x32: Protect My Choices (Beta) -> {3DFCDCA1-AEAC-4302-A690-BFB683568BAA} -> C:\Program Files (x86)\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll [2015-09-16] (Digital Advertising Alliance)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-04] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/sh ... tor/sw.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.co ... 5.22.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> hxxp://www.yahoo.com/

FireFox:
========
FF ProfilePath: C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default
FF NewTab: about:home
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-01-22] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-21] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4239315751-2608994865-2960470113-1008: @citrixonline.com/appdetectorplugin -> C:\Users\start_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-07] (Citrix Online)
FF SearchPlugin: C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\searchplugins\bing-lavasoft.xml [2016-01-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-04]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-04] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-25] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
S4 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [286440 2016-02-04] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4341424 2016-01-06] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-22] (REALiX(tm))
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2015-12-04] (Intel Corporation)
S0 ngvss; no ImagePath
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2015-03-25] (EldoS Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-12-20] (Realtek )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [407768 2015-12-04] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-08-11] (CyberLink Corp.)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-08 15:22 - 2016-02-08 15:22 - 00021762 _____ C:\Users\start_000\Downloads\FRST.txt
2016-02-08 15:21 - 2016-02-08 15:22 - 00000000 ____D C:\FRST
2016-02-08 15:20 - 2016-02-08 15:21 - 02370560 _____ (Farbar) C:\Users\start_000\Downloads\FRST64.exe
2016-02-08 10:53 - 2016-02-08 10:53 - 00631383 _____ C:\Users\start_000\Downloads\Statement_Jan 2016.pdf
2016-02-08 10:13 - 2016-02-08 10:13 - 00388608 _____ (Trend Micro Inc.) C:\Users\start_000\Downloads\HijackThis.exe
2016-02-06 14:20 - 2016-02-06 14:20 - 00001886 _____ C:\Users\start_000\Desktop\Intel(R) HD Graphics 2500 Saturday, February 6, 2016 .txt
2016-02-05 17:19 - 2016-02-05 17:20 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (7).zip
2016-02-05 17:16 - 2016-02-05 17:17 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (6).zip
2016-02-05 17:16 - 2016-02-05 17:16 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (5).zip
2016-02-05 17:15 - 2016-02-05 17:16 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (4).zip
2016-02-05 17:14 - 2016-02-05 17:15 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (3).zip
2016-02-05 17:13 - 2016-02-05 17:14 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (2).zip
2016-02-05 17:13 - 2016-02-05 17:13 - 01131054 _____ C:\Users\start_000\Downloads\Attachments_201625 (1).zip
2016-02-05 17:11 - 2016-02-05 17:12 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625.zip
2016-02-04 09:18 - 2016-02-04 09:18 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-04 09:18 - 2016-02-04 09:18 - 00003156 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1454594977
2016-02-04 09:18 - 2016-02-04 09:18 - 00001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-02-04 09:18 - 2016-02-04 09:18 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-04 09:18 - 2016-02-04 09:05 - 01065720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-02-04 09:18 - 2016-02-04 09:05 - 00286440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-02-04 09:10 - 2016-02-06 16:31 - 00000258 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_start_000.job
2016-02-04 09:10 - 2016-02-04 09:10 - 00003306 _____ C:\WINDOWS\System32\Tasks\ASC9_PerformanceMonitor
2016-02-04 09:10 - 2016-02-04 09:10 - 00002446 _____ C:\WINDOWS\System32\Tasks\ASC9_SkipUac_start_000
2016-02-04 09:05 - 2016-02-04 09:05 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-02-02 09:04 - 2016-02-02 09:04 - 00002500 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_start_000
2016-02-02 09:04 - 2016-02-02 09:04 - 00000298 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_start_000.job
2016-02-02 09:03 - 2016-02-02 09:03 - 00003622 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-02-02 09:03 - 2016-02-02 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-01-29 09:11 - 2016-01-29 09:11 - 00003428 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-01-29 09:11 - 2016-01-29 09:11 - 00003084 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (start_000)
2016-01-29 09:10 - 2016-01-29 09:11 - 14423632 _____ (IObit ) C:\Users\start_000\Downloads\driver_booster_setup (1).exe
2016-01-29 09:09 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-29 09:09 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-29 09:09 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-29 09:09 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-29 09:09 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-29 09:09 - 2016-01-16 01:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-29 09:09 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-29 09:09 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-29 09:09 - 2016-01-16 01:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-29 09:09 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-29 09:09 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-29 09:09 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-29 09:09 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-29 09:09 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-29 09:09 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-29 09:09 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-29 09:09 - 2016-01-16 01:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-29 09:09 - 2016-01-16 01:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-29 09:09 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-29 09:09 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-29 09:09 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-29 09:09 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-29 09:09 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-29 09:09 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-29 09:09 - 2016-01-16 00:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-29 09:09 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-29 09:09 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-29 09:09 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-29 09:09 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-29 09:09 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-29 09:09 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-29 09:09 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-29 09:09 - 2016-01-16 00:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-29 09:09 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-29 09:09 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-29 09:09 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-29 09:09 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-29 09:09 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-29 09:09 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-29 09:09 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-29 09:09 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-29 09:09 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-29 09:09 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-29 09:09 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-29 09:09 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-29 09:09 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-29 09:09 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-29 09:09 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-29 09:09 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-29 09:09 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-29 09:09 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-29 09:09 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-29 09:09 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-29 09:09 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-29 09:09 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-29 09:09 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-29 09:09 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-29 09:09 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-29 09:09 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-29 09:09 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-29 09:09 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-29 09:09 - 2016-01-16 00:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-29 09:09 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-29 09:09 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-29 09:09 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-29 09:09 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-29 09:09 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-29 09:09 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-29 09:09 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-29 09:09 - 2016-01-16 00:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-29 09:09 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-29 09:09 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-29 09:09 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-29 09:09 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-29 09:09 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-29 09:09 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-29 09:09 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-29 09:09 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-29 09:09 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-29 09:09 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-29 09:09 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-29 09:09 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-29 09:09 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-29 09:09 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-29 09:09 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-29 09:09 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-29 09:09 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-29 09:09 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-29 09:09 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-29 09:09 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-29 09:09 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-29 09:09 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-29 09:09 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-29 09:09 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-29 09:09 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-29 09:09 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-29 09:09 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-29 09:09 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-29 09:09 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-29 09:09 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-29 09:09 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-29 09:09 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-29 09:09 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-29 09:09 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-29 09:09 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-29 09:09 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-29 09:09 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-29 09:09 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-29 09:09 - 2016-01-16 00:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-29 09:09 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-29 09:09 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-29 09:09 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-29 09:09 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-29 09:09 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-29 09:09 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-29 09:09 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-29 09:09 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-29 09:09 - 2016-01-16 00:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-26 09:15 - 2016-01-26 09:15 - 06828320 _____ (Piriform Ltd) C:\Users\start_000\Downloads\ccsetup514.exe
2016-01-22 17:00 - 2016-01-22 17:00 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-01-21 15:28 - 2016-01-21 15:28 - 02006715 _____ C:\Users\start_000\Downloads\DivineEats_Chicken.pdf
2016-01-21 15:28 - 2016-01-21 15:28 - 02006715 _____ C:\Users\start_000\Downloads\DivineEats_Chicken (2).pdf
2016-01-21 15:28 - 2016-01-21 15:28 - 02006715 _____ C:\Users\start_000\Downloads\DivineEats_Chicken (1).pdf
2016-01-21 07:33 - 2016-01-21 07:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-01-21 07:32 - 2016-01-21 07:32 - 41171496 _____ (IObit ) C:\Users\start_000\Downloads\advanced-systemcare-setup.exe
2016-01-21 07:27 - 2016-01-21 07:28 - 00003626 _____ C:\WINDOWS\System32\Tasks\SmartDefrag4_Defrag
2016-01-19 09:18 - 2016-02-05 17:16 - 00000000 ____D C:\Users\start_000\Desktop\Upstate NY Pics
2016-01-12 16:38 - 2016-01-12 16:38 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-12 16:37 - 2016-01-12 16:37 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-12 16:20 - 2016-01-12 16:20 - 05074496 _____ (Intel) C:\Users\start_000\Downloads\Intel Driver Update Utility Installer (1).exe
2016-01-12 15:36 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 15:36 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 15:36 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 15:36 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 15:36 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 15:36 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 15:36 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 15:36 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 15:36 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 15:36 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 15:36 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 15:36 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 15:36 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 15:36 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 15:36 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 15:36 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 15:36 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 15:36 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 15:36 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 15:36 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 15:36 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 15:36 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 15:36 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 15:36 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 15:36 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 15:36 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 15:36 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 15:36 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 15:36 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 15:36 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 15:36 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 15:36 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 15:36 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 15:36 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 15:36 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 15:36 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 15:36 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 15:36 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 15:36 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 15:36 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 15:36 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 15:36 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 15:36 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 15:36 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 15:36 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 15:36 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 15:36 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 15:36 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 15:36 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 15:36 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 15:36 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 15:36 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 15:36 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 15:36 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 15:36 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 15:36 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 15:36 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 15:36 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 15:36 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 15:36 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 15:36 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 15:36 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 15:36 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 15:36 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 15:36 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 15:36 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 15:36 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 15:36 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 15:36 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 15:36 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 15:36 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 15:36 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 15:36 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-08 15:07 - 2014-08-08 14:54 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B596711-D62E-4C9A-A60C-AE56F81F2B11}
2016-02-08 11:24 - 2014-12-22 11:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-08 10:14 - 2014-07-22 13:58 - 00000000 ____D C:\Users\start_000\AppData\Local\VirtualStore
2016-02-08 08:04 - 2015-03-22 09:07 - 00000000 ____D C:\ProgramData\ProductData
2016-02-07 17:30 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-07 17:24 - 2015-11-23 16:11 - 00917148 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-07 17:19 - 2014-07-22 13:58 - 00000000 __SHD C:\Users\start_000\IntelGraphicsProfiles
2016-02-07 17:18 - 2015-11-23 15:58 - 00000000 ____D C:\Users\start_000
2016-02-07 17:17 - 2015-11-23 16:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-07 14:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-07 11:15 - 2014-07-23 03:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-07 10:36 - 2014-07-22 18:27 - 00000000 ___RD C:\Users\start_000\OneDrive
2016-02-06 14:11 - 2014-12-27 09:07 - 00000000 ____D C:\Users\start_000\Downloads\Intel Components
2016-02-06 14:07 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-06 14:04 - 2015-11-23 15:58 - 00000000 ____D C:\Users\DefaultAppPool
2016-02-05 17:19 - 2014-07-22 13:58 - 00000000 ____D C:\Users\start_000\AppData\Local\Packages
2016-02-05 10:22 - 2014-03-11 15:44 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI
2016-02-05 08:52 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-02-05 08:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\registration
2016-02-05 08:24 - 2014-12-17 15:24 - 00000000 ____D C:\Users\start_000\AppData\Local\ElevatedDiagnostics
2016-02-04 09:21 - 2015-11-23 08:13 - 00000000 ___RD C:\Users\start_000\Desktop\Performance
2016-02-04 09:05 - 2015-01-11 09:42 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-04 09:02 - 2015-06-12 18:10 - 00000000 ____D C:\Users\start_000\Documents\My Filehippo Downloads
2016-02-02 09:04 - 2014-03-11 16:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 09:03 - 2015-11-07 16:00 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-01-31 10:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-30 10:14 - 2013-12-05 12:58 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-30 10:13 - 2015-11-09 15:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-30 10:13 - 2014-12-22 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-30 10:04 - 2014-11-26 13:50 - 00000178 _____ C:\Users\start_000\Desktop\Yahoo.url
2016-01-29 10:39 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-29 09:11 - 2015-10-22 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-01-29 09:03 - 2014-12-22 10:55 - 00001240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-29 09:03 - 2014-12-22 10:55 - 00001228 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-29 09:02 - 2015-11-03 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-26 09:16 - 2015-12-21 09:23 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-22 17:00 - 2015-08-21 14:17 - 00000000 ____D C:\Users\start_000\.oracle_jre_usage
2016-01-22 17:00 - 2014-03-11 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-22 16:59 - 2014-07-23 03:17 - 00000000 ____D C:\Program Files\Java
2016-01-22 13:02 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 13:01 - 2014-03-12 15:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-21 07:33 - 2015-12-04 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-01-21 07:33 - 2015-10-22 14:41 - 00000000 ____D C:\Program Files (x86)\IObit
2016-01-21 07:33 - 2015-03-22 09:07 - 00000000 ____D C:\Users\start_000\AppData\Roaming\IObit
2016-01-19 08:03 - 2015-11-23 15:58 - 00000000 ____D C:\Users\Ralph
2016-01-19 08:03 - 2015-11-23 15:58 - 00000000 ____D C:\Users\Administrator
2016-01-14 16:38 - 2014-03-11 17:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-14 16:35 - 2014-03-11 17:31 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-12 16:21 - 2015-11-05 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-01-12 16:20 - 2015-11-05 15:36 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility

==================== Files in the root of some directories =======

2014-07-22 16:09 - 2014-07-22 16:09 - 0000017 _____ () C:\Users\start_000\AppData\Local\resmon.resmoncfg
2013-10-09 14:46 - 2013-10-09 14:46 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-09 14:43 - 2013-10-09 14:43 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-09 14:43 - 2013-10-09 14:44 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-10-09 14:42 - 2013-10-09 14:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-09 14:45 - 2013-10-09 14:46 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-05 09:07

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by start_000 (2016-02-08 15:23:09)
Running from C:\Users\start_000\Downloads
Windows 10 Home (X64) (2015-11-23 21:20:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4239315751-2608994865-2960470113-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4239315751-2608994865-2960470113-503 - Limited - Disabled)
Guest (S-1-5-21-4239315751-2608994865-2960470113-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4239315751-2608994865-2960470113-1007 - Limited - Enabled)
start_000 (S-1-5-21-4239315751-2608994865-2960470113-1008 - Administrator - Enabled) => C:\Users\start_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.1.0 - IObit)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Brother Product Research and Support Program (HKLM-x32\...\{8040527F-DD74-4B45-8A06-C4BF145B6C76}) (Version: 2.1.1.0002 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.50.0 - Conexant)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4412.58 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Digital Advertising Alliance Protect My Choices (Beta) (HKLM-x32\...\{B0E895EC-AF4D-48EB-A03B-18DA8ACF5F9A}) (Version: 1.6.0.0 - Digital Advertising Alliance)
Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit)
DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Intel Driver Update Utility (HKLM-x32\...\{a699b395-cd93-4135-85ec-828113841355}) (Version: 2.2.0.6 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Driver Update Utility 2.2.0.6 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.126 - IObit)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Java 8 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6261.27 - PC-Doctor, Inc.)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Scansoft PDF Professional (x32 Version: - ) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 3.0.9.0 - HTC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AE30774-2E87-4745-8D50-C923A8791957} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {16777BE2-E394-4E04-85C6-751F5A790E48} - \ProfessionalCleaningSoftware_Popup -> No File <==== ATTENTION
Task: {2366C53B-764F-4A67-96E0-374D1BAA0F0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2895AD02-C3A3-4CDF-B3AD-61B36D6B6E66} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {3C460CBE-1321-4B77-976A-BCDFE0A4D011} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-01-15] (IObit)
Task: {3F66089B-EF64-45AF-AA9D-1D7161B4782A} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {416C35DB-11E1-416B-BB02-D43ACA7B80AF} - System32\Tasks\SafeZone scheduled Autoupdate 1454594977 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {43706976-862E-470D-A13D-F89954D98F51} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {468AF792-E386-481A-8CEF-A2B8F84ABC49} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {472A5C5A-078A-4E1D-809D-5416712A162B} - System32\Tasks\Uninstaller_SkipUac_start_000 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-01-12] (IObit)
Task: {47F550B7-EDF7-4828-9C2A-907D8E694CCD} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
Task: {4EFC3408-8DC0-48FE-9322-B9210341B79F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {504BD9DC-D44A-4B7C-9A29-2D62386F14AC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {506E8EA5-3088-46D8-A599-475966FE7BC4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-04] (AVAST Software)
Task: {51B2365D-1F26-43B0-9AFB-38DC6F9000E5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {568D2607-2E95-4D32-82E0-0BC464E51599} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {5C1E17B6-33A6-4B92-85A1-08BF5196D5F1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5D277F32-B4A8-4C34-AD42-B65329D0630C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {69144A40-0124-430B-B3F8-B22DCE590922} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {6C71B6A5-9904-484E-93D6-0B8537CCA0D0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {71C9B2DE-7999-4745-B97B-A5399F3AB7F8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {73D0AE3A-2612-466D-8829-B4319C9F9230} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-14] (Microsoft Corporation)
Task: {7964398A-221B-4809-AC53-40ED00D8ED85} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {7F7B6BB1-A4ED-4587-95BF-1343A39A74B7} - \ProfessionalCleaningSoftware_Start -> No File <==== ATTENTION
Task: {8080D58F-F969-48BD-9B6E-EA6DFA8CFD76} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8B11685A-5AB6-499F-846B-49950141DD1D} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {8C28909C-9E73-4A32-961F-57FA1083BCC0} - System32\Tasks\SmartDefrag4_Defrag => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {8C726201-EFB2-45A5-8213-3ED0C8E42C15} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8E9C390E-B679-44BC-975F-8E9954E01EFC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {96C39582-E10C-4B38-BA54-2CE39A50A06B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {9DAC99AF-40EB-4E23-B19B-F5E8D748B054} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A2791BBA-30B1-4CF1-8DA8-3B7E91892AC0} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {AC058D1D-1242-4C4B-A303-A5875B9DA709} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-01-13] (IObit)
Task: {AC7A934C-97E9-4D72-BCE7-C9235A09283D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {B357D940-DADB-41F4-AAB1-2F0833166F51} - System32\Tasks\PocketCloud => C:\Program
Task: {BCC5E87D-2245-47E2-B38C-1DBCC5C8AE05} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {CBECAE10-CCB7-4E4B-8994-FF26BDE300C2} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe
Task: {CEE6A43F-6131-4E7E-AF16-356FCE6F3105} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {CFC78AED-C551-4E41-975A-6071343F4BE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D980C5EA-9D4A-498A-AA76-F972309D9970} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {E5922A1D-0931-4A72-B93E-9FB13D09BA68} - System32\Tasks\ASC9_SkipUac_start_000 => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-01-18] (IObit)
Task: {EE05D4C9-6234-4612-8442-C9CE60CD2F75} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FCE193D0-57BE-4CD6-8ABB-9E513576A30D} - System32\Tasks\Driver Booster SkipUAC (start_000) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-01-18] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC9_SkipUac_start_000.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_start_000.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-22 12:58 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-03-11 15:41 - 2005-04-21 23:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-12-03 14:11 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 14:11 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-28 16:26 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-12 15:36 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-29 09:09 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-22 12:53 - 2016-01-22 12:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 07:58 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 07:58 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 15:36 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 15:36 - 2016-01-04 20:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-29 09:09 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 01813504 _____ () C:\Windows\System32\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll
2016-02-05 08:28 - 2016-02-05 08:28 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-02-05 08:28 - 2016-02-05 08:28 - 14869504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-24 08:11 - 2015-11-24 08:11 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-02-04 09:05 - 2016-02-04 09:05 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-04 09:05 - 2016-02-04 09:05 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-07 12:58 - 2016-02-07 12:58 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020701\algo.dll
2016-02-04 09:05 - 2016-02-04 09:05 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-04 09:05 - 2016-02-04 09:05 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-02-08 15:19 - 2016-02-08 15:19 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020803\algo.dll
2015-11-24 07:44 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2015-11-08 09:13 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-01-22 12:53 - 2016-01-22 12:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 12:53 - 2016-01-22 12:53 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-21 07:33 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-01-21 07:33 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-01-21 07:33 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2015-12-30 08:19 - 2015-10-27 14:05 - 00618784 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\ProductStatistics.dll
2015-12-30 08:19 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
2015-12-04 08:54 - 2015-12-04 08:54 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-21 07:33 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-01-21 07:33 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-01-21 07:33 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-11-24 07:44 - 2015-03-27 15:39 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2015-11-24 07:44 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2015-11-24 07:45 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2015-06-16 14:22 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 10:41 - 2013-03-05 10:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-23 11:32 - 2013-09-04 05:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\100sexlinks.com -> 100sexlinks.com

There are 4790 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\start_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: WysePocketCloud => 2
MSCONFIG\Services: WyseRemoteAccess => 2
MSCONFIG\startupreg: BrHelp =>
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "F-Secure Hoster (53784)"
HKLM\...\StartupApproved\Run32: => "F-Secure Manager"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\StartupFolder: => "Content Anywhere.lnk"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "Itibiti.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{31D76E43-1623-49C1-A52F-16193788A73C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6024DDEF-A88F-4210-9CCC-C7AA6B7244EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A367021-57DA-41DB-BB45-B5E248D7274E}] => (Allow) LPort=54925
FirewallRules: [{B22FE7CE-E6BC-4179-9050-61414BF6E6C7}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{66CD6CE6-02A2-4C0A-AFBF-04E41D97588A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FF80914C-0A38-4B5D-AA25-2D9F5B5D34EF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9528A3B1-F3DC-47F4-9860-DD41BB68DF3C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4B35E4D6-B875-499D-8100-37888DF01721}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{718A6E7D-462F-40F3-97F7-5DD609C5F5FD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{3C99700C-C51E-4ADA-AC61-0284AAA6197F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{C4F407F2-05BE-487A-A960-E3D3C38EC2F9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{BFAB4BF0-1742-4B5D-8D88-B9202D85A153}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{6FEA035A-B718-442B-BEF9-9E2062C15298}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{083EA1E7-9E50-4298-8DA5-BDE5A7428DA3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{935B70A3-F6FE-4C80-A69D-1D8E92E5A88A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{BBC61E43-0536-4629-8F95-A22A8A5683D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B858A7E8-6B0D-44A2-8D57-442BA2453252}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

17-01-2016 11:14:17 Windows Update
29-01-2016 10:38:10 Windows Update
02-02-2016 09:02:50 Garmin Express
05-02-2016 08:30:22 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2016 10:59:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: edgehtml.dll, version: 11.0.10586.71, time stamp: 0x5699d8b6
Exception code: 0xc0000602
Fault offset: 0x00000000009b7126
Faulting process id: 0x1a90
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

Error: (02/07/2016 05:30:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/07/2016 05:21:01 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (4996) {54CEC810-326D-4203-93D7-F162FE8DBE8C}: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\start_000\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00023.log.

Error: (02/07/2016 05:21:01 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (4996) {F1FBED5A-7FDF-4DF6-B143-5FA74DC2D90A}: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\start_000\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb00010.log.

Error: (02/07/2016 05:19:37 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/07/2016 05:19:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -550.

Error: (02/07/2016 05:18:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RALPH)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/07/2016 05:18:44 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (02/07/2016 05:18:44 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (02/07/2016 05:18:44 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)


System errors:
=============
Error: (02/08/2016 11:56:08 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/08/2016 09:02:23 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/07/2016 06:20:33 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/07/2016 05:25:24 PM) (Source: DCOM) (EventID: 10016) (User: RALPH)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Ralphstart_000S-1-5-21-4239315751-2608994865-2960470113-1008LocalHost (Using LRPC)Microsoft.WindowsStore_2015.25.24.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157

Error: (02/07/2016 05:22:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (02/07/2016 05:21:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (02/07/2016 05:19:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (02/07/2016 05:19:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (02/07/2016 05:19:09 PM) (Source: DCOM) (EventID: 10005) (User: RALPH)
Description: 1053WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/07/2016 05:19:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053


CodeIntegrity:
===================================
Date: 2016-01-30 10:17:20.553
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-12 16:27:28.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-10 17:02:02.045
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-07 15:01:36.542
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-03 15:20:15.793
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-31 09:44:17.931
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-20 09:58:15.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 08:56:33.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 10:00:32.967
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-06 12:54:30.991
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 33%
Total physical RAM: 8063.52 MB
Available physical RAM: 5391.01 MB
Total Virtual: 9343.52 MB
Available Virtual: 6260.94 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.83 GB) (Free:848.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 80870621)

Partition: GPT.

==================== End of Addition.txt ============================
starter005
Regular Member
 
Posts: 58
Joined: February 2nd, 2006, 7:32 am
Location: Derby, Connecticut
Advertisement
Register to Remove

Re: Something is not right

Unread postby mAL_rEm018 » February 13th, 2016, 5:32 pm

Hello starter005,

I apologize for the delay in getting to your topic. I think it was overlooked somehow. If you still need help, please do the following:

  • Right-click on FRST64.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please copy/paste the contents of both logs in your next reply.

If you don't require assistance anymore, please let me know so that I can request for this topic to be closed.


-----------------------------------------
In your next reply, I would like to see..
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Something is not right

Unread postby starter005 » February 14th, 2016, 11:27 am

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by start_000 (administrator) on RALPH (14-02-2016 10:26:29)
Running from C:\Users\start_000\Desktop
Loaded Profiles: start_000 (Available Profiles: start_000 & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Brother Industries Ltd.) C:\Brother\BPRSP\resources\BrSupSsp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.16901.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.16901.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Users\start_000\AppData\Local\Temp\EF625773-3274-420D-A6A6-59EF8B44AFD6\DismHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Users\start_000\Downloads\GetWindows10-Web_Default_Attr.exe
(Microsoft Corporation) C:\$Windows.~GWX\Sources\MediaCreationTool.exe
(Microsoft Corporation) C:\$Windows.~WS\Sources\SetupHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-06] (AVAST Software)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-08-12] (CyberLink Corp.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
HKLM-x32\...\Run: [BrHelp] => c:\program files (x86)\brother\brother help\brotherhelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-22] (SUPERAntiSpyware)
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\RunOnce: [Uninstall C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-04] (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother BPRSP.lnk [2015-08-28]
ShortcutTarget: Brother BPRSP.lnk -> C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_6861D01CB00C428FAA7298BB572A9511.exe (Flexera Software LLC)
Startup: C:\Users\Ralph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8def33c9-d402-4c1f-b94b-3b2aca53daa6}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{aa55db39-edac-4607-a04d-bf2130a2cd71}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag ... 3331971&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag ... 3331971&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> {729582B7-CDB9-4D1F-A6EA-3CE1F3F03E02} URL =
SearchScopes: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> {96CAAC3F-DDAC-429C-8D64-745C19A15013} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-09] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-04] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-09] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO-x32: Protect My Choices (Beta) -> {3DFCDCA1-AEAC-4302-A690-BFB683568BAA} -> C:\Program Files (x86)\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll [2015-09-16] (Digital Advertising Alliance)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-04] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/sh ... tor/sw.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.co ... 5.22.0.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008 -> hxxp://www.yahoo.com/

FireFox:
========
FF ProfilePath: C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default
FF NewTab: about:home
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-09] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-21] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4239315751-2608994865-2960470113-1008: @citrixonline.com/appdetectorplugin -> C:\Users\start_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-11-07] (Citrix Online)
FF SearchPlugin: C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\searchplugins\bing-lavasoft.xml [2016-01-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-04]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-04] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-25] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
S4 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-11] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4341424 2016-01-06] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-22] (REALiX(tm))
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2015-12-04] (Intel Corporation)
S0 ngvss; no ImagePath
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [32912 2015-03-25] (EldoS Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-12-20] (Realtek )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [407768 2015-12-04] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-08-11] (CyberLink Corp.)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-14 10:26 - 2016-02-14 10:27 - 00023104 _____ C:\Users\start_000\Desktop\FRST.txt
2016-02-14 10:25 - 2016-02-14 10:25 - 00000000 ___HD C:\$Windows.~WS
2016-02-14 10:25 - 2016-02-14 10:25 - 00000000 ___HD C:\$Windows.~GWX
2016-02-14 10:25 - 2016-02-14 10:25 - 00000000 ____D C:\$WINDOWS.~BT
2016-02-14 10:24 - 2016-02-14 10:24 - 02370560 _____ (Farbar) C:\Users\start_000\Downloads\FRST64 (2).exe
2016-02-12 08:35 - 2016-02-12 08:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-11 10:08 - 2016-02-11 10:08 - 00034751 _____ C:\Users\start_000\Desktop\SysInfo.xml
2016-02-11 10:05 - 2016-02-11 10:06 - 00386752 _____ (Intel Corporation) C:\Users\start_000\Downloads\SSU.exe
2016-02-11 09:19 - 2016-02-11 09:19 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-02-11 09:18 - 2016-02-11 09:18 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.1455200343609
2016-02-10 16:53 - 2016-02-10 16:53 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-10 16:53 - 2016-02-10 16:53 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-09 11:30 - 2016-02-09 11:31 - 129957096 _____ (Intel Corporation) C:\Users\start_000\Downloads\win64_153338.exe
2016-02-09 11:29 - 2016-02-09 11:29 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-02-08 15:23 - 2016-02-08 15:23 - 00041914 _____ C:\Users\start_000\Downloads\Addition.txt
2016-02-08 15:21 - 2016-02-14 10:26 - 00000000 ____D C:\FRST
2016-02-08 15:20 - 2016-02-08 15:21 - 02370560 _____ (Farbar) C:\Users\start_000\Desktop\FRST64.exe
2016-02-08 10:53 - 2016-02-08 10:53 - 00631383 _____ C:\Users\start_000\Downloads\Statement_Jan 2016.pdf
2016-02-08 10:13 - 2016-02-08 10:13 - 00388608 _____ (Trend Micro Inc.) C:\Users\start_000\Downloads\HijackThis.exe
2016-02-06 14:20 - 2016-02-06 14:20 - 00001886 _____ C:\Users\start_000\Desktop\Intel(R) HD Graphics 2500 Saturday, February 6, 2016 .txt
2016-02-05 17:19 - 2016-02-05 17:20 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (7).zip
2016-02-05 17:16 - 2016-02-05 17:17 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (6).zip
2016-02-05 17:16 - 2016-02-05 17:16 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (5).zip
2016-02-05 17:15 - 2016-02-05 17:16 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (4).zip
2016-02-05 17:14 - 2016-02-05 17:15 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (3).zip
2016-02-05 17:13 - 2016-02-05 17:14 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625 (2).zip
2016-02-05 17:13 - 2016-02-05 17:13 - 01131054 _____ C:\Users\start_000\Downloads\Attachments_201625 (1).zip
2016-02-05 17:11 - 2016-02-05 17:12 - 00000022 _____ C:\Users\start_000\Downloads\Attachments_201625.zip
2016-02-04 09:18 - 2016-02-04 09:18 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-04 09:18 - 2016-02-04 09:18 - 00003156 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1454594977
2016-02-04 09:18 - 2016-02-04 09:18 - 00001987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-02-04 09:18 - 2016-02-04 09:18 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-04 09:18 - 2016-02-04 09:05 - 01065720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-02-04 09:18 - 2016-02-04 09:05 - 00286440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.1455200326343
2016-02-04 09:18 - 2016-02-04 09:05 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-02-04 09:18 - 2016-02-04 09:05 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-02-04 09:10 - 2016-02-11 08:14 - 00000258 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_start_000.job
2016-02-04 09:10 - 2016-02-04 09:10 - 00003306 _____ C:\WINDOWS\System32\Tasks\ASC9_PerformanceMonitor
2016-02-04 09:10 - 2016-02-04 09:10 - 00002446 _____ C:\WINDOWS\System32\Tasks\ASC9_SkipUac_start_000
2016-02-04 09:05 - 2016-02-04 09:05 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-02-02 09:04 - 2016-02-02 09:04 - 00002500 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_start_000
2016-02-02 09:04 - 2016-02-02 09:04 - 00000298 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_start_000.job
2016-02-02 09:03 - 2016-02-02 09:03 - 00003622 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-02-02 09:03 - 2016-02-02 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-01-29 09:11 - 2016-01-29 09:11 - 00003428 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-01-29 09:11 - 2016-01-29 09:11 - 00003084 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (start_000)
2016-01-29 09:10 - 2016-01-29 09:11 - 14423632 _____ (IObit ) C:\Users\start_000\Downloads\driver_booster_setup (1).exe
2016-01-29 09:09 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-29 09:09 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-29 09:09 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-29 09:09 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-29 09:09 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-29 09:09 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-29 09:09 - 2016-01-16 01:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-29 09:09 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-29 09:09 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-29 09:09 - 2016-01-16 01:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-29 09:09 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-29 09:09 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-29 09:09 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-29 09:09 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-29 09:09 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-29 09:09 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-29 09:09 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-29 09:09 - 2016-01-16 01:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-29 09:09 - 2016-01-16 01:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-29 09:09 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-29 09:09 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-29 09:09 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-29 09:09 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-29 09:09 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-29 09:09 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-29 09:09 - 2016-01-16 00:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-29 09:09 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-29 09:09 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-29 09:09 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-29 09:09 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-29 09:09 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-29 09:09 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-29 09:09 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-29 09:09 - 2016-01-16 00:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-29 09:09 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-29 09:09 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-29 09:09 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-29 09:09 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-29 09:09 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-29 09:09 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-29 09:09 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-29 09:09 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-29 09:09 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-29 09:09 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-29 09:09 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-29 09:09 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-29 09:09 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-29 09:09 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-29 09:09 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-29 09:09 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-29 09:09 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-29 09:09 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-29 09:09 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-29 09:09 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-29 09:09 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-29 09:09 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-29 09:09 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-29 09:09 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-29 09:09 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-29 09:09 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-29 09:09 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-29 09:09 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-29 09:09 - 2016-01-16 00:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-29 09:09 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-29 09:09 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-29 09:09 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-29 09:09 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-29 09:09 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-29 09:09 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-29 09:09 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-29 09:09 - 2016-01-16 00:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-29 09:09 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-29 09:09 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-29 09:09 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-29 09:09 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-29 09:09 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-29 09:09 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-29 09:09 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-29 09:09 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-29 09:09 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-29 09:09 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-29 09:09 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-29 09:09 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-29 09:09 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-29 09:09 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-29 09:09 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-29 09:09 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-29 09:09 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-29 09:09 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-29 09:09 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-29 09:09 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-29 09:09 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-29 09:09 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-29 09:09 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-29 09:09 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-29 09:09 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-29 09:09 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-29 09:09 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-29 09:09 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-29 09:09 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-29 09:09 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-29 09:09 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-29 09:09 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-29 09:09 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-29 09:09 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-29 09:09 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-29 09:09 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-29 09:09 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-29 09:09 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-29 09:09 - 2016-01-16 00:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-29 09:09 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-29 09:09 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-29 09:09 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-29 09:09 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-29 09:09 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-29 09:09 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-29 09:09 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-29 09:09 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-29 09:09 - 2016-01-16 00:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-26 09:15 - 2016-01-26 09:15 - 06828320 _____ (Piriform Ltd) C:\Users\start_000\Downloads\ccsetup514.exe
2016-01-21 15:28 - 2016-01-21 15:28 - 02006715 _____ C:\Users\start_000\Downloads\DivineEats_Chicken.pdf
2016-01-21 15:28 - 2016-01-21 15:28 - 02006715 _____ C:\Users\start_000\Downloads\DivineEats_Chicken (2).pdf
2016-01-21 15:28 - 2016-01-21 15:28 - 02006715 _____ C:\Users\start_000\Downloads\DivineEats_Chicken (1).pdf
2016-01-21 07:33 - 2016-01-21 07:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-01-21 07:32 - 2016-01-21 07:32 - 41171496 _____ (IObit ) C:\Users\start_000\Downloads\advanced-systemcare-setup.exe
2016-01-21 07:27 - 2016-01-21 07:28 - 00003626 _____ C:\WINDOWS\System32\Tasks\SmartDefrag4_Defrag
2016-01-19 09:18 - 2016-02-05 17:16 - 00000000 ____D C:\Users\start_000\Desktop\Upstate NY Pics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-14 10:25 - 2015-11-23 18:51 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-14 10:24 - 2014-12-22 11:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-14 10:23 - 2014-08-08 14:54 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0B596711-D62E-4C9A-A60C-AE56F81F2B11}
2016-02-13 16:19 - 2014-07-23 03:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-13 11:37 - 2014-03-11 15:44 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI
2016-02-13 09:21 - 2015-03-22 09:07 - 00000000 ____D C:\ProgramData\ProductData
2016-02-13 09:20 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-12 09:34 - 2014-03-11 17:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-12 09:31 - 2014-03-11 17:31 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-12 08:41 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-11 10:06 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-10 17:01 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-09 11:30 - 2014-07-23 03:17 - 00000000 ____D C:\Program Files\Java
2016-02-09 11:29 - 2015-08-21 14:17 - 00000000 ____D C:\Users\start_000\.oracle_jre_usage
2016-02-09 11:29 - 2014-03-11 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-09 11:24 - 2015-06-12 18:10 - 00000000 ____D C:\Users\start_000\Documents\My Filehippo Downloads
2016-02-08 16:01 - 2014-12-22 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-08 10:14 - 2014-07-22 13:58 - 00000000 ____D C:\Users\start_000\AppData\Local\VirtualStore
2016-02-07 17:24 - 2015-11-23 16:11 - 00917148 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-07 17:19 - 2014-07-22 13:58 - 00000000 __SHD C:\Users\start_000\IntelGraphicsProfiles
2016-02-07 17:18 - 2015-11-23 15:58 - 00000000 ____D C:\Users\start_000
2016-02-07 17:17 - 2015-11-23 16:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-07 10:36 - 2014-07-22 18:27 - 00000000 ___RD C:\Users\start_000\OneDrive
2016-02-06 14:11 - 2014-12-27 09:07 - 00000000 ____D C:\Users\start_000\Downloads\Intel Components
2016-02-06 14:04 - 2015-11-23 15:58 - 00000000 ____D C:\Users\DefaultAppPool
2016-02-05 17:19 - 2014-07-22 13:58 - 00000000 ____D C:\Users\start_000\AppData\Local\Packages
2016-02-05 08:52 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-02-05 08:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\registration
2016-02-05 08:24 - 2014-12-17 15:24 - 00000000 ____D C:\Users\start_000\AppData\Local\ElevatedDiagnostics
2016-02-04 09:21 - 2015-11-23 08:13 - 00000000 ___RD C:\Users\start_000\Desktop\Performance
2016-02-04 09:05 - 2015-01-11 09:42 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-02 09:04 - 2014-03-11 16:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 09:03 - 2015-11-07 16:00 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-01-31 10:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-30 10:14 - 2013-12-05 12:58 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-30 10:13 - 2015-11-09 15:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-30 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-30 10:04 - 2014-11-26 13:50 - 00000178 _____ C:\Users\start_000\Desktop\Yahoo.url
2016-01-29 09:11 - 2015-10-22 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-01-29 09:03 - 2014-12-22 10:55 - 00001240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-29 09:03 - 2014-12-22 10:55 - 00001228 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-26 09:16 - 2015-12-21 09:23 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-22 13:02 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 13:01 - 2014-03-12 15:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-21 07:33 - 2015-12-04 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-01-21 07:33 - 2015-10-22 14:41 - 00000000 ____D C:\Program Files (x86)\IObit
2016-01-21 07:33 - 2015-03-22 09:07 - 00000000 ____D C:\Users\start_000\AppData\Roaming\IObit
2016-01-19 08:03 - 2015-11-23 15:58 - 00000000 ____D C:\Users\Ralph
2016-01-19 08:03 - 2015-11-23 15:58 - 00000000 ____D C:\Users\Administrator

==================== Files in the root of some directories =======

2014-07-22 16:09 - 2014-07-22 16:09 - 0000017 _____ () C:\Users\start_000\AppData\Local\resmon.resmoncfg
2013-10-09 14:46 - 2013-10-09 14:46 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-09 14:43 - 2013-10-09 14:43 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-09 14:43 - 2013-10-09 14:44 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-10-09 14:42 - 2013-10-09 14:42 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-09 14:45 - 2013-10-09 14:46 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-13 09:32

==================== End of FRST.txt ============================
starter005
Regular Member
 
Posts: 58
Joined: February 2nd, 2006, 7:32 am
Location: Derby, Connecticut

Re: Something is not right

Unread postby starter005 » February 14th, 2016, 11:28 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by start_000 (2016-02-14 10:27:16)
Running from C:\Users\start_000\Desktop
Windows 10 Home (X64) (2015-11-23 21:20:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4239315751-2608994865-2960470113-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4239315751-2608994865-2960470113-503 - Limited - Disabled)
Guest (S-1-5-21-4239315751-2608994865-2960470113-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4239315751-2608994865-2960470113-1007 - Limited - Enabled)
start_000 (S-1-5-21-4239315751-2608994865-2960470113-1008 - Administrator - Enabled) => C:\Users\start_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.1.0 - IObit)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Brother Product Research and Support Program (HKLM-x32\...\{8040527F-DD74-4B45-8A06-C4BF145B6C76}) (Version: 2.1.1.0002 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.50.0 - Conexant)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4412.58 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Digital Advertising Alliance Protect My Choices (Beta) (HKLM-x32\...\{B0E895EC-AF4D-48EB-A03B-18DA8ACF5F9A}) (Version: 1.6.0.0 - Digital Advertising Alliance)
Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit)
DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
Elevated Installer (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Garmin Express (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.16.0 - Garmin Ltd or its subsidiaries) Hidden
Intel Driver Update Utility (HKLM-x32\...\{a699b395-cd93-4135-85ec-828113841355}) (Version: 2.2.0.6 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Driver Update Utility 2.2.0.6 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.126 - IObit)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.3.6261.27 - PC-Doctor, Inc.)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Scansoft PDF Professional (x32 Version: - ) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 3.0.9.0 - HTC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\start_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AE30774-2E87-4745-8D50-C923A8791957} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {16777BE2-E394-4E04-85C6-751F5A790E48} - \ProfessionalCleaningSoftware_Popup -> No File <==== ATTENTION
Task: {2366C53B-764F-4A67-96E0-374D1BAA0F0D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2895AD02-C3A3-4CDF-B3AD-61B36D6B6E66} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {3C460CBE-1321-4B77-976A-BCDFE0A4D011} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-01-15] (IObit)
Task: {3F66089B-EF64-45AF-AA9D-1D7161B4782A} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {416C35DB-11E1-416B-BB02-D43ACA7B80AF} - System32\Tasks\SafeZone scheduled Autoupdate 1454594977 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {43706976-862E-470D-A13D-F89954D98F51} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {468AF792-E386-481A-8CEF-A2B8F84ABC49} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {472A5C5A-078A-4E1D-809D-5416712A162B} - System32\Tasks\Uninstaller_SkipUac_start_000 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-01-12] (IObit)
Task: {47F550B7-EDF7-4828-9C2A-907D8E694CCD} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
Task: {4EFC3408-8DC0-48FE-9322-B9210341B79F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {504BD9DC-D44A-4B7C-9A29-2D62386F14AC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {506E8EA5-3088-46D8-A599-475966FE7BC4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-04] (AVAST Software)
Task: {51B2365D-1F26-43B0-9AFB-38DC6F9000E5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {568D2607-2E95-4D32-82E0-0BC464E51599} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {5C07FDE5-704C-4844-82C8-A78DEFD7D101} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
Task: {5C1E17B6-33A6-4B92-85A1-08BF5196D5F1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5D277F32-B4A8-4C34-AD42-B65329D0630C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {69144A40-0124-430B-B3F8-B22DCE590922} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {6C71B6A5-9904-484E-93D6-0B8537CCA0D0} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {71C9B2DE-7999-4745-B97B-A5399F3AB7F8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7964398A-221B-4809-AC53-40ED00D8ED85} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {7F7B6BB1-A4ED-4587-95BF-1343A39A74B7} - \ProfessionalCleaningSoftware_Start -> No File <==== ATTENTION
Task: {8080D58F-F969-48BD-9B6E-EA6DFA8CFD76} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8B11685A-5AB6-499F-846B-49950141DD1D} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {8C28909C-9E73-4A32-961F-57FA1083BCC0} - System32\Tasks\SmartDefrag4_Defrag => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {8C726201-EFB2-45A5-8213-3ED0C8E42C15} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8E9C390E-B679-44BC-975F-8E9954E01EFC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {96C39582-E10C-4B38-BA54-2CE39A50A06B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {9DAC99AF-40EB-4E23-B19B-F5E8D748B054} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A2791BBA-30B1-4CF1-8DA8-3B7E91892AC0} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {AC058D1D-1242-4C4B-A303-A5875B9DA709} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-01-13] (IObit)
Task: {AC7A934C-97E9-4D72-BCE7-C9235A09283D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-01-28] ()
Task: {B357D940-DADB-41F4-AAB1-2F0833166F51} - System32\Tasks\PocketCloud => C:\Program
Task: {BCC5E87D-2245-47E2-B38C-1DBCC5C8AE05} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {CBECAE10-CCB7-4E4B-8994-FF26BDE300C2} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe
Task: {CEE6A43F-6131-4E7E-AF16-356FCE6F3105} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {CFC78AED-C551-4E41-975A-6071343F4BE8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D980C5EA-9D4A-498A-AA76-F972309D9970} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {E5922A1D-0931-4A72-B93E-9FB13D09BA68} - System32\Tasks\ASC9_SkipUac_start_000 => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-01-18] (IObit)
Task: {EE05D4C9-6234-4612-8442-C9CE60CD2F75} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FCE193D0-57BE-4CD6-8ABB-9E513576A30D} - System32\Tasks\Driver Booster SkipUAC (start_000) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-01-18] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC9_SkipUac_start_000.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_start_000.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-22 12:58 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-03-11 15:41 - 2005-04-21 23:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-12-03 14:11 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-12 15:36 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-29 09:09 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-03 14:11 - 2015-11-22 05:47 - 02653816 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-01-22 12:53 - 2016-01-22 12:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-03 14:11 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-28 16:26 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-18 07:58 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 07:58 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 15:36 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 15:36 - 2016-01-04 20:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-29 09:09 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-03 14:10 - 2015-11-22 04:18 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 02:18 - 2015-10-30 04:07 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 02:18 - 2015-10-30 04:06 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 02:18 - 2015-10-30 04:07 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 02:18 - 2015-10-30 04:06 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 02:18 - 2015-10-30 04:06 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 02:18 - 2015-10-30 04:07 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 02:18 - 2015-10-30 04:06 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 02:18 - 2015-10-30 04:06 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 02:18 - 2015-10-30 04:06 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-02-12 08:41 - 2016-02-12 08:41 - 09789952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-02-05 08:28 - 2016-02-05 08:28 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-02-05 08:28 - 2016-02-05 08:28 - 14869504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-24 08:11 - 2015-11-24 08:11 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-02-04 09:05 - 2016-02-04 09:05 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-04 09:05 - 2016-02-04 09:05 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-07 12:58 - 2016-02-07 12:58 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020701\algo.dll
2016-02-04 09:05 - 2016-02-04 09:05 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-04 09:05 - 2016-02-04 09:05 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-02-12 10:19 - 2016-02-12 10:19 - 02820096 _____ () C:\Program Files\AVAST Software\Avast\defs\16021200\algo.dll
2015-11-24 07:44 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2015-11-08 09:13 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-01-22 12:53 - 2016-01-22 12:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 12:53 - 2016-01-22 12:53 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-21 07:33 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-01-21 07:33 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-01-21 07:33 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2015-12-30 08:19 - 2015-10-27 14:05 - 00618784 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\ProductStatistics.dll
2015-12-30 08:19 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
2015-12-04 08:54 - 2015-12-04 08:54 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-21 07:33 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-01-21 07:33 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-01-21 07:33 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-11-24 07:44 - 2015-03-27 15:39 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2015-11-24 07:44 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2015-11-24 07:45 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2015-06-16 14:22 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 10:41 - 2013-03-05 10:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-23 11:32 - 2013-09-04 05:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\100sexlinks.com -> 100sexlinks.com

There are 4790 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\start_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: WysePocketCloud => 2
MSCONFIG\Services: WyseRemoteAccess => 2
MSCONFIG\startupreg: BrHelp =>
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "F-Secure Hoster (53784)"
HKLM\...\StartupApproved\Run32: => "F-Secure Manager"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\StartupFolder: => "Content Anywhere.lnk"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\StartupApproved\Run: => "Itibiti.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{31D76E43-1623-49C1-A52F-16193788A73C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6024DDEF-A88F-4210-9CCC-C7AA6B7244EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A367021-57DA-41DB-BB45-B5E248D7274E}] => (Allow) LPort=54925
FirewallRules: [{B22FE7CE-E6BC-4179-9050-61414BF6E6C7}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{66CD6CE6-02A2-4C0A-AFBF-04E41D97588A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FF80914C-0A38-4B5D-AA25-2D9F5B5D34EF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9528A3B1-F3DC-47F4-9860-DD41BB68DF3C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4B35E4D6-B875-499D-8100-37888DF01721}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{718A6E7D-462F-40F3-97F7-5DD609C5F5FD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{3C99700C-C51E-4ADA-AC61-0284AAA6197F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{C4F407F2-05BE-487A-A960-E3D3C38EC2F9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{BFAB4BF0-1742-4B5D-8D88-B9202D85A153}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{6FEA035A-B718-442B-BEF9-9E2062C15298}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{083EA1E7-9E50-4298-8DA5-BDE5A7428DA3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{935B70A3-F6FE-4C80-A69D-1D8E92E5A88A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{BBC61E43-0536-4629-8F95-A22A8A5683D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B858A7E8-6B0D-44A2-8D57-442BA2453252}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

17-01-2016 11:14:17 Windows Update
29-01-2016 10:38:10 Windows Update
02-02-2016 09:02:50 Garmin Express
05-02-2016 08:30:22 Restore Operation
10-02-2016 16:52:54 Windows Modules Installer
10-02-2016 16:58:16 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2016 10:19:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: edgehtml.dll, version: 11.0.10586.71, time stamp: 0x5699d8b6
Exception code: 0xc0000005
Fault offset: 0x00000000006ca481
Faulting process id: 0x574c
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

Error: (02/11/2016 10:12:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000057b0fd8
Faulting process id: 0x1014
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (02/11/2016 10:12:33 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00000000057B0FD8

Error: (02/11/2016 09:12:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: Flash.ocx, version: 20.0.0.306, time stamp: 0x56ab0440
Exception code: 0xc0000409
Fault offset: 0x0000000000a85d4c
Faulting process id: 0x4ea0
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

Error: (02/10/2016 04:58:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/10/2016 04:52:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/10/2016 11:30:28 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/08/2016 10:59:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: edgehtml.dll, version: 11.0.10586.71, time stamp: 0x5699d8b6
Exception code: 0xc0000602
Fault offset: 0x00000000009b7126
Faulting process id: 0x1a90
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

Error: (02/07/2016 05:30:46 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/07/2016 05:21:01 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (4996) {54CEC810-326D-4203-93D7-F162FE8DBE8C}: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\start_000\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00023.log.


System errors:
=============
Error: (02/13/2016 04:20:08 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/13/2016 12:05:20 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/13/2016 11:39:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/13/2016 11:18:06 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/12/2016 10:36:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/11/2016 07:38:29 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/11/2016 04:40:01 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/11/2016 03:25:25 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/11/2016 10:28:53 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/11/2016 10:19:25 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


CodeIntegrity:
===================================
Date: 2016-02-11 08:17:18.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-30 10:17:20.553
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-12 16:27:28.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-10 17:02:02.045
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-07 15:01:36.542
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-03 15:20:15.793
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-31 09:44:17.931
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-20 09:58:15.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 08:56:33.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 10:00:32.967
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 45%
Total physical RAM: 8063.52 MB
Available physical RAM: 4411.78 MB
Total Virtual: 9343.52 MB
Available Virtual: 4983.1 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.83 GB) (Free:848.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 80870621)

Partition: GPT.

==================== End of Addition.txt ============================
starter005
Regular Member
 
Posts: 58
Joined: February 2nd, 2006, 7:32 am
Location: Derby, Connecticut

Re: Something is not right

Unread postby mAL_rEm018 » February 14th, 2016, 3:39 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello starter005,

Welcome to MalwareRemoval! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Something is not right

Unread postby mAL_rEm018 » February 15th, 2016, 12:22 am

Hello starter005,


Please answer the following questions:
  • Is this computer used in any type of business activity?
  • Did you make the following policy?
    HKU\S-1-5-21-4239315751-2608994865-2960470113-1008\...\Policies\Explorer: [NoInstrumentation] 0


Backup your registry using TCRB
  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.


Next..

  • Right-Click the Start button.
  • Select Control Panel.
  • Click Programs and Features and then Uninstall a Program.
  • Select the following programs:
    • Advanced SystemCare 9
    • Driver Booster 3.2
    • IObit Malware Fighter 3
    • IObit Uninstaller
    • Smart Defrag 4
  • Select Uninstall.
  • Answer any question attentively.
  • When the process is finished, please restart your computer.
    Please note you can only uninstall one program at a time.


Please run the following scans..


Adwcleaner
  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open. Please copy/paste the contents in your next reply.
    Note: do not select Cleaning at this point


I need you to run a search using FRST..

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.



-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble performing any of the steps?
  • Answer to my questions.
  • AdwCleaner log.
  • Search.txt
  • How is your computer behaving?

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Something is not right

Unread postby starter005 » February 15th, 2016, 10:00 am

This PC is for personal use only. My wife has on occasion used it for "work at home" but neither of us has any knowledge of the file policy you questioned. I deleted the programs as instructed but I'm curious..I thought those programs were protecting my computer, was I wrong?


# AdwCleaner v5.020 - Logfile created 13/11/2015 at 16:02:12
# Updated 13/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 8.1 (x64)
# Username : start_000 - RALPH
# Running from : C:\Users\start_000\AppData\Local\Microsoft\Windows\INetCache\IE\IHC3S8HA\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\Ralph\AppData\Roaming\Systweak
Folder Found : C:\Users\Ralph\AppData\Roaming\DriverTurbo
Folder Found : C:\Users\start_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Folder Found : C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\Extensions\ascsurfingprotection@iobit.com

***** [ Files ] *****

File Found : C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\user.js
File Found : C:\WINDOWS\Reimage.ini

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F8A4FC32-DDA3-4DD9-8C62-49F778FF630B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{09CFDB88-F9F0-40BA-885E-F47A957D12E6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2B1B440F-A9DB-46E3-ADCF-AA6E08143FB8}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\Reimage
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.6
Key Found : [x64] HKLM\SOFTWARE\Reimage

***** [ Web browsers ] *****

[C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\prefs.js] [Preference] Found : user_pref("network.hxxp.request.max-start-delay", 0);
[C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Ralph\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\start_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\start_000\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3777 bytes] ##########
# AdwCleaner v5.033 - Logfile created 15/02/2016 at 08:55:43
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : start_000 - RALPH
# Running from : C:\Users\start_000\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

File Found : C:\searchplugins\bing-lavasoft.xml
File Found : C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\searchplugins\bing-lavasoft.xml
File Found : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\WebBar
Key Found : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [ Web browsers ] *****

[C:\Users\start_000\AppData\Roaming\Mozilla\Firefox\Profiles\fcly5hd4.default\prefs.js] [Preference] Found : user_pref("network.hxxp.request.max-start-delay", 0);

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5325 bytes] ##########
starter005
Regular Member
 
Posts: 58
Joined: February 2nd, 2006, 7:32 am
Location: Derby, Connecticut

Re: Something is not right

Unread postby starter005 » February 15th, 2016, 10:04 am

Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by start_000 (2016-02-15 09:04:55)
Running from C:\Users\start_000\Desktop
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer" ===========


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{5072148C-DE7A-4826-965C-812AB676E0A4}]
""="IUccUserSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{94F59D79-583A-4547-A620-EAD932A2F2EB}]
""="_IUccUserSearchQueryEvents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{4bfdca75-9660-3ab4-bea9-da6579662b6a}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{d6519d77-1cdf-30a5-812e-d88fb4798a29}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-4239315751-2608994865-2960470113-1008\SOFTWARE\Trolltech]

[HKEY_USERS\S-1-5-21-4239315751-2608994865-2960470113-1008\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
====== End of Search ======
starter005
Regular Member
 
Posts: 58
Joined: February 2nd, 2006, 7:32 am
Location: Derby, Connecticut

Re: Something is not right

Unread postby mAL_rEm018 » February 15th, 2016, 3:34 pm

Hello starter005,

Can you tell me how you obtained your license for Microsoft Office Professional Plus 2013?
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Something is not right

Unread postby starter005 » February 15th, 2016, 4:02 pm

I work for United Technologies Corporation and we are able to purchase it for $9.95 through their corporate program.
starter005
Regular Member
 
Posts: 58
Joined: February 2nd, 2006, 7:32 am
Location: Derby, Connecticut

Re: Something is not right

Unread postby starter005 » February 15th, 2016, 4:02 pm

It was a download only, no disc
starter005
Regular Member
 
Posts: 58
Joined: February 2nd, 2006, 7:32 am
Location: Derby, Connecticut

Re: Something is not right

Unread postby starter005 » February 15th, 2016, 4:04 pm

It is called the Microsoft Home Use Program and I have an e-receipt for it.
starter005
Regular Member
 
Posts: 58
Joined: February 2nd, 2006, 7:32 am
Location: Derby, Connecticut

Re: Something is not right

Unread postby Gary R » February 16th, 2016, 6:07 pm

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.


This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 282 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware