# DNS Lookup Failed (Cannot access internet) Upon Removing of unknown malware



## kango88 (Feb 5, 2015)

Hi,

Some background about what happened first. First, one day i realised my internet browsers for computer A running on windows 8.1 have been infected by some virus as my Google search on my Chrome and IE looks weird (Google logo and blue arrow missing)








After which, i tried to find out what's wrong by scanning with various software such as windows defender and spybot s&d but nothing was found. After which i turned to using Adwcleaner after finding it online. Upon using it twice, my internet stopped working and I'm seeing this messsage on my Internet Explorer (Google is the homepage)
"DNS Lookup for "www.google.com" failed. The system reports that no network connection is available. System.Net.Sockets.SocketException No such host is known"

This is the first problem. For the second problem, after computer A is down, I imported my Chrome profiles from computer A to computer B (A macbook runnning windows 7 in bootcamp) and now my internet browsers in computer B are infected with the same unknown virus of having a weird looking Google search and not being able to access both yahoo and bing search.

I've tried some of the method in http://forums.techguy.org/virus-other-malware-removal/ but still cannot get my internet back working on computer A and find the unknown virus in computer B.

Can you help me solve the internet problem in computer A first? I'll post the reports I've generated using the various software mentioned in the other thread

Thanks


----------



## kango88 (Feb 5, 2015)

Sysinfo

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8077 Mb
Graphics Card: NVIDIA GeForce GT 740M, -2048 Mb
Hard Drives: C: Total - 190423 MB, Free - 66674 MB; D: Total - 264346 MB, Free - 1139 MB; E: Total - 7629 MB, Free - 1686 MB;
Motherboard: ASUSTeK COMPUTER INC., K46CB
Antivirus: Windows Defender, Disabled

--------------------------------------------------------------------------------------------------------------------------
FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Gladwin (administrator) on GLADWIN on 08-02-2015 00:12:55
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Loaded Profiles: Gladwin (Available profiles: Gladwin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvMon.exe
() C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Spotify Ltd) C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_hub.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_browser.exe
() C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
(Barracuda Networks, Inc.) C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_central_control.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_monitor.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_dialogs.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
(Dropbox, Inc.) C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\ASUS\AppData\Roaming\ACEStream\updater\ace_update.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\AsusWSPanel.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Tech Support Guy System) C:\Users\ASUS\Desktop\Troubleshoot Program\SysInfo.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-12-23] (Realtek Semiconductor)
HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [29696 2013-08-22] (Microsoft Corporation)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-30] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-30] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [70656 2014-12-23] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-05] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\ASUSWSLoader.exe [63296 2014-07-08] ()
HKLM-x32\...\Run: [Launcher] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe [2400768 2012-04-28] (Fuji Xerox Co., Ltd.)
HKLM-x32\...\Run: [M205f RUN] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe [355840 2012-06-20] ()
HKLM-x32\...\Run: [StatusAutoRunm205f] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe [3978752 2012-06-20] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3878480 2014-08-20] (Tonec Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [AceStream] => C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Spotify Web Helper] => C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Google Update] => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-13] (Google Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [MediaFire Tray] => C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe [4002120 2015-01-23] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [instanteyedropper] => C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe [352256 2007-10-17] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Copy] => C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-01-23] (Barracuda Networks, Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\MountPoints2: {c7345423-f2fd-11e3-bf91-2cd05a4163df} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\MountPoints2: {e49a6483-8e37-11e3-824e-806e6f6e6963} - "F:\start.exe"
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-01-23] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\Run: [Backblaze] => "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_d548a.dll (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> URL http://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> {F420D4DA-5EF9-4E57-852D-35292E645774} URL = http://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://sg.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @acestream.net/acestreamplugin,version=2.2.0-next -> C:\Users\ASUS\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @citrixonline.com/appdetectorplugin -> C:\Users\ASUS\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @talk.google.com/O1DPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @tools.google.com/Google Update;version=3 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @tools.google.com/Google Update;version=9 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-11-21]
FF Extension: IDM CC - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-01-29]
FF Extension: FireShot - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-01-30]
FF Extension: EPUBReader - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-01-11]
FF Extension: Easy App Tabs - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-02-05]
FF Extension: MEGA - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-02-04]
FF Extension: Save My Tabs - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-02-05]
FF Extension: Media Stealer - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-08-24]
FF Extension: Reader - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-01-30]
FF Extension: Graph Authority - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{CBECCADF-6A82-4141-A264-7ED25F718BCB}.xpi [2014-04-10]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2014-10-08]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Firefox\Extensions: [[email protected]] - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5 [2014-08-24]
FF HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Downloads) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkhjekibcfjngomhbbifihellcaebcn [2014-07-18]
CHR Extension: (Download Manager (video and mp3)) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapnjmgdanmelbcmjdjljogelnlfepcj [2015-01-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (RankRecon) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdckfonfkdoeiobllnejjieicmjodh [2014-06-03]
CHR Extension: (OneTab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-12-23]
CHR Extension: (Webpage Screenshot) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-03-22]
CHR Extension: (SEO I.Q.) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadlnlnlpkpchfljjcpkodcljofniggm [2014-09-23]
CHR Extension: (Tabs Backup & Restore) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2014-03-22]
CHR Extension: (Graph Authority) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeaaoidckfbpinpmjbbmgnapanfnkdkc [2014-04-10]
CHR Extension: (FB Pixel Helper) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-01-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-02]
CHR Extension: (Share As Image Extension) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhphfbdfbkokcfajipbmkcakmmepeb [2014-12-22]
CHR Extension: (SEO & Website Analysis) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2014-12-22]
CHR Extension: (IDM Integration Module) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-02-06]
CHR Extension: (Hangouts) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-06]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-08-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSWinService.exe [71680 2014-01-15] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-30] (Qualcomm Atheros Commnucations)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2014-12-23] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [118728 2014-12-23] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [92672 2014-12-23] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [88064 2014-12-23] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-31] (Diskeeper Corporation)
R2 FXNADB; C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [96768 2012-06-20] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-18] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-18] (McAfee, Inc.)
R2 MF NTFS Monitor; C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456504 2015-01-23] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-17] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-30] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2014-12-23] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [50640 2014-12-23] (Intel Corporation)
S3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [42224 2014-12-23] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2014-12-23] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [234736 2014-12-23] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-31] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-31] (Diskeeper Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-23] (REALiX(tm))
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-12-23] (Intel Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-01-23] (Windows (R) Win 7 DDK provider)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S1 HssDRV6; \SystemRoot\system32\DRIVERS\hssdrv6.sys [X]
S3 taphss6; \SystemRoot\system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 00:12 - 2015-02-08 00:12 - 00000000 ____D () C:\FRST
2015-02-08 00:11 - 2015-02-08 00:12 - 00000000 ____D () C:\Users\ASUS\Desktop\Troubleshoot Program
2015-02-08 00:11 - 2015-02-08 00:11 - 00000478 _____ () C:\Users\ASUS\Desktop\System info.txt
2015-02-08 00:05 - 2015-02-08 00:05 - 00000631 _____ () C:\WINDOWS\system32\network.txt
2015-02-08 00:05 - 2015-02-08 00:05 - 00000631 _____ () C:\Users\ASUS\Desktop\network.txt
2015-02-07 23:17 - 2015-02-07 23:17 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Clarus
2015-02-05 10:01 - 2015-02-05 10:01 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-02-05 10:01 - 2013-08-27 23:42 - 00086035 ____N () C:\WINDOWS\system32\athwbx.cat
2015-02-05 10:01 - 2013-08-15 20:13 - 03859968 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2015-02-05 10:01 - 2013-08-15 20:13 - 03859968 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2015-02-05 00:55 - 2015-02-05 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-02-04 23:52 - 2015-02-04 23:52 - 00000298 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Gladwin.job
2015-02-04 23:24 - 2015-02-04 23:32 - 00000000 ____D () C:\AdwCleaner
2015-02-04 23:23 - 2015-02-04 23:23 - 02194432 _____ () C:\Users\ASUS\Downloads\adwcleaner_4.109.exe
2015-02-04 23:09 - 2014-12-07 19:53 - 00452755 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150204-230941.backup
2015-02-04 23:03 - 2015-02-04 23:03 - 00003859 _____ () C:\Users\ASUS\Downloads\software_removal_tool.log
2015-02-04 22:47 - 2015-02-04 22:47 - 00002279 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 22:47 - 2015-02-04 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 22:46 - 2015-02-07 23:52 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 22:46 - 2015-02-07 22:51 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 22:46 - 2015-02-04 22:46 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 22:46 - 2015-02-04 22:46 - 00003652 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 01:24 - 2015-02-02 01:24 - 00008477 _____ () C:\Users\ASUS\Downloads\Invoice 1480331 (01-30-2015).html
2015-02-01 23:29 - 2015-02-07 22:06 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-02-01 23:28 - 2015-02-02 20:51 - 00000492 _____ () C:\WINDOWS\Tasks\InstallShield Update Task.job
2015-02-01 23:28 - 2015-02-01 23:28 - 00003224 _____ () C:\WINDOWS\System32\Tasks\InstallShield Update Task
2015-02-01 23:28 - 2015-02-01 23:28 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-01 22:58 - 2015-02-01 22:59 - 45488338 _____ () C:\Users\ASUS\Downloads\Microsoft Office Professional Plus 2013 -32-64 Bit(Activator)[RareAbyss].rar
2015-01-26 23:41 - 2015-02-07 23:27 - 00000578 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002.job
2015-01-22 13:26 - 2015-01-22 13:26 - 00000835 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slf.lnk
2015-01-22 13:26 - 2015-01-22 13:26 - 00000823 _____ () C:\Users\Public\Desktop\slf.lnk
2015-01-22 13:26 - 2015-01-22 13:26 - 00000000 ____D () C:\Program Files (x86)\slf
2015-01-22 12:27 - 2015-01-06 08:08 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-22 12:27 - 2015-01-06 08:08 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 09:37 - 2015-02-05 10:22 - 00000000 ____D () C:\Users\ASUS\Downloads\Ryan Deiss - Invisible Selling Machine
2015-01-22 09:31 - 2015-01-22 09:30 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 21:55 - 2014-12-09 03:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 21:55 - 2014-12-06 09:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 22:25 - 2015-01-15 22:25 - 00001056 _____ () C:\Users\Public\Desktop\ICCExpress.lnk
2015-01-15 22:25 - 2015-01-15 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Dimensions
2015-01-14 15:07 - 2015-01-14 15:07 - 00004456 _____ () C:\Users\ASUS\Downloads\Keyword Planner 2015-01-14 at 15-07-16.csv
2015-01-14 12:01 - 2014-12-19 14:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 12:01 - 2014-12-12 10:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 12:01 - 2014-12-12 08:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 12:01 - 2014-12-09 09:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 12:01 - 2014-12-06 11:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 12:01 - 2014-12-06 09:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 22:58 - 2015-01-13 22:58 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Hobbyist Software
2015-01-13 22:34 - 2015-02-04 23:12 - 00000000 ____D () C:\Program Files (x86)\Hobbyist Software
2015-01-13 22:34 - 2015-01-13 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Setup Helper
2015-01-11 23:10 - 2014-11-16 03:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-01-11 23:10 - 2014-11-15 14:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-01-11 23:10 - 2014-11-14 22:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-11 23:10 - 2014-11-14 15:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-11 23:10 - 2014-11-14 14:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-01-11 23:10 - 2014-11-14 14:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-01-11 23:10 - 2014-11-14 14:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-01-11 23:10 - 2014-11-14 14:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-11 23:10 - 2014-11-14 14:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-01-11 23:10 - 2014-11-14 14:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-01-11 23:10 - 2014-11-14 14:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-11 23:10 - 2014-11-14 13:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-01-11 23:10 - 2014-11-14 13:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-01-11 23:10 - 2014-11-14 13:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-01-11 23:10 - 2014-11-14 13:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-01-11 23:10 - 2014-11-14 13:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-01-11 23:10 - 2014-11-11 08:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-01-11 23:10 - 2014-11-11 08:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-01-11 23:10 - 2014-11-11 02:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-01-11 23:10 - 2014-11-11 02:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-01-11 23:10 - 2014-11-11 02:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-01-11 23:10 - 2014-11-11 02:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-01-11 23:10 - 2014-11-10 10:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-01-11 23:10 - 2014-11-10 09:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-01-11 23:10 - 2014-11-10 09:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-01-11 23:10 - 2014-11-10 09:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-01-11 23:10 - 2014-11-10 09:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-01-11 23:10 - 2014-11-10 09:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-01-11 23:10 - 2014-11-10 09:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-01-11 23:10 - 2014-11-10 09:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-01-11 23:10 - 2014-11-10 08:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-01-11 23:10 - 2014-11-10 08:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-01-11 23:10 - 2014-11-08 18:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-01-11 23:10 - 2014-11-08 18:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-01-11 23:10 - 2014-11-08 12:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-01-11 23:10 - 2014-11-08 12:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-01-11 23:10 - 2014-11-08 11:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-01-11 23:10 - 2014-11-08 11:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-01-11 23:10 - 2014-11-08 11:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-01-11 23:10 - 2014-11-08 11:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-01-11 23:10 - 2014-11-08 11:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-01-11 23:10 - 2014-11-08 11:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-01-11 23:10 - 2014-11-08 11:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-01-11 23:10 - 2014-11-08 11:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-01-11 23:10 - 2014-11-08 11:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-01-11 23:10 - 2014-11-08 10:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-01-11 23:10 - 2014-11-08 10:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-01-11 23:10 - 2014-11-08 10:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-01-11 23:10 - 2014-11-08 10:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-01-11 23:10 - 2014-11-08 10:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-01-11 23:10 - 2014-11-08 09:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-01-11 23:10 - 2014-11-08 09:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-01-11 23:10 - 2014-11-08 09:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-01-11 23:10 - 2014-11-07 11:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-01-11 23:10 - 2014-11-07 11:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-01-11 23:10 - 2014-11-05 10:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-01-11 23:10 - 2014-11-05 10:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-01-11 23:10 - 2014-11-05 10:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-01-11 23:10 - 2014-11-05 09:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-01-11 23:10 - 2014-11-05 09:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-01-11 23:10 - 2014-11-05 09:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-01-11 23:10 - 2014-11-05 09:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-01-11 23:10 - 2014-11-05 09:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-01-11 23:10 - 2014-11-05 09:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-01-11 23:10 - 2014-11-05 09:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-01-11 23:10 - 2014-11-05 09:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-01-11 23:10 - 2014-11-05 09:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-01-11 23:10 - 2014-11-05 09:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-01-11 23:10 - 2014-11-05 09:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-01-11 23:10 - 2014-11-05 03:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-01-11 23:10 - 2014-11-05 03:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-01-11 23:10 - 2014-11-05 03:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-01-11 23:10 - 2014-11-04 14:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-01-11 23:10 - 2014-11-04 14:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-01-11 23:10 - 2014-11-04 14:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-01-11 23:10 - 2014-11-04 14:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-01-11 23:10 - 2014-11-04 14:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-01-11 23:10 - 2014-11-04 13:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-01-11 23:10 - 2014-10-31 08:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-01-11 23:10 - 2014-10-31 08:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-01-11 23:10 - 2014-10-30 13:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-01-11 23:10 - 2014-10-30 13:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-01-11 23:10 - 2014-10-30 13:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-01-11 23:10 - 2014-10-29 11:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-01-11 23:10 - 2014-10-29 10:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-01-11 23:10 - 2014-10-29 10:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-01-11 23:10 - 2014-10-29 09:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-01-11 23:10 - 2014-10-29 09:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-01-11 23:10 - 2014-10-29 09:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-01-11 23:10 - 2014-10-29 09:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-01-11 23:10 - 2014-10-29 09:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-01-11 23:10 - 2014-10-29 09:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-01-11 23:10 - 2014-10-29 09:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-01-11 23:10 - 2014-10-29 09:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-01-11 23:10 - 2014-10-27 06:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-01-11 23:10 - 2014-10-21 09:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-01-11 23:10 - 2014-10-21 09:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-01-11 23:10 - 2014-10-21 08:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-01-11 23:10 - 2014-10-21 08:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-01-11 23:10 - 2014-10-21 08:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-01-11 23:10 - 2014-10-21 08:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-01-11 23:10 - 2014-10-21 08:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-01-11 23:10 - 2014-10-17 12:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-01-11 23:10 - 2014-10-17 12:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-01-11 23:10 - 2014-10-17 12:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-01-11 23:10 - 2014-10-17 11:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-01-11 23:09 - 2014-11-18 04:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-01-11 23:09 - 2014-11-18 04:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-01-11 23:09 - 2014-11-14 14:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-01-11 23:09 - 2014-11-14 14:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-01-11 23:09 - 2014-11-14 14:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-01-11 23:09 - 2014-11-14 14:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-01-11 23:09 - 2014-11-14 14:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-01-11 23:09 - 2014-11-14 12:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-01-09 13:19 - 2015-01-09 14:11 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Audacity
2015-01-09 13:18 - 2015-01-09 13:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-01-09 13:18 - 2015-01-09 13:18 - 00001021 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-01-09 13:18 - 2015-01-09 13:18 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-01-09 10:09 - 2014-10-31 06:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-01-09 10:09 - 2014-10-31 06:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 00:12 - 2014-04-06 12:47 - 00000000 ___HD () C:\Users\ASUS\.mediafire
2015-02-08 00:02 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-07 23:59 - 2014-02-05 15:36 - 01507787 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-07 23:50 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-07 23:39 - 2014-02-07 10:23 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-07 22:56 - 2014-02-12 22:49 - 09018368 ___SH () C:\Users\ASUS\Downloads\Thumbs.db
2015-02-07 22:35 - 2014-02-06 23:22 - 13922816 ___SH () C:\Users\ASUS\Desktop\Thumbs.db
2015-02-07 22:25 - 2014-02-06 21:03 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2015-02-07 22:14 - 2013-11-14 15:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-07 22:07 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\DMCache
2015-02-07 22:06 - 2014-04-06 12:47 - 00000000 ___RD () C:\Users\ASUS\MediaFire
2015-02-07 22:06 - 2014-02-14 12:12 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Copy
2015-02-07 22:06 - 2014-02-05 16:05 - 00000000 __RDO () C:\Users\ASUS\SkyDrive
2015-02-07 22:06 - 2014-02-05 08:50 - 00000062 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2015-02-07 22:05 - 2014-12-23 18:10 - 00010652 _____ () C:\WINDOWS\setupact.log
2015-02-07 22:05 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-05 14:40 - 2014-06-23 03:09 - 00000000 ____D () C:\Users\ASUS\Downloads\Bank Statement
2015-02-05 10:16 - 2014-05-08 18:20 - 00000000 ____D () C:\Users\ASUS\AppData\Local\CrashDumps
2015-02-05 10:02 - 2014-02-05 07:02 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2015-02-05 09:13 - 2014-02-05 08:51 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-147487581-2992457104-1551078015-1002
2015-02-05 01:13 - 2014-02-10 21:17 - 00000000 ____D () C:\Users\ASUS\Desktop\Shortcuts
2015-02-05 01:07 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-05 01:06 - 2014-02-05 11:55 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\IObit
2015-02-05 01:06 - 2014-02-05 11:55 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-05 01:06 - 2014-02-05 11:55 - 00000000 ____D () C:\ProgramData\IObit
2015-02-05 01:06 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\ASUS
2015-02-05 01:06 - 2014-02-05 07:20 - 00000000 ____D () C:\ProgramData\P4G
2015-02-05 00:59 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-05 00:36 - 2014-02-05 15:41 - 00000000 ____D () C:\Users\ASUS
2015-02-05 00:22 - 2014-12-11 11:59 - 00000000 ____D () C:\Program Files\Recuva
2015-02-04 23:33 - 2014-12-07 21:07 - 00037310 _____ () C:\WINDOWS\PFRO.log
2015-02-04 23:11 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\IDM
2015-02-04 22:47 - 2014-02-05 12:46 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-04 17:24 - 2014-08-20 23:07 - 00003037 _____ () C:\WINDOWS\wininit.ini
2015-02-04 14:20 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-04 13:49 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-04 13:11 - 2014-02-05 16:11 - 00000000 ___RD () C:\Users\ASUS\Dropbox
2015-02-04 13:11 - 2014-02-05 16:10 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Dropbox
2015-02-04 12:04 - 2014-02-08 18:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\uTorrent
2015-02-04 12:04 - 2014-02-05 12:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Mozilla
2015-02-04 01:06 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Packages
2015-02-03 00:07 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\Downloads\Compressed
2015-02-01 23:29 - 2014-02-05 17:09 - 00000000 ____D () C:\WINDOWS\AutoKMS
2015-01-30 21:51 - 2014-02-05 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-29 21:13 - 2014-02-05 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 23:41 - 2014-04-26 11:28 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002
2015-01-26 00:16 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\Downloads\Video
2015-01-25 20:39 - 2014-02-07 10:23 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-23 04:07 - 2014-04-06 12:32 - 00020696 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mfmonitor_x64.sys
2015-01-22 13:17 - 2014-09-26 00:52 - 00000000 __SHD () C:\Users\ASUS\wc
2015-01-22 09:33 - 2014-06-16 11:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-22 09:30 - 2014-12-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 13:21 - 2014-08-17 13:39 - 00004962 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for GLADWIN-Gladwin Gladwin
2015-01-21 10:24 - 2015-01-06 11:24 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\FileZilla
2015-01-18 23:56 - 2014-02-08 18:15 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\.ACEStream
2015-01-18 23:50 - 2014-07-01 00:10 - 00000000 ___HD () C:\_acestream_cache_
2015-01-16 16:58 - 2014-10-25 14:26 - 00000000 ___RD () C:\Users\ASUS\Copy [email protected]
2015-01-15 22:25 - 2014-09-10 15:59 - 00000000 ____D () C:\Users\ASUS\Documents\ICCExpress
2015-01-15 22:25 - 2014-09-10 15:59 - 00000000 ____D () C:\Program Files (x86)\Web Dimensions
2015-01-14 20:05 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-14 19:05 - 2014-02-05 12:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 18:54 - 2014-02-05 12:06 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 00:20 - 2014-12-23 22:57 - 00000000 ____D () C:\Users\ASUS\Downloads\GKIC_Holiday_Training
2015-01-11 23:59 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-11 23:59 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-11 23:59 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-01-11 23:59 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-01-09 23:51 - 2014-04-22 10:20 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Telegram Win (Unofficial)
2015-01-09 14:17 - 2013-08-22 22:44 - 05118432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2014-08-28 09:34 - 2014-08-28 09:35 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-14 13:26 - 2014-02-14 13:26 - 0000088 _____ () C:\Users\ASUS\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2014-02-14 13:26 - 2014-02-14 13:26 - 0000088 _____ () C:\Users\ASUS\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2014-11-14 15:36 - 2014-11-25 18:41 - 0000132 _____ () C:\Users\ASUS\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-14 13:27 - 2015-01-06 15:46 - 0000248 _____ () C:\Users\ASUS\AppData\Roaming\RO39-2M3Q
2014-02-05 08:50 - 2015-02-07 22:06 - 0000062 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2014-06-19 10:28 - 2014-06-19 10:28 - 0000024 _____ () C:\Users\ASUS\AppData\Roaming\temp.ini
2014-11-14 15:45 - 2014-11-14 15:45 - 0001456 _____ () C:\Users\ASUS\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-09-10 19:49 - 2012-09-10 19:49 - 0001050 ____H () C:\Users\ASUS\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}
2014-12-23 18:14 - 2014-12-23 18:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-08-05 09:42 - 2012-07-30 14:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-05 09:42 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnko0rn.dll
C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe
C:\Users\ASUS\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-31 17:34

==================== End Of Log ============================


----------



## kango88 (Feb 5, 2015)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Gladwin at 2015-02-08 00:14:17
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ace Stream Media 2.2.0-next (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\AceStream) (Version: 2.2.0-next - Ace Stream Media)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
AliG SLF (HKLM-x32\...\com.aligmarketing.slf) (Version: 3.1.2 - Ali G. Marketing LLC)
AliG SLF (x32 Version: 3.1.2 - Ali G. Marketing LLC) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
Atheros Outlook Addin 2010 (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\BB108A893815B64BF41C4574C3324FB7371AA244) (Version: 1.0.0.0 - Microsoft)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AudienceMakr (HKLM-x32\...\AudienceMakr) (Version: 1.0.2 - Infomastery, LLC)
AudienceMakr (x32 Version: 1.0.2 - Infomastery, LLC) Hidden
Brother MFL-Pro Suite MFC-9330CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Copy (HKLM\...\{EE4CEBB9-C0FC-4503-9BC0-1E32B566DE71}) (Version: 1.47.410.0 - Barracuda Networks, Inc.)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DocuPrint CM205 f_fw (HKLM-x32\...\InstallShield_{82E36284-5E49-4800-9882-0B69D7EEAC2D}) (Version: 1.011.00 - Fuji Xerox)
DocuPrint CM205 f_fw (x32 Version: 1.011.00 - Fuji Xerox) Hidden
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
Dropbox (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Explaindio Sketch Line Color Changer (HKLM-x32\...\Coloring) (Version: 0.0.0 - UNKNOWN)
Explaindio Sketch Line Color Changer (x32 Version: 0.0.0 - UNKNOWN) Hidden
Explaindio Video Creator version 1.004 (HKLM-x32\...\{FE60174E-0881-4634-946F-9F9C8672710A}_is1) (Version: 1.004 - Explaindio LLC)
Explaindio Video Creator version 1.009 (HKLM-x32\...\{9E347DDD-DB67-4348-8C96-75E0BBC65407}_is1) (Version: 1.009 - Explaindio LLC)
Explaindio Video Creator version 1.012 (HKLM-x32\...\{C38A770F-F857-4357-84ED-FF71D8DE90BF}_is1) (Version: 1.012 - Explaindio LLC)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GSA Email Spider v7.13 (HKLM-x32\...\GSA Email Spider_is1) (Version: 7.13 - GSA Software)
GSA Search Engine Ranker v9.42 (HKLM-x32\...\GSA Search Engine Ranker_is1) (Version: 9.42 - GSA Software)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Instant Content Curator Express (HKLM-x32\...\com.webdimensions.instantcontentcurator.express) (Version: 2.0.8 - Web Dimensions, Inc.)
Instant Content Curator Express (x32 Version: 2.0.8 - Web Dimensions, Inc.) Hidden
Instant Eyedropper 1.75 (HKLM-x32\...\Instant Eyedropper_is1) (Version: - )
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.7.1084 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Last Man (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Last Man) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LongTailPro - Version 2.4.28 (HKLM-x32\...\com.longtailpro.LongTailPro) (Version: 2.4.28 - Long Tail Media, LLC)
LongTailPro - Version 2.4.28 (x32 Version: 2.4.28 - Long Tail Media, LLC) Hidden
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.38 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.38 - Alliance Software Pty Ltd) Hidden
MediaFire Desktop (HKLM-x32\...\MediaFire Desktop 0.10.21.9247) (Version: 1.4.16.10766 - MediaFire)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Lead Monster (HKLM-x32\...\MobileLeadMonster) (Version: 1.0 - Axiom Marketing Inc.)
Mobile Lead Monster (x32 Version: 1.0 - Axiom Marketing Inc.) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{9AFDC558-9575-48B8-BC39-CCAACB8DC05E}) (Version: 4.4.1.0 - Alexander Nikiforov)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
NZ Financial MT4 Terminal (HKLM-x32\...\NZ Financial MT4 Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguin Recovery Jeet (HKLM-x32\...\Penguin Recovery Jeet_is1) (Version: 1.0 - Teknikforce)
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 3.2 - PureVPN)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.172 - Clarus, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SMSCaster E-Marketer GSM Enterprise v3.6 (HKLM-x32\...\SMSCaster E-Marketer GSM Enterprise_is1) (Version: v3.6 (build 1071) - SDJ Software Limited)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spotify (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - )
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Telegram Desktop version 0.7.4 (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.4 - Telegram Messenger LLP)
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.858.1 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoMakerFX (HKLM-x32\...\VideoMakerFX 1.01) (Version: 1.01 - Webvati)
VideoMakerFX (HKLM-x32\...\VideoMakerFX 1.04) (Version: 1.04 - Webvati)
VideoMakerFX (HKLM-x32\...\VideoMakerFX 1.05) (Version: 1.05 - Webvati)
VideoMakerFX (x32 Version: 1.01 - Webvati) Hidden
VideoMakerFX (x32 Version: 1.05 - Webvati) Hidden
VideoMakerFX Josh Ratta Bonus Scenes (HKLM-x32\...\{E7CAFBCF-1A20-4AF8-AE0E-89A8282CCA46}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes August Addon 1.0 (HKLM-x32\...\{BC117729-A0EA-48CF-941E-6F12EFB7D71E}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes December Addon 1.0 (HKLM-x32\...\{F5AEF14E-731A-4875-B55D-1561E2F87722}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes July Addon 1.0 (HKLM-x32\...\{BDAA3BD7-1BA0-4727-B99F-89FD45A1D15A}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes June Addon 1.0 (HKLM-x32\...\{AE11668B-174C-461F-8A4D-5AEF54DD3B5F}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes May Addon 1.0 (HKLM-x32\...\{6073BA7B-671F-4F41-AA93-05164AAE6A72}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes November Addon 1.0 (HKLM-x32\...\{23CFA575-AD8D-48AD-971D-EF76F70FC94F}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes October Addon 1.0 (HKLM-x32\...\{C7F12978-67A4-45F3-9010-9F94BC730894}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes September Addon 1.0 (HKLM-x32\...\{703AEFFE-6830-4BEB-A697-62D5566A7557}) (Version: 1.0 - Webvati)
VideoMakerFX VideoProfitFX Add On 1.0 (HKLM-x32\...\{8F99303E-4E46-45DC-964D-649DBC72B717}) (Version: 1.0 - Webvati)
VideoMakerFX Webinar Bonus Kinetic Special Scenes (HKLM-x32\...\{1895C465-14C6-4AEB-8478-13F0A1953282}) (Version: 1.0 - Webvati)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC Setup Helper (HKLM-x32\...\VLC Setup Helper_is1) (Version: - )
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.8.381 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Citrix\GoToMeeting\1865\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-02-2015 23:41:03 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-11-13 11:30 - 2015-02-04 23:09 - 00452879 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1742358F-8846-4E9D-8697-745671B47E51} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {1EC4E477-8FB4-4785-8F1C-B28E2F00A284} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS)
Task: {231A1BC4-7F52-433B-BA49-DAC21ED77E2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {25D85311-5B21-456E-A38D-66D2A4E80951} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {275ADBFC-8958-496E-9374-8D0A637CF457} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-02-01] ()
Task: {290E0ECC-80AC-4EF3-B407-4A57DA304B36} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {32738391-2504-47E2-AB27-3F73C61CD016} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {35631E60-74ED-44BE-9C60-43DC09DA1993} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {3B5951F4-199B-490D-922E-06D0B82A59A9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-19] (ASUSTek Computer Inc.)
Task: {3C3C1EA3-2DAE-4B67-921E-D4A2A529B8C4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {453A192F-EFE2-4E59-8DB3-DF1E1F1EAA85} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-30] ()
Task: {48BC6164-F3B2-4DD2-B8EB-BFF8A59B9E6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {63A5081D-D5AD-495D-9006-1519CB6CB077} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-30] (ASUS)
Task: {78CDE10B-3C8A-496A-9D53-0E2A2A2B2A22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8006A781-C47E-4391-BCE9-EDCC3A3492D6} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-25] (ASUS)
Task: {82AA3937-45DC-4A88-955B-05EFCC1B721E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {93310510-D537-4AFE-B82D-ACC79E312AC0} - System32\Tasks\ASC8_SkipUac_Gladwin => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit)
Task: {9411BCD0-CBCE-4E6F-9E4A-C6C5743A2F6F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-23] (ASUSTeK Computer Inc.)
Task: {97DAD6E6-1844-4F80-A827-CFC2AA087E3A} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-17] (AsusTek)
Task: {A1E533F8-F20E-4D0F-89D0-771BCE3B0147} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-05] ()
Task: {E10CE05D-CD0F-4E10-A184-B9E613977FC6} - System32\Tasks\CLARUS_DRIVE_MANAGER\Clarus_Drive_Manager => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [2013-12-18] (Clarus, Inc.)
Task: {F0BBFD4C-5614-49DB-8CA1-69D298C40533} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F50BA656-7650-4D52-8358-18794A1F735F} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
Task: {F9D63969-0932-4E38-A93A-91E6D66279D8} - System32\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002 => C:\Users\ASUS\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F9FCC539-8746-42FF-9391-A5AB01EE4EA8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for GLADWIN-Gladwin Gladwin => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002.job => C:\Users\ASUS\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cf8e99a9971846.job => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cfedc1168c14f4.job => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cfffdbc8a5ac38.job => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\InstallShield Update Task.job => C:\WINDOWS\system32\wscript.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Gladwin.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-10 08:13 - 2014-03-04 22:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-05 15:36 - 2014-03-04 21:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-18 10:02 - 2011-11-18 10:02 - 00023040 _____ () C:\WINDOWS\System32\fxhk4alm.dll
2012-06-20 12:21 - 2012-06-20 12:21 - 00096768 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
2014-04-06 12:32 - 2015-01-23 04:39 - 00456504 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
2014-12-02 17:11 - 2005-04-22 12:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2012-08-25 09:26 - 2012-08-25 09:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-30 09:15 - 2012-11-30 09:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-02 03:29 - 2014-05-02 03:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-30 11:02 - 2012-09-30 11:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-30 10:59 - 2012-09-30 10:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-30 11:01 - 2012-09-30 11:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-01-28 17:46 - 2014-09-25 13:57 - 00027904 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe
2014-04-06 12:32 - 2015-01-23 04:39 - 04002120 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe
2014-04-06 12:32 - 2015-01-23 04:39 - 01228616 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_hub.exe
2014-04-06 12:32 - 2015-01-23 04:39 - 04672328 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
2014-04-06 12:32 - 2015-01-23 04:39 - 04242760 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
2014-04-06 12:32 - 2015-01-23 04:39 - 03957064 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_browser.exe
2014-07-09 10:55 - 2007-10-17 16:22 - 00352256 _____ () C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
2015-01-23 23:40 - 2015-01-23 23:40 - 02092544 _____ () C:\Users\ASUS\AppData\Roaming\Copy\Gui.dll
2015-01-23 23:40 - 2015-01-23 23:40 - 08212480 _____ () C:\Users\ASUS\AppData\Roaming\Copy\Brt.dll
2015-01-23 23:40 - 2015-01-23 23:40 - 09276928 _____ () C:\Users\ASUS\AppData\Roaming\Copy\AgentSync.dll
2015-01-23 23:40 - 2015-01-23 23:40 - 05327872 _____ () C:\Users\ASUS\AppData\Roaming\Copy\CloudSync.dll
2014-04-06 12:32 - 2015-01-23 04:39 - 09501000 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_central_control.exe
2014-04-06 12:32 - 2015-01-23 04:39 - 02406216 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_monitor.exe
2014-04-06 12:32 - 2015-01-23 04:39 - 07139144 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_dialogs.exe
2012-06-20 12:21 - 2012-06-20 12:21 - 00248320 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
2012-06-20 12:21 - 2012-06-20 12:21 - 00229376 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
2014-01-10 13:26 - 2014-01-10 13:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-03-29 19:18 - 2013-03-29 19:18 - 00026744 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\ace_update.exe
2014-11-21 11:41 - 2014-07-11 16:04 - 01106720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
2014-11-21 11:41 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-06-02 00:07 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-02 00:07 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-02 00:07 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-02 00:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-02 00:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-02-05 00:54 - 2014-06-06 13:07 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2015-02-05 00:54 - 2014-06-06 13:07 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2015-02-05 00:54 - 2014-06-06 13:07 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2015-02-05 00:54 - 2014-06-06 13:08 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2014-01-28 17:46 - 2014-11-28 13:46 - 00249856 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 21:09 - 2011-06-12 21:09 - 00038400 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 21:09 - 2011-06-12 21:09 - 00720896 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2013-11-27 23:50 - 2013-11-27 23:50 - 00018944 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00287232 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2014-01-28 17:45 - 2014-11-28 13:46 - 01732096 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2014-01-23 19:37 - 2014-01-23 19:37 - 00036352 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2013-12-21 21:20 - 2013-12-21 21:20 - 00053248 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00106496 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2013-12-21 21:20 - 2013-12-21 21:20 - 00040448 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00011776 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\select.pyd
2011-01-19 05:56 - 2011-01-19 05:56 - 00334336 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00152576 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 23:02 - 2011-02-13 23:02 - 00031232 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2014-01-28 17:55 - 2014-11-28 13:46 - 03083264 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-08 00:37 - 2012-02-08 00:37 - 00098816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-08 00:35 - 2012-02-08 00:35 - 00110080 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-08 00:38 - 2012-02-08 00:38 - 00358912 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-08 00:36 - 2012-02-08 00:36 - 00111616 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-08 00:36 - 2012-02-08 00:36 - 00024064 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-11 06:23 - 2010-10-11 06:23 - 00723968 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-30 00:20 - 2013-01-30 00:20 - 00082944 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-16 03:37 - 2011-07-16 03:37 - 00981504 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00746496 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00670720 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00966144 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00674816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00688128 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2013-12-21 21:02 - 2013-12-21 21:02 - 00061952 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-30 00:20 - 2013-01-30 00:20 - 00066048 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2014-04-06 12:32 - 2015-01-23 04:23 - 00112142 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\libgcc_s_dw2-1.dll
2014-04-06 12:32 - 2015-01-23 04:23 - 01000974 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\libstdc++-6.dll
2014-07-05 14:20 - 2015-01-23 04:08 - 04188400 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\libsqlite3cc.dll
2014-04-06 12:32 - 2015-01-23 04:07 - 00042496 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\win32overlay.dll
2014-11-21 11:41 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2014-04-06 12:32 - 2015-01-23 04:07 - 00007680 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mfmonitor.dll
2014-01-10 13:28 - 2014-01-10 13:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-12-10 08:13 - 2014-03-04 22:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00750080 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-07 22:06 - 2015-02-07 22:06 - 00043008 _____ () c:\users\asus\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnko0rn.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00047616 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00863744 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00200704 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-06-12 21:09 - 2011-06-12 21:09 - 00038400 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 21:09 - 2011-06-12 21:09 - 00720896 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-16 03:37 - 2011-07-16 03:37 - 00981504 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00746496 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00670720 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00966144 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00674816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00287232 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-19 05:56 - 2011-01-19 05:56 - 00334336 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00011776 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00152576 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-08 00:37 - 2012-02-08 00:37 - 00098816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-08 00:35 - 2012-02-08 00:35 - 00110080 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-08 00:38 - 2012-02-08 00:38 - 00358912 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-08 00:36 - 2012-02-08 00:36 - 00111616 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-08 00:36 - 2012-02-08 00:36 - 00024064 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
2014-02-05 07:06 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-02-05 11:55 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-02-05 11:55 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-02-05 11:55 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2014-11-21 11:41 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2014-11-21 11:41 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2014-11-21 11:41 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-02-08 00:13 - 2015-02-08 00:13 - 00706560 _____ () C:\Users\ASUS\AppData\Local\Temp\is-7V26G.tmp\mbam-setup-2.0.4.1028.tmp
2015-02-08 00:13 - 2015-02-08 00:13 - 00706560 _____ () C:\Users\ASUS\AppData\Local\Temp\is-UTF4B.tmp\mbam-setup-2.0.4.1028.tmp

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\ASUS\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-147487581-2992457104-1551078015-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUS\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-147487581-2992457104-1551078015-500 - Administrator - Disabled)
Gladwin (S-1-5-21-147487581-2992457104-1551078015-1002 - Administrator - Enabled) => C:\Users\ASUS
Guest (S-1-5-21-147487581-2992457104-1551078015-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-147487581-2992457104-1551078015-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Intel(R) Dynamic Platform & Thermal Framework Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfManager
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Virtual Bluetooth Support
Description: Virtual Bluetooth Support
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 00:01:38 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/08/2015 00:01:38 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/08/2015 00:01:38 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceMain: ServiceStart() failed.

Error: (02/08/2015 00:01:38 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/08/2015 00:01:38 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/07/2015 10:06:19 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.

Error: (02/07/2015 10:06:19 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]

Error: (02/07/2015 10:05:57 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/07/2015 10:05:57 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/07/2015 10:05:57 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceMain: ServiceStart() failed.

System errors:
=============
Error: (02/07/2015 10:05:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Error: (02/07/2015 10:05:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/07/2015 10:05:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
%%1053

Error: (02/07/2015 10:05:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service2 service to connect.

Error: (02/07/2015 10:05:39 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (02/05/2015 00:38:33 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/05/2015 10:14:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Error: (02/05/2015 10:14:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/05/2015 10:14:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
%%1053

Error: (02/05/2015 10:14:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service2 service to connect.

Microsoft Office Sessions:
=========================
Error: (02/08/2015 00:01:38 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/08/2015 00:01:38 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/08/2015 00:01:38 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceMain: ServiceStart() failed.

Error: (02/08/2015 00:01:38 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/08/2015 00:01:38 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/07/2015 10:06:19 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.

Error: (02/07/2015 10:06:19 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]

Error: (02/07/2015 10:05:57 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/07/2015 10:05:57 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/07/2015 10:05:57 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceMain: ServiceStart() failed.

CodeIntegrity Errors:
===================================
Date: 2015-02-07 23:32:45.546
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-07 22:50:33.203
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-07 22:50:33.031
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-07 22:50:32.844
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-07 22:50:32.515
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-07 22:50:32.312
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-07 22:50:32.140
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-07 22:50:30.218
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-07 22:50:29.922
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-07 22:50:29.609
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 49%
Total physical RAM: 8077.59 MB
Available physical RAM: 4039.85 MB
Total Pagefile: 10637.59 MB
Available Pagefile: 6229.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:64.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:1.11 GB) NTFS
Drive e: () (Fixed) (Total:7.45 GB) (Free:1.65 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 185485F0)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: BC223D42)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 570BFEDA)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

==================== End Of Log ============================

-----------------------------------------------------------------------------------------------------------------------
Farbar Service Scanner

Farbar Service Scanner Version: 17-01-2015
Ran by Gladwin (administrator) on 08-02-2015 at 01:04:14
Running from "C:\Users\ASUS\Desktop\Troubleshoot Program"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

-------------------------------------------------------------------------------------------------------------------------
Using the file routercheck.bat

Windows IP Configuration

Host Name . . . . . . . . . . . . : Gladwin
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 2C-D0-5A-41-63-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Ping request could not find host yahoo.com. Please check the name and try again.
===========================================================================
Interface List
6...2c d0 5a 41 63 df ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

------------------------------------------------------------------------------------------------------------------------------
Minibox

MiniToolBox by Farbar Version: 30-11-2014
Ran by Gladwin (administrator) on 08-02-2015 at 00:56:20
Running from "C:\Users\ASUS\Desktop\Troubleshoot Program"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

**** End of log ****

MiniToolBox by Farbar Version: 30-11-2014
Ran by Gladwin (administrator) on 08-02-2015 at 00:59:00
Running from "C:\Users\ASUS\Desktop\Troubleshoot Program"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15543 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Gladwin
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 2C-D0-5A-41-63-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
6...2c d0 5a 41 63 df ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

**** End of log ****


----------



## JSntgRvr (Jul 1, 2003)

Post the AdwCleaner logs available in the C:\AdwCleaner folder.


----------



## JSntgRvr (Jul 1, 2003)

Reinstall *Hotspot Shield*. Download the installer from another computer and save it on a Flash drive. Insert on the troubled computer and reinstall.

After a restart, see if you have and internet connection.


----------



## kango88 (Feb 5, 2015)

1st time

# AdwCleaner v4.109 - Report created 04/02/2015 at 23:24:12
# Updated 24/01/2015 by Xplode
# Database : 2015-02-03.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Gladwin - GLADWIN
# Running from : C:\Users\ASUS\Downloads\adwcleaner_4.109.exe
# Option : Scan

***** [ Services ] *****

Service Found : hshld
Service Found : hsstrayservice
Service Found : hsswd

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml
File Found : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\searchplugins\conduit-search.xml
File Found : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\searchplugins\default-search.xml
File Found : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\searchplugins\yahoo_ff.xml
File Found : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\user.js
File Found : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\tm82nflx.default\searchplugins\yahoo_ff.xml
File Found : C:\Users\Public\Desktop\Hotspot Shield.lnk
File Found : C:\WINDOWS\System32\drivers\hssdrv6.sys
File Found : C:\WINDOWS\System32\drivers\taphss6.sys
Folder Found : C:\Program Files (x86)\hotspot shield
Folder Found : C:\ProgramData\hotspot shield
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Found : C:\ProgramData\smdmf
Folder Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
Folder Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbcffenncokfocljomejddmgcpppjom
Folder Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Folder Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
Folder Found : C:\Users\ASUS\AppData\Roaming\FirefoxToolbar
Folder Found : C:\Users\ASUS\AppData\Roaming\hotspot shield
Folder Found : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected]
Folder Found : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected]
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Folder Found : C:\WINDOWS\SysWOW64\hotspot shield

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\ASUS\AppData\Local\Linkey\IEExtension\ietlb.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\ASUS\AppData\Local\Linkey\IEExtension\ietlb64.dll
Key Found : HKCU\Software\Google\Chrome\Extensions\kpckgflgdapkpabemgkielbefdildaio
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Found : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fgbcffenncokfocljomejddmgcpppjom
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Key Found : HKLM\SOFTWARE\hotspotshield
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Found : HKLM\SOFTWARE\SmdmF
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[8aqpcbli.default] - Line Found : user_pref("browser.search.hiddenOneOffs", "default-search.net");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.Var1", "0");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.Var10", "0");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.Var2", "0");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.Var3", "0");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.Var4", "0");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.Var5", "0");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.Var6", "0");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.Var7", "0");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.Var8", "0");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.Var9", "0");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "52/15/30/10/113");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.firstlaunch", "0");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.guid", "%7BB9BC7BEC-34B7-644B-BCC1-9DF36BEEA241%7D");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader.userId", "%12");
[8aqpcbli.default] - Line Found : user_pref("speedbitvideodownloader_installed_version", "3.2.0");
[tm82nflx.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ff");

-\\ Google Chrome v40.0.2214.94

*************************

AdwCleaner[R0].txt - [8705 octets] - [04/02/2015 23:24:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8765 octets] ##########

# AdwCleaner v4.109 - Report created 04/02/2015 at 23:26:13
# Updated 24/01/2015 by Xplode
# Database : 2015-02-03.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Gladwin - GLADWIN
# Running from : C:\Users\ASUS\Downloads\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : hshld
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\smdmf
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\WINDOWS\SysWOW64\hotspot shield
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\ASUS\AppData\Roaming\FirefoxToolbar
Folder Deleted : C:\Users\ASUS\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected]
Folder Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected]
Folder Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbcffenncokfocljomejddmgcpppjom
Folder Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Folder Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
Folder Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
File Deleted : C:\Users\Public\Desktop\Hotspot Shield.lnk
File Deleted : C:\WINDOWS\System32\drivers\taphss6.sys
File Deleted : C:\WINDOWS\System32\drivers\hssdrv6.sys
File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\searchplugins\default-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml
File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\user.js
File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\searchplugins\yahoo_ff.xml
File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\tm82nflx.default\searchplugins\yahoo_ff.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgbcffenncokfocljomejddmgcpppjom
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Key Deleted : HKCU\Software\Google\Chrome\Extensions\kpckgflgdapkpabemgkielbefdildaio
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\hotspotshield
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\ASUS\AppData\Local\Linkey\IEExtension\ietlb.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\ASUS\AppData\Local\Linkey\IEExtension\ietlb64.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "default-search.net");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.Var1", "0");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.Var10", "0");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.Var2", "0");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.Var3", "0");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.Var4", "0");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.Var5", "0");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.Var6", "0");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.Var7", "0");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.Var8", "0");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.Var9", "0");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "52/15/30/10/113");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.firstlaunch", "0");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.guid", "%7BB9BC7BEC-34B7-644B-BCC1-9DF36BEEA241%7D");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader.userId", "%12");
[8aqpcbli.default\prefs.js] - Line Deleted : user_pref("speedbitvideodownloader_installed_version", "3.2.0");
[tm82nflx.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://sg.search.yahoo.com/?type=599486&fr=spigot-yhp-ff");

-\\ Google Chrome v40.0.2214.94

*************************

AdwCleaner[R0].txt - [8897 octets] - [04/02/2015 23:25:34]
AdwCleaner[S0].txt - [8517 octets] - [04/02/2015 23:26:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8577 octets] ##########


----------



## kango88 (Feb 5, 2015)

2nd time

# AdwCleaner v4.109 - Report created 04/02/2015 at 23:31:19
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.3 [Local]
# Operating System : Windows 8.1 (64 bits)
# Username : Gladwin - GLADWIN
# Running from : C:\Users\ASUS\Downloads\adwcleaner_4.109.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : [x64] HKLM\SOFTWARE\Linkey
Key Found : [x64] HKLM\SOFTWARE\LINKEY

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

-\\ Google Chrome v40.0.2214.94

[C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8897 octets] - [04/02/2015 23:25:34]
AdwCleaner[R1].txt - [1194 octets] - [04/02/2015 23:31:19]
AdwCleaner[S0].txt - [8693 octets] - [04/02/2015 23:26:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1314 octets] ##########

# AdwCleaner v4.109 - Report created 04/02/2015 at 23:32:47
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.3 [Local]
# Operating System : Windows 8.1 (64 bits)
# Username : Gladwin - GLADWIN
# Running from : C:\Users\ASUS\Downloads\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Linkey

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

-\\ Google Chrome v40.0.2214.94

[C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8897 octets] - [04/02/2015 23:25:34]
AdwCleaner[R1].txt - [1402 octets] - [04/02/2015 23:32:18]
AdwCleaner[S0].txt - [8693 octets] - [04/02/2015 23:26:20]
AdwCleaner[S1].txt - [1287 octets] - [04/02/2015 23:32:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1347 octets] ##########


----------



## kango88 (Feb 5, 2015)

Thanks!Surprisingly installing back hotspot shield made the internet work again. 

However, the unknown virus/malware affecting Google, yahoo and bing still exist. Can help with that?


----------



## JSntgRvr (Jul 1, 2003)

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)

Select the language and click OK.
Accept the agreement
Make sure a checkmark is placed next to *Enable the Free Trial* and *Launch [*]Malwarebytes' Anti-Malware*, then click on finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Scan Now*".
The scan may take some time to finish,so please be patient.
When the scan is complete, click on *Quanrantee All*,.
When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
Upon restart, launch Malwarebytes Antimalware and select History.
Double click on the last scan done, then on Copy to Clipboard.
Right click on your next reply and select Paste.
Submit your reply.

Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*


----------



## kango88 (Feb 5, 2015)

Hi, I cannot see the last scan button after going to history. But this is the scan log i found from the log folder. Done 2 scans for computer A

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>

<date>2015/02/08 00:17:23 +0800</date>
<logfile>mbam-log-2015-02-08 (00-17-23).xml</logfile>
<isadmin>yes</isadmin>

<engine>
<version>2.00.4.1028</version>
<malware-database>v2014.11.20.06</malware-database>
<rootkit-database>v2014.11.18.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Gladwin</username>
<filesys>NTFS</filesys>
</system>

<type>threat</type>
<result>completed</result>
<objects>370341</objects>
1618
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>4</files>
<sectors>0</sectors>

<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\$Recycle.Bin\S-1-5-21-147487581-2992457104-1551078015-1002\$R5MVSUM.exe</path><vendor>PUP.Optional.Unizeto</vendor><action>success</action><hash>ed19f04e46367abc7476724f4fb5d927</hash></file>
<file><path>C:\$Recycle.Bin\S-1-5-21-147487581-2992457104-1551078015-1002\$RV6ANPY.exe</path><vendor>PUP.Optional.InstalleRex</vendor><action>success</action><hash>bc4afb439ce05ed887c0abe633ce53ad</hash></file>
<file><path>C:\$Recycle.Bin\S-1-5-21-147487581-2992457104-1551078015-1002\$R9JRXGJ.exe</path><vendor>PUP.Optional.InstalleRex</vendor><action>success</action><hash>10f61a24bcc0ad89427c544d0af7a25e</hash></file>
<file><path>C:\$Recycle.Bin\S-1-5-21-147487581-2992457104-1551078015-1002\$RQMJ4B7.exe</path><vendor>PUP.Optional.InstalleRex</vendor><action>success</action><hash>b94dd46a027ac373db7bfb9522df7888</hash></file>
</items>
</mbam-log>

--------------------------------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>

<date>2015/02/08 10:47:37 +0800</date>
<logfile>mbam-log-2015-02-08 (10-47-36).xml</logfile>
<isadmin>yes</isadmin>

<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.02.08.01</malware-database>
<rootkit-database>v2015.02.03.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Gladwin</username>
<filesys>NTFS</filesys>
</system>

<type>threat</type>
<result>completed</result>
<objects>388317</objects>
2008
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>1</files>
<sectors>0</sectors>

<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe</path><vendor>Trojan.Agent</vendor><action>success</action><hash>0af714081674aa8ca4b0bf5e50b2cd33</hash></file>
</items>
</mbam-log>


----------



## kango88 (Feb 5, 2015)

For computer B (windows 7 in macbook bootcamp), nothing is detected


----------



## JSntgRvr (Jul 1, 2003)

Reset your browsers to default. For instructions see *here*.

Let me know the outcome.


----------



## kango88 (Feb 5, 2015)

Hi, I've reset all my browsers and the same issue still persist


----------



## JSntgRvr (Jul 1, 2003)

Run the ESET Online Scanner.
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the 







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.
Check _"YES, I accept the Terms of Use."_
Click the *Start* button.
Accept any security warnings from your browser.
Under *scan settings*, check _"Scan Archives"_ and _"Remove found threats" _
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click *List Threats*
Click *Export*, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the *Back* button.
Click the *Finish* button.
*NOTE:*Sometimes if ESET finds no infections it will not create a log.


----------



## kango88 (Feb 5, 2015)

C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application 
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF30.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF31.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF32.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF33.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF34.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF4.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF5.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF6.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF7.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF8.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF9.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application 
C:\Users\ASUS\Downloads\Programs\FileZilla_3.9.0.6_win32-setup.exe a variant of Win32/InstallCore.UE potentially unwanted application 
C:\Users\ASUS\Downloads\Programs\javaupdate_setup.exe a variant of Win32/AdWare.iBryte.BJ application 
C:\Users\ASUS\Dropbox\(Myself)\Software Download\SEO PowerSuite 2013 KeyGen - BlackNinjx\SEO PowerSuite 2013 KeyGen - BlackNinjx.exe a variant of MSIL/Packed.Confuser.A potentially unwanted application 
C:\$Recycle.Bin\S-1-5-21-147487581-2992457104-1551078015-1002\$R0MMFNL.exe Win32/ELEX.AY potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah\2.0.0.5_0\newtab.html.vir Win32/AztecMedia.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF10.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF11.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF12.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF13.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF14.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF15.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF16.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF17.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF18.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF19.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF2.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF20.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF21.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF22.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF23.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF24.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF25.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF26.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF27.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF28.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF29.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF30.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF31.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF32.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF33.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF34.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF4.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF5.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF6.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF7.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF8.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF9.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah\2.0.0.5_0\newtab.html.vir Win32/AztecMedia.A potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF10.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF11.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF12.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF13.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF14.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF15.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF16.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF17.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF18.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF19.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF2.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF20.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF21.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF22.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF23.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF24.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF25.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF26.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF27.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF28.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\Users\ASUS\Desktop\Troubleshoot Program\Files\AdwCleaner\Quarantine\C\Users\ASUS\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF29.dll.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined


----------



## JSntgRvr (Jul 1, 2003)

Please remove the following programs. These use too many resources and wont protect your computer:

*Advanced SystemCare 8
Iobit
Driver Booster 2.1
Spybot S & D*

Open *Adwcleaner* and uninstall. That should remove the quarantined items.

There is a folder on your desktop, C:\Users\ASUS\Desktop\*Troubleshoot Program*. Remove that folder as it also contain quarantined items.

Follow this process to remove ESET's quarantined items:

http://kb.eset.com/esetkb/index?page=content&id=SOLN2915#Method2

Once you have done that, re-scan with FRST as follows:


Open *FRST*
allow it to update, 
put a checkmark on addition
and click on *Scan*.


----------



## kango88 (Feb 5, 2015)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Gladwin (administrator) on GLADWIN on 10-02-2015 17:02:31
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Loaded Profiles: Gladwin (Available profiles: Gladwin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Spotify Ltd) C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvMon.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_hub.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
() C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
(Barracuda Networks, Inc.) C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_browser.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_central_control.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_monitor.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Dropbox, Inc.) C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_dialogs.exe
() C:\Users\ASUS\AppData\Roaming\ACEStream\updater\ace_update.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\AsusWSPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-12-23] (Realtek Semiconductor)
HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [29696 2013-08-22] (Microsoft Corporation)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-30] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-30] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [70656 2014-12-23] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-05] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\ASUSWSLoader.exe [63296 2014-07-08] ()
HKLM-x32\...\Run: [Launcher] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe [2400768 2012-04-28] (Fuji Xerox Co., Ltd.)
HKLM-x32\...\Run: [M205f RUN] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe [355840 2012-06-20] ()
HKLM-x32\...\Run: [StatusAutoRunm205f] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe [3978752 2012-06-20] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-02-08] (Tonec Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [AceStream] => C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Spotify Web Helper] => C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Google Update] => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-13] (Google Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [MediaFire Tray] => C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe [4002120 2015-02-04] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [instanteyedropper] => C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe [352256 2007-10-17] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Copy] => C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-01-23] (Barracuda Networks, Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\MountPoints2: {c7345423-f2fd-11e3-bf91-2cd05a4163df} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\MountPoints2: {e49a6483-8e37-11e3-824e-806e6f6e6963} - "F:\start.exe" 
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-01-23] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\Run: [Backblaze] => "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_d548a.dll (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> URL http://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://sg.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @acestream.net/acestreamplugin,version=2.2.0-next -> C:\Users\ASUS\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @citrixonline.com/appdetectorplugin -> C:\Users\ASUS\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @talk.google.com/O1DPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @tools.google.com/Google Update;version=3 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @tools.google.com/Google Update;version=9 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-11-21]
FF Extension: IDM CC - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-01-29]
FF Extension: LastPass - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-02-08]
FF Extension: FireShot - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-01-30]
FF Extension: EPUBReader - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-10]
FF Extension: Easy App Tabs - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-02-05]
FF Extension: MEGA - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-02-04]
FF Extension: Save My Tabs - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-02-05]
FF Extension: Media Stealer - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-08-24]
FF Extension: Reader - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-01-30]
FF Extension: Graph Authority - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{CBECCADF-6A82-4141-A264-7ED25F718BCB}.xpi [2014-04-10]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2014-10-08]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Firefox\Extensions: [[email protected]] - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5 [2015-02-08]
FF HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Downloads) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkhjekibcfjngomhbbifihellcaebcn [2014-07-18]
CHR Extension: (Download Manager (video and mp3)) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapnjmgdanmelbcmjdjljogelnlfepcj [2015-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Honey) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-02-08]
CHR Extension: (RankRecon) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdckfonfkdoeiobllnejjieicmjodh [2014-06-03]
CHR Extension: (OneTab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-02-08]
CHR Extension: (Webpage Screenshot) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-03-22]
CHR Extension: (SEO I.Q.) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadlnlnlpkpchfljjcpkodcljofniggm [2014-09-23]
CHR Extension: (Tabs Backup & Restore) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2014-03-22]
CHR Extension: (Graph Authority) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeaaoidckfbpinpmjbbmgnapanfnkdkc [2014-04-10]
CHR Extension: (FB Pixel Helper) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-02-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-02]
CHR Extension: (Share As Image Extension) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhphfbdfbkokcfajipbmkcakmmepeb [2015-02-08]
CHR Extension: (SEO & Website Analysis) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2014-12-22]
CHR Extension: (IDM Integration Module) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-02-06]
CHR Extension: (AS Magic Player) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-08]
CHR Extension: (Hangouts) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-06]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSWinService.exe [71680 2014-01-15] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-30] (Qualcomm Atheros Commnucations)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2014-12-23] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [118728 2014-12-23] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [92672 2014-12-23] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [88064 2014-12-23] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-31] (Diskeeper Corporation)
R2 FXNADB; C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [96768 2012-06-20] () [File not signed]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-18] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-18] (McAfee, Inc.)
R2 MF NTFS Monitor; C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456504 2015-02-04] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-17] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-30] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2014-12-23] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [50640 2014-12-23] (Intel Corporation)
S3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [42224 2014-12-23] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2014-12-23] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [234736 2014-12-23] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-31] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-31] (Diskeeper Corporation)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-23] (REALiX(tm))
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-12-23] (Intel Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-02-04] (Windows (R) Win 7 DDK provider)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 16:46 - 2015-02-10 16:46 - 00000298 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Gladwin.job
2015-02-10 16:34 - 2015-02-10 16:34 - 00025128 _____ () C:\Users\ASUS\Downloads\JDM_USA.xlsx
2015-02-10 16:34 - 2015-02-10 16:34 - 00020396 _____ () C:\Users\ASUS\Downloads\JDM_Australia.xlsx
2015-02-10 14:33 - 2015-02-10 15:51 - 00001220 _____ () C:\Users\ASUS\Desktop\Competitor research.txt
2015-02-10 13:52 - 2015-02-10 14:04 - 00000049 _____ () C:\Users\ASUS\Desktop\New Text Document (3).txt
2015-02-10 11:44 - 2015-02-10 12:20 - 00000689 _____ () C:\Users\ASUS\Desktop\New Text Document (2).txt
2015-02-10 10:44 - 2015-02-10 10:46 - 00000000 ____D () C:\Users\ASUS\Desktop\LongTailPro2
2015-02-10 10:40 - 2015-02-10 10:40 - 03265362 _____ () C:\Users\ASUS\Desktop\123new.rar
2015-02-10 09:10 - 2015-02-10 09:10 - 00016747 _____ () C:\Users\ASUS\Desktop\eset1.txt
2015-02-10 09:09 - 2015-02-10 09:10 - 00016747 _____ () C:\Users\ASUS\Desktop\Eset.txt
2015-02-09 22:41 - 2015-02-09 22:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-09 22:39 - 2015-02-09 22:47 - 00000000 ____D () C:\Users\ASUS\Downloads\Doraemon Stand by Me Leaked 720p - ENG - INA SUB
2015-02-09 19:04 - 2015-02-09 19:04 - 00000268 _____ () C:\Users\ASUS\Desktop\Download Page.URL
2015-02-09 15:41 - 2015-02-09 15:41 - 00000835 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slf.lnk
2015-02-09 15:41 - 2015-02-09 15:41 - 00000823 _____ () C:\Users\Public\Desktop\slf.lnk
2015-02-09 15:41 - 2015-02-09 15:41 - 00000000 ____D () C:\Program Files (x86)\slf
2015-02-09 12:43 - 2015-02-08 03:24 - 1008327089 _____ () C:\Users\ASUS\Desktop\Instagram Mastery Formula.zip
2015-02-09 12:34 - 2015-02-09 12:42 - 1015885669 _____ () C:\Users\ASUS\Desktop\OV Allstars; CPA Jumpstart.rar
2015-02-09 11:51 - 2015-02-08 03:56 - 1179768965 _____ () C:\Users\ASUS\Desktop\DDR3boy-Marketplace Super Heroes-$997.zip
2015-02-09 11:34 - 2015-02-09 11:35 - 31816649 _____ () C:\Users\ASUS\Desktop\StudioPress.zip
2015-02-09 11:29 - 2015-02-09 08:13 - 00000000 ____D () C:\Users\ASUS\Desktop\Themify
2015-02-09 11:01 - 2015-02-09 11:02 - 00000071 _____ () C:\Users\ASUS\Desktop\New Text Document.txt
2015-02-09 00:08 - 2015-02-09 00:08 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Clarus
2015-02-08 23:14 - 2015-02-08 23:27 - 1335840460 _____ () C:\Users\ASUS\Desktop\Affplaybook - Greatest Hits Mastermind 2015.rar
2015-02-08 23:04 - 2015-02-08 23:08 - 262547091 _____ () C:\Users\ASUS\Desktop\Reverse Sales Method by Jamie and David.zip
2015-02-08 22:59 - 2015-02-08 23:25 - 1707891903 _____ () C:\Users\ASUS\Desktop\Ryan Deiss - Funnel Blueprint 2.0 UP2.rar
2015-02-08 21:49 - 2015-02-04 03:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-08 21:49 - 2015-02-04 03:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-08 21:46 - 2014-04-16 07:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-08 21:46 - 2014-04-16 07:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-08 11:48 - 2015-02-08 11:48 - 00000000 ____D () C:\Users\ASUS\Downloads\Internet Download Manager (IDM) 6.22 Final Incl. Crack [ATOM]
2015-02-08 10:45 - 2015-02-08 10:45 - 00152107 _____ () C:\Users\ASUS\Downloads\IDMGCExt.crx
2015-02-08 02:52 - 2015-02-10 16:57 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 02:51 - 2015-02-10 16:51 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 02:26 - 2015-02-08 02:26 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1d04303a250e3f3.job
2015-02-08 02:26 - 2015-02-08 02:26 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cfffdbc8a5ac38.job
2015-02-08 02:22 - 2015-02-08 10:40 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2015-02-08 02:22 - 2015-02-08 02:22 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Hotspot Shield
2015-02-08 02:22 - 2015-02-08 02:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2015-02-08 02:22 - 2015-02-08 02:22 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2015-02-08 02:22 - 2014-05-17 10:35 - 00044744 _____ (AnchorFree Inc.) C:\WINDOWS\system32\Drivers\hssdrv6.sys
2015-02-08 00:16 - 2015-02-08 11:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 00:15 - 2015-02-08 00:15 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-08 00:15 - 2015-02-08 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-08 00:14 - 2015-02-08 00:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-08 00:14 - 2015-02-08 00:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-08 00:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-08 00:14 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-08 00:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-08 00:12 - 2015-02-10 17:02 - 00000000 ____D () C:\FRST
2015-02-08 00:11 - 2015-02-10 17:02 - 00000000 ____D () C:\Users\ASUS\Desktop\Troubleshoot Program
2015-02-08 00:05 - 2015-02-08 00:05 - 00000631 _____ () C:\WINDOWS\system32\network.txt
2015-02-06 20:06 - 2014-11-29 08:37 - 00180648 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2015-02-05 10:01 - 2013-08-27 23:42 - 00086035 ____N () C:\WINDOWS\system32\athwbx.cat
2015-02-05 10:01 - 2013-08-15 20:13 - 03859968 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2015-02-05 10:01 - 2013-08-15 20:13 - 03859968 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2015-02-05 00:55 - 2015-02-05 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-02-04 23:09 - 2014-12-07 19:53 - 00452755 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150204-230941.backup
2015-02-04 23:03 - 2015-02-04 23:03 - 00003859 _____ () C:\Users\ASUS\Downloads\software_removal_tool.log
2015-02-04 22:47 - 2015-02-08 02:58 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 22:47 - 2015-02-04 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 22:46 - 2015-02-08 02:52 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 22:46 - 2015-02-08 02:52 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 11:34 - 2015-02-10 16:45 - 00000000 ____D () C:\Users\ASUS\Desktop\Firefox Portable
2015-02-02 01:24 - 2015-02-02 01:24 - 00008477 _____ () C:\Users\ASUS\Downloads\Invoice 1480331 (01-30-2015).html
2015-02-01 23:29 - 2015-02-10 16:54 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-02-01 23:28 - 2015-02-10 12:00 - 00000492 _____ () C:\WINDOWS\Tasks\InstallShield Update Task.job
2015-02-01 23:28 - 2015-02-01 23:28 - 00003224 _____ () C:\WINDOWS\System32\Tasks\InstallShield Update Task
2015-02-01 23:28 - 2015-02-01 23:28 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-01 22:58 - 2015-02-01 22:59 - 45488338 _____ () C:\Users\ASUS\Downloads\Microsoft Office Professional Plus 2013 -32-64 Bit(Activator)[RareAbyss].rar
2015-01-26 23:41 - 2015-02-10 16:27 - 00000578 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002.job
2015-01-22 09:37 - 2015-02-05 10:22 - 00000000 ____D () C:\Users\ASUS\Downloads\Ryan Deiss - Invisible Selling Machine
2015-01-22 09:31 - 2015-01-22 09:30 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 21:55 - 2014-12-09 03:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 21:55 - 2014-12-06 09:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 22:25 - 2015-01-15 22:25 - 00001056 _____ () C:\Users\Public\Desktop\ICCExpress.lnk
2015-01-15 22:25 - 2015-01-15 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Dimensions
2015-01-14 15:07 - 2015-01-14 15:07 - 00004456 _____ () C:\Users\ASUS\Downloads\Keyword Planner 2015-01-14 at 15-07-16.csv
2015-01-14 12:01 - 2014-12-19 14:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 12:01 - 2014-12-12 10:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 12:01 - 2014-12-12 08:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 12:01 - 2014-12-09 09:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 12:01 - 2014-12-06 11:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 12:01 - 2014-12-06 09:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 22:58 - 2015-01-13 22:58 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Hobbyist Software
2015-01-13 22:34 - 2015-02-04 23:12 - 00000000 ____D () C:\Program Files (x86)\Hobbyist Software
2015-01-13 22:34 - 2015-01-13 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Setup Helper
2015-01-13 17:24 - 2015-02-09 10:48 - 00000000 ____D () C:\Users\ASUS\Desktop\SEO
2015-01-11 23:10 - 2014-11-16 03:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-01-11 23:10 - 2014-11-15 14:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-01-11 23:10 - 2014-11-14 22:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-11 23:10 - 2014-11-14 15:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-11 23:10 - 2014-11-14 14:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-01-11 23:10 - 2014-11-14 14:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-01-11 23:10 - 2014-11-14 14:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-01-11 23:10 - 2014-11-14 14:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-11 23:10 - 2014-11-14 14:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-01-11 23:10 - 2014-11-14 14:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-01-11 23:10 - 2014-11-14 14:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-11 23:10 - 2014-11-14 13:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-01-11 23:10 - 2014-11-14 13:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-01-11 23:10 - 2014-11-14 13:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-01-11 23:10 - 2014-11-14 13:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-01-11 23:10 - 2014-11-14 13:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-01-11 23:10 - 2014-11-11 08:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-01-11 23:10 - 2014-11-11 08:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-01-11 23:10 - 2014-11-11 02:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-01-11 23:10 - 2014-11-11 02:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-01-11 23:10 - 2014-11-11 02:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-01-11 23:10 - 2014-11-11 02:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-01-11 23:10 - 2014-11-10 10:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-01-11 23:10 - 2014-11-10 09:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-01-11 23:10 - 2014-11-10 09:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-01-11 23:10 - 2014-11-10 09:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-01-11 23:10 - 2014-11-10 09:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-01-11 23:10 - 2014-11-10 09:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-01-11 23:10 - 2014-11-10 09:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-01-11 23:10 - 2014-11-10 09:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-01-11 23:10 - 2014-11-10 08:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-01-11 23:10 - 2014-11-10 08:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-01-11 23:10 - 2014-11-08 18:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-01-11 23:10 - 2014-11-08 18:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-01-11 23:10 - 2014-11-08 12:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-01-11 23:10 - 2014-11-08 12:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-01-11 23:10 - 2014-11-08 11:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-01-11 23:10 - 2014-11-08 11:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-01-11 23:10 - 2014-11-08 11:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-01-11 23:10 - 2014-11-08 11:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-01-11 23:10 - 2014-11-08 11:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-01-11 23:10 - 2014-11-08 11:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-01-11 23:10 - 2014-11-08 11:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-01-11 23:10 - 2014-11-08 11:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-01-11 23:10 - 2014-11-08 11:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-01-11 23:10 - 2014-11-08 10:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-01-11 23:10 - 2014-11-08 10:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-01-11 23:10 - 2014-11-08 10:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-01-11 23:10 - 2014-11-08 10:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-01-11 23:10 - 2014-11-08 10:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-01-11 23:10 - 2014-11-08 09:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-01-11 23:10 - 2014-11-08 09:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-01-11 23:10 - 2014-11-08 09:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-01-11 23:10 - 2014-11-07 11:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-01-11 23:10 - 2014-11-07 11:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-01-11 23:10 - 2014-11-05 10:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-01-11 23:10 - 2014-11-05 10:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-01-11 23:10 - 2014-11-05 10:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-01-11 23:10 - 2014-11-05 09:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-01-11 23:10 - 2014-11-05 09:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-01-11 23:10 - 2014-11-05 09:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-01-11 23:10 - 2014-11-05 09:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-01-11 23:10 - 2014-11-05 09:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-01-11 23:10 - 2014-11-05 09:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-01-11 23:10 - 2014-11-05 09:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-01-11 23:10 - 2014-11-05 09:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-01-11 23:10 - 2014-11-05 09:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-01-11 23:10 - 2014-11-05 09:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-01-11 23:10 - 2014-11-05 09:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-01-11 23:10 - 2014-11-05 03:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-01-11 23:10 - 2014-11-05 03:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-01-11 23:10 - 2014-11-05 03:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-01-11 23:10 - 2014-11-04 14:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-01-11 23:10 - 2014-11-04 14:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-01-11 23:10 - 2014-11-04 14:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-01-11 23:10 - 2014-11-04 14:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-01-11 23:10 - 2014-11-04 14:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-01-11 23:10 - 2014-11-04 13:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-01-11 23:10 - 2014-10-31 08:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-01-11 23:10 - 2014-10-31 08:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-01-11 23:10 - 2014-10-30 13:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-01-11 23:10 - 2014-10-30 13:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-01-11 23:10 - 2014-10-30 13:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-01-11 23:10 - 2014-10-29 11:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-01-11 23:10 - 2014-10-29 10:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-01-11 23:10 - 2014-10-29 10:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-01-11 23:10 - 2014-10-29 09:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-01-11 23:10 - 2014-10-29 09:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-01-11 23:10 - 2014-10-29 09:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-01-11 23:10 - 2014-10-29 09:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-01-11 23:10 - 2014-10-29 09:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-01-11 23:10 - 2014-10-29 09:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-01-11 23:10 - 2014-10-29 09:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-01-11 23:10 - 2014-10-29 09:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-01-11 23:10 - 2014-10-27 06:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-01-11 23:10 - 2014-10-21 09:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-01-11 23:10 - 2014-10-21 09:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-01-11 23:10 - 2014-10-21 08:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-01-11 23:10 - 2014-10-21 08:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-01-11 23:10 - 2014-10-21 08:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-01-11 23:10 - 2014-10-21 08:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-01-11 23:10 - 2014-10-21 08:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-01-11 23:10 - 2014-10-17 12:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-01-11 23:10 - 2014-10-17 12:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-01-11 23:10 - 2014-10-17 12:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-01-11 23:10 - 2014-10-17 11:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-01-11 23:09 - 2014-11-18 04:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-01-11 23:09 - 2014-11-18 04:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-01-11 23:09 - 2014-11-14 14:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-01-11 23:09 - 2014-11-14 14:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-01-11 23:09 - 2014-11-14 14:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-01-11 23:09 - 2014-11-14 14:46 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-01-11 23:09 - 2014-11-14 14:39 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-01-11 23:09 - 2014-11-14 12:53 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 17:03 - 2014-04-06 12:47 - 00000000 ___HD () C:\Users\ASUS\.mediafire
2015-02-10 17:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-10 16:59 - 2014-02-05 15:36 - 01673815 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-10 16:56 - 2014-02-05 08:51 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-147487581-2992457104-1551078015-1002
2015-02-10 16:53 - 2014-02-05 08:50 - 00000062 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2015-02-10 16:52 - 2014-04-06 12:47 - 00000000 ___RD () C:\Users\ASUS\MediaFire
2015-02-10 16:52 - 2014-02-14 12:12 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Copy
2015-02-10 16:52 - 2014-02-05 16:11 - 00000000 ___RD () C:\Users\ASUS\Dropbox
2015-02-10 16:52 - 2014-02-05 16:10 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Dropbox
2015-02-10 16:52 - 2014-02-05 16:05 - 00000000 __RDO () C:\Users\ASUS\SkyDrive
2015-02-10 16:51 - 2014-12-23 18:10 - 00013655 _____ () C:\WINDOWS\setupact.log
2015-02-10 16:51 - 2014-12-07 21:07 - 00050200 _____ () C:\WINDOWS\PFRO.log
2015-02-10 16:51 - 2014-02-05 11:54 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-10 16:51 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-10 16:50 - 2014-02-08 18:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\uTorrent
2015-02-10 16:50 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\DMCache
2015-02-10 16:50 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-10 16:46 - 2014-08-20 23:07 - 00003087 _____ () C:\WINDOWS\wininit.ini
2015-02-10 16:46 - 2014-06-02 00:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-10 16:41 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Packages
2015-02-10 16:39 - 2014-02-07 10:23 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-10 16:22 - 2014-02-14 13:27 - 00000248 _____ () C:\Users\ASUS\AppData\Roaming\RO39-2M3Q
2015-02-10 15:21 - 2014-03-22 12:27 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Skype
2015-02-10 00:32 - 2014-02-06 21:03 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2015-02-09 18:26 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\Downloads\Compressed
2015-02-09 15:41 - 2014-02-06 23:22 - 13933568 ___SH () C:\Users\ASUS\Desktop\Thumbs.db
2015-02-09 10:48 - 2013-11-14 15:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-08 23:00 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\IDM
2015-02-08 22:15 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-08 21:50 - 2014-02-05 11:55 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-08 21:43 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-08 11:54 - 2014-02-05 18:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-08 11:49 - 2014-02-05 18:45 - 00001023 _____ () C:\Users\ASUS\Desktop\Internet Download Manager.lnk
2015-02-08 11:28 - 2013-11-14 15:17 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-02-08 10:57 - 2014-02-12 22:49 - 09024000 ___SH () C:\Users\ASUS\Downloads\Thumbs.db
2015-02-08 02:39 - 2014-02-07 10:23 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-08 00:46 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-07 23:50 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-05 14:40 - 2014-06-23 03:09 - 00000000 ____D () C:\Users\ASUS\Downloads\Bank Statement
2015-02-05 10:16 - 2014-05-08 18:20 - 00000000 ____D () C:\Users\ASUS\AppData\Local\CrashDumps
2015-02-05 10:02 - 2014-02-05 07:02 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2015-02-05 01:13 - 2014-02-10 21:17 - 00000000 ____D () C:\Users\ASUS\Desktop\Shortcuts
2015-02-05 01:06 - 2014-02-05 11:55 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\IObit
2015-02-05 01:06 - 2014-02-05 11:55 - 00000000 ____D () C:\ProgramData\IObit
2015-02-05 01:06 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\ASUS
2015-02-05 01:06 - 2014-02-05 07:20 - 00000000 ____D () C:\ProgramData\P4G
2015-02-05 00:59 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-05 00:36 - 2014-02-05 15:41 - 00000000 ____D () C:\Users\ASUS
2015-02-05 00:22 - 2014-12-11 11:59 - 00000000 ____D () C:\Program Files\Recuva
2015-02-04 22:47 - 2014-02-05 12:46 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-04 12:04 - 2014-02-05 12:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Mozilla
2015-02-04 02:03 - 2014-04-06 12:32 - 00020696 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mfmonitor_x64.sys
2015-02-01 23:29 - 2014-02-05 17:09 - 00000000 ____D () C:\WINDOWS\AutoKMS
2015-01-30 21:51 - 2014-02-05 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-29 21:13 - 2014-02-05 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 23:41 - 2014-04-26 11:28 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002
2015-01-26 00:16 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\Downloads\Video
2015-01-22 13:17 - 2014-09-26 00:52 - 00000000 __SHD () C:\Users\ASUS\wc
2015-01-22 09:33 - 2014-06-16 11:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-22 09:30 - 2014-12-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 10:24 - 2015-01-06 11:24 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\FileZilla
2015-01-18 23:56 - 2014-02-08 18:15 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\.ACEStream
2015-01-18 23:50 - 2014-07-01 00:10 - 00000000 ___HD () C:\_acestream_cache_
2015-01-16 16:58 - 2014-10-25 14:26 - 00000000 ___RD () C:\Users\ASUS\Copy [email protected]
2015-01-15 22:25 - 2014-09-10 15:59 - 00000000 ____D () C:\Users\ASUS\Documents\ICCExpress
2015-01-15 22:25 - 2014-09-10 15:59 - 00000000 ____D () C:\Program Files (x86)\Web Dimensions
2015-01-14 20:05 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-14 19:05 - 2014-02-05 12:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 18:54 - 2014-02-05 12:06 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 00:20 - 2014-12-23 22:57 - 00000000 ____D () C:\Users\ASUS\Downloads\GKIC_Holiday_Training
2015-01-11 23:59 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-11 23:59 - 2013-08-22 23:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-11 23:59 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-01-11 23:59 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\setup

==================== Files in the root of some directories =======

2014-08-28 09:34 - 2014-08-28 09:35 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-14 13:26 - 2014-02-14 13:26 - 0000088 _____ () C:\Users\ASUS\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2014-02-14 13:26 - 2014-02-14 13:26 - 0000088 _____ () C:\Users\ASUS\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2014-11-14 15:36 - 2014-11-25 18:41 - 0000132 _____ () C:\Users\ASUS\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-14 13:27 - 2015-02-10 16:22 - 0000248 _____ () C:\Users\ASUS\AppData\Roaming\RO39-2M3Q
2014-02-05 08:50 - 2015-02-10 16:53 - 0000062 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2014-06-19 10:28 - 2014-06-19 10:28 - 0000024 _____ () C:\Users\ASUS\AppData\Roaming\temp.ini
2014-11-14 15:45 - 2014-11-14 15:45 - 0001456 _____ () C:\Users\ASUS\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-09-10 19:49 - 2012-09-10 19:49 - 0001050 ____H () C:\Users\ASUS\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}
2014-12-23 18:14 - 2014-12-23 18:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-08-05 09:42 - 2012-07-30 14:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-05 09:42 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy0uhbk.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon2_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon3_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon4_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon5_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MFDesktopShellStatic_x64.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-09 10:54

==================== End Of Log ============================


----------



## kango88 (Feb 5, 2015)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Gladwin at 2015-02-10 17:04:17
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ace Stream Media 2.2.0-next (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\AceStream) (Version: 2.2.0-next - Ace Stream Media)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AliG SLF (HKLM-x32\...\com.aligmarketing.slf) (Version: 3.2.2 - Ali G. Marketing LLC)
AliG SLF (x32 Version: 3.2.2 - Ali G. Marketing LLC) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
Atheros Outlook Addin 2010 (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\BB108A893815B64BF41C4574C3324FB7371AA244) (Version: 1.0.0.0 - Microsoft)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AudienceMakr (HKLM-x32\...\AudienceMakr) (Version: 1.0.2 - Infomastery, LLC)
AudienceMakr (x32 Version: 1.0.2 - Infomastery, LLC) Hidden
Brother MFL-Pro Suite MFC-9330CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Copy (HKLM\...\{EE4CEBB9-C0FC-4503-9BC0-1E32B566DE71}) (Version: 1.47.410.0 - Barracuda Networks, Inc.)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DocuPrint CM205 f_fw (HKLM-x32\...\InstallShield_{82E36284-5E49-4800-9882-0B69D7EEAC2D}) (Version: 1.011.00 - Fuji Xerox)
DocuPrint CM205 f_fw (x32 Version: 1.011.00 - Fuji Xerox) Hidden
Dropbox (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Explaindio Sketch Line Color Changer (HKLM-x32\...\Coloring) (Version: 0.0.0 - UNKNOWN)
Explaindio Sketch Line Color Changer (x32 Version: 0.0.0 - UNKNOWN) Hidden
Explaindio Video Creator version 1.004 (HKLM-x32\...\{FE60174E-0881-4634-946F-9F9C8672710A}_is1) (Version: 1.004 - Explaindio LLC)
Explaindio Video Creator version 1.009 (HKLM-x32\...\{9E347DDD-DB67-4348-8C96-75E0BBC65407}_is1) (Version: 1.009 - Explaindio LLC)
Explaindio Video Creator version 1.012 (HKLM-x32\...\{C38A770F-F857-4357-84ED-FF71D8DE90BF}_is1) (Version: 1.012 - Explaindio LLC)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GSA Email Spider v7.13 (HKLM-x32\...\GSA Email Spider_is1) (Version: 7.13 - GSA Software)
GSA Search Engine Ranker v9.42 (HKLM-x32\...\GSA Search Engine Ranker_is1) (Version: 9.42 - GSA Software)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
Instant Content Curator Express (HKLM-x32\...\com.webdimensions.instantcontentcurator.express) (Version: 2.0.8 - Web Dimensions, Inc.)
Instant Content Curator Express (x32 Version: 2.0.8 - Web Dimensions, Inc.) Hidden
Instant Eyedropper 1.75 (HKLM-x32\...\Instant Eyedropper_is1) (Version: - )
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.7.1084 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Last Man (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Last Man) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LongTailPro - Version 2.4.28 (HKLM-x32\...\com.longtailpro.LongTailPro) (Version: 2.4.28 - Long Tail Media, LLC)
LongTailPro - Version 2.4.28 (x32 Version: 2.4.28 - Long Tail Media, LLC) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.38 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.38 - Alliance Software Pty Ltd) Hidden
MediaFire Desktop (HKLM-x32\...\MediaFire Desktop 0.10.21.9247) (Version: 1.4.17.10772 - MediaFire)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Lead Monster (HKLM-x32\...\MobileLeadMonster) (Version: 1.0 - Axiom Marketing Inc.)
Mobile Lead Monster (x32 Version: 1.0 - Axiom Marketing Inc.) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{9AFDC558-9575-48B8-BC39-CCAACB8DC05E}) (Version: 4.4.1.0 - Alexander Nikiforov)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
NZ Financial MT4 Terminal (HKLM-x32\...\NZ Financial MT4 Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguin Recovery Jeet (HKLM-x32\...\Penguin Recovery Jeet_is1) (Version: 1.0 - Teknikforce)
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 3.2 - PureVPN)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.172 - Clarus, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SMSCaster E-Marketer GSM Enterprise v3.6 (HKLM-x32\...\SMSCaster E-Marketer GSM Enterprise_is1) (Version: v3.6 (build 1071) - SDJ Software Limited)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spotify (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - )
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Telegram Desktop version 0.7.4 (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.4 - Telegram Messenger LLP)
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.858.1 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoMakerFX (HKLM-x32\...\VideoMakerFX 1.01) (Version: 1.01 - Webvati)
VideoMakerFX (HKLM-x32\...\VideoMakerFX 1.04) (Version: 1.04 - Webvati)
VideoMakerFX (HKLM-x32\...\VideoMakerFX 1.05) (Version: 1.05 - Webvati)
VideoMakerFX (x32 Version: 1.01 - Webvati) Hidden
VideoMakerFX (x32 Version: 1.05 - Webvati) Hidden
VideoMakerFX Josh Ratta Bonus Scenes (HKLM-x32\...\{E7CAFBCF-1A20-4AF8-AE0E-89A8282CCA46}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes August Addon 1.0 (HKLM-x32\...\{BC117729-A0EA-48CF-941E-6F12EFB7D71E}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes December Addon 1.0 (HKLM-x32\...\{F5AEF14E-731A-4875-B55D-1561E2F87722}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes July Addon 1.0 (HKLM-x32\...\{BDAA3BD7-1BA0-4727-B99F-89FD45A1D15A}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes June Addon 1.0 (HKLM-x32\...\{AE11668B-174C-461F-8A4D-5AEF54DD3B5F}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes May Addon 1.0 (HKLM-x32\...\{6073BA7B-671F-4F41-AA93-05164AAE6A72}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes November Addon 1.0 (HKLM-x32\...\{23CFA575-AD8D-48AD-971D-EF76F70FC94F}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes October Addon 1.0 (HKLM-x32\...\{C7F12978-67A4-45F3-9010-9F94BC730894}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes September Addon 1.0 (HKLM-x32\...\{703AEFFE-6830-4BEB-A697-62D5566A7557}) (Version: 1.0 - Webvati)
VideoMakerFX VideoProfitFX Add On 1.0 (HKLM-x32\...\{8F99303E-4E46-45DC-964D-649DBC72B717}) (Version: 1.0 - Webvati)
VideoMakerFX Webinar Bonus Kinetic Special Scenes (HKLM-x32\...\{1895C465-14C6-4AEB-8478-13F0A1953282}) (Version: 1.0 - Webvati)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC Setup Helper (HKLM-x32\...\VLC Setup Helper_is1) (Version: - )
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.8.381 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Citrix\GoToMeeting\1865\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-11-13 11:30 - 2015-02-04 23:09 - 00452879 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AB723D5-2256-4DC4-9232-3E6E9A75B60C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {1EC4E477-8FB4-4785-8F1C-B28E2F00A284} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS)
Task: {231A1BC4-7F52-433B-BA49-DAC21ED77E2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {275ADBFC-8958-496E-9374-8D0A637CF457} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-02-01] ()
Task: {35631E60-74ED-44BE-9C60-43DC09DA1993} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {3B5951F4-199B-490D-922E-06D0B82A59A9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-19] (ASUSTek Computer Inc.)
Task: {3C3C1EA3-2DAE-4B67-921E-D4A2A529B8C4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {453A192F-EFE2-4E59-8DB3-DF1E1F1EAA85} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-30] ()
Task: {48BC6164-F3B2-4DD2-B8EB-BFF8A59B9E6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {63A5081D-D5AD-495D-9006-1519CB6CB077} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-30] (ASUS)
Task: {78CDE10B-3C8A-496A-9D53-0E2A2A2B2A22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8006A781-C47E-4391-BCE9-EDCC3A3492D6} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-25] (ASUS)
Task: {82AA3937-45DC-4A88-955B-05EFCC1B721E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9411BCD0-CBCE-4E6F-9E4A-C6C5743A2F6F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-23] (ASUSTeK Computer Inc.)
Task: {97DAD6E6-1844-4F80-A827-CFC2AA087E3A} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-17] (AsusTek)
Task: {A1E533F8-F20E-4D0F-89D0-771BCE3B0147} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-05] ()
Task: {E10CE05D-CD0F-4E10-A184-B9E613977FC6} - System32\Tasks\CLARUS_DRIVE_MANAGER\Clarus_Drive_Manager => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [2013-12-18] (Clarus, Inc.)
Task: {F0BBFD4C-5614-49DB-8CA1-69D298C40533} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F50BA656-7650-4D52-8358-18794A1F735F} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
Task: {F9D63969-0932-4E38-A93A-91E6D66279D8} - System32\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002 => C:\Users\ASUS\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002.job => C:\Users\ASUS\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cf8e99a9971846.job => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cfedc1168c14f4.job => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cfffdbc8a5ac38.job => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1d04303a250e3f3.job => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\InstallShield Update Task.job => C:\WINDOWS\system32\wscript.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Gladwin.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-10 08:13 - 2014-03-04 22:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-05 15:36 - 2014-03-04 21:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-18 10:02 - 2011-11-18 10:02 - 00023040 _____ () C:\WINDOWS\System32\fxhk4alm.dll
2012-06-20 12:21 - 2012-06-20 12:21 - 00096768 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
2014-05-17 06:34 - 2014-05-17 06:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 00456504 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
2014-12-02 17:11 - 2005-04-22 12:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2012-08-25 09:26 - 2012-08-25 09:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-30 09:15 - 2012-11-30 09:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-30 11:02 - 2012-09-30 11:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-30 10:59 - 2012-09-30 10:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-30 11:01 - 2012-09-30 11:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-01-28 17:46 - 2014-09-25 13:57 - 00027904 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 04002120 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 01228616 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_hub.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 04672328 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
2014-07-09 10:55 - 2007-10-17 16:22 - 00352256 _____ () C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
2015-01-23 23:40 - 2015-01-23 23:40 - 02092544 _____ () C:\Users\ASUS\AppData\Roaming\Copy\Gui.dll
2015-01-23 23:40 - 2015-01-23 23:40 - 08212480 _____ () C:\Users\ASUS\AppData\Roaming\Copy\Brt.dll
2015-01-23 23:40 - 2015-01-23 23:40 - 09276928 _____ () C:\Users\ASUS\AppData\Roaming\Copy\AgentSync.dll
2015-01-23 23:40 - 2015-01-23 23:40 - 05327872 _____ () C:\Users\ASUS\AppData\Roaming\Copy\CloudSync.dll
2014-04-06 12:32 - 2015-02-04 02:32 - 04242760 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 03957064 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_browser.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 09501000 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_central_control.exe
2012-06-20 12:21 - 2012-06-20 12:21 - 00248320 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
2012-06-20 12:21 - 2012-06-20 12:21 - 00229376 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 02406216 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_monitor.exe
2014-01-10 13:26 - 2014-01-10 13:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 07139144 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_dialogs.exe
2013-03-29 19:18 - 2013-03-29 19:18 - 00026744 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\ace_update.exe
2012-03-08 10:27 - 2012-03-08 10:27 - 00016384 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\ACVsWin.dll
2014-05-17 08:11 - 2014-05-17 08:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-07-26 08:32 - 2014-07-26 08:32 - 00506664 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
2015-02-05 00:54 - 2014-06-06 13:07 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2015-02-05 00:54 - 2014-06-06 13:07 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2015-02-05 00:54 - 2014-06-06 13:07 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2015-02-05 00:54 - 2014-06-06 13:08 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2014-01-28 17:46 - 2014-11-28 13:46 - 00249856 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 21:09 - 2011-06-12 21:09 - 00038400 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 21:09 - 2011-06-12 21:09 - 00720896 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2013-11-27 23:50 - 2013-11-27 23:50 - 00018944 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00287232 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2014-01-28 17:45 - 2014-11-28 13:46 - 01732096 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2014-01-23 19:37 - 2014-01-23 19:37 - 00036352 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2013-12-21 21:20 - 2013-12-21 21:20 - 00053248 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00106496 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2013-12-21 21:20 - 2013-12-21 21:20 - 00040448 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00011776 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\select.pyd
2011-01-19 05:56 - 2011-01-19 05:56 - 00334336 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00152576 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 23:02 - 2011-02-13 23:02 - 00031232 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2014-01-28 17:55 - 2014-11-28 13:46 - 03083264 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-08 00:37 - 2012-02-08 00:37 - 00098816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-08 00:35 - 2012-02-08 00:35 - 00110080 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-08 00:38 - 2012-02-08 00:38 - 00358912 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-08 00:36 - 2012-02-08 00:36 - 00111616 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-08 00:36 - 2012-02-08 00:36 - 00024064 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-11 06:23 - 2010-10-11 06:23 - 00723968 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-30 00:20 - 2013-01-30 00:20 - 00082944 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-16 03:37 - 2011-07-16 03:37 - 00981504 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00746496 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00670720 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00966144 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00674816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00688128 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2013-12-21 21:02 - 2013-12-21 21:02 - 00061952 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-30 00:20 - 2013-01-30 00:20 - 00066048 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2014-04-06 12:32 - 2015-02-04 02:22 - 00112142 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\libgcc_s_dw2-1.dll
2014-04-06 12:32 - 2015-02-04 02:22 - 01000974 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\libstdc++-6.dll
2014-07-05 14:20 - 2015-02-04 02:04 - 04188400 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\libsqlite3cc.dll
2014-04-06 12:32 - 2015-02-04 02:03 - 00042496 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\win32overlay.dll
2014-04-06 12:32 - 2015-02-04 02:03 - 00007680 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mfmonitor.dll
2014-01-10 13:28 - 2014-01-10 13:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-12-10 08:13 - 2014-03-04 22:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00750080 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-10 16:52 - 2015-02-10 16:52 - 00043008 _____ () c:\users\asus\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy0uhbk.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00047616 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00863744 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00200704 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-06-12 21:09 - 2011-06-12 21:09 - 00038400 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 21:09 - 2011-06-12 21:09 - 00720896 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-16 03:37 - 2011-07-16 03:37 - 00981504 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00746496 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00670720 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00966144 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00674816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00287232 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-19 05:56 - 2011-01-19 05:56 - 00334336 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00011776 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00152576 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-08 00:37 - 2012-02-08 00:37 - 00098816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-08 00:35 - 2012-02-08 00:35 - 00110080 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-08 00:38 - 2012-02-08 00:38 - 00358912 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-08 00:36 - 2012-02-08 00:36 - 00111616 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-08 00:36 - 2012-02-08 00:36 - 00024064 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd
2014-02-05 07:06 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-01-29 21:13 - 2015-01-29 21:13 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-08 11:05 - 2015-02-08 11:05 - 01020928 _____ () C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\ASUS\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-147487581-2992457104-1551078015-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUS\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-147487581-2992457104-1551078015-500 - Administrator - Disabled)
Gladwin (S-1-5-21-147487581-2992457104-1551078015-1002 - Administrator - Enabled) => C:\Users\ASUS
Guest (S-1-5-21-147487581-2992457104-1551078015-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-147487581-2992457104-1551078015-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Intel(R) Dynamic Platform & Thermal Framework Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfManager
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Virtual Bluetooth Support
Description: Virtual Bluetooth Support
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 04:59:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/10/2015 04:52:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TrayManager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ThrowHelper.ThrowInvalidOperationException(System.ExceptionResource)
at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNextRare()
at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNext()
at Wpf4TrayManager.App.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at Wpf4TrayManager.App.Main()

Error: (02/10/2015 04:52:03 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.

Error: (02/10/2015 04:52:03 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]

Error: (02/10/2015 04:51:35 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/10/2015 04:51:35 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/10/2015 04:51:35 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceMain: ServiceStart() failed.

Error: (02/10/2015 04:51:35 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/10/2015 04:51:35 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/10/2015 04:51:35 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPService
ServiceMain: ServiceStart() failed.

System errors:
=============
Error: (02/10/2015 04:51:54 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/10/2015 04:51:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%1053

Error: (02/10/2015 04:51:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/10/2015 04:51:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error: 
%%1053

Error: (02/10/2015 04:51:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service2 service to connect.

Error: (02/10/2015 04:51:13 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (02/10/2015 04:48:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Advanced SystemCare Service 8 service terminated unexpectedly. It has done this 1 time(s).

Error: (02/10/2015 01:11:35 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/09/2015 06:22:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (02/09/2015 11:16:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%1053

Microsoft Office Sessions:
=========================
Error: (02/10/2015 04:59:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/10/2015 04:52:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TrayManager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ThrowHelper.ThrowInvalidOperationException(System.ExceptionResource)
at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNextRare()
at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNext()
at Wpf4TrayManager.App.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at Wpf4TrayManager.App.Main()

Error: (02/10/2015 04:52:03 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.

Error: (02/10/2015 04:52:03 PM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]

Error: (02/10/2015 04:51:35 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/10/2015 04:51:35 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/10/2015 04:51:35 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceMain: ServiceStart() failed.

Error: (02/10/2015 04:51:35 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/10/2015 04:51:35 PM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/10/2015 04:51:35 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPServiceServiceMain: ServiceStart() failed.

CodeIntegrity Errors:
===================================
Date: 2015-02-10 16:06:49.176
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:06:48.929
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:06:48.723
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:06:47.847
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:06:47.628
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:06:47.380
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:04:19.972
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:04:19.704
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:04:19.363
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:04:19.099
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 47%
Total physical RAM: 8077.59 MB
Available physical RAM: 4275.63 MB
Total Pagefile: 10637.59 MB
Available Pagefile: 5969.6 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:39.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:1.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 185485F0)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: BC223D42)

Partition: GPT Partition Type.

==================== End Of Log ============================


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed file. (see below) Save it in the same location FRST is saved. Open *FRST*. Click on the *Fix* button and wait. The tool will produce a log, *fixlog.txt*. Please post its contents in your next reply.

How is the computer doing?


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Gladwin at 2015-02-10 23:46:11 Run:1
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Loaded Profiles: Gladwin (Available profiles: Gladwin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= 5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&q={searchTerms}&SSPV=
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [AdobeBridge] => [X]
C:\Program Files (x86)\IObit
C:\ProgramData\IObit
C:\Users\ASUS\AppData\Roaming\IObit
End
*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= => Value not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\ProgramData\IObit => Moved successfully.
C:\Users\ASUS\AppData\Roaming\IObit => Moved successfully.

==== End of Fixlog 23:46:12 ====


----------



## kango88 (Feb 5, 2015)

It works for computer A (windows 8.1) for a while. But after i restart my computer and sync my chrome profile back. The problem came back again. I tried to use the same fix file provided again and the problem was solved again. But after restarting my comp, the problem came back once again.

The current issue is that I cannot access both bing and yahoo on all my browsers while my google search engine looks weird on my chrome and IE

Do you know what happened to my comp? Is it a virus linked to my chrome profile as my other computer was infected after i copy and paste my chrome profile folder over?

Below is a scan file for my other computer B (windows 7 running in macbook bootcamp)?


----------



## kango88 (Feb 5, 2015)

This is my scan for computer B

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by user (administrator) on USER-PC on 10-02-2015 23:55:19
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-02-07] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-02] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2015-01-25] (Tonec Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990352-8160-11e4-8edf-6c4008aff89a} - E:\AutoRun.exe
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990377-8160-11e4-8edf-6c4008aff89b} - E:\AutoRun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-08]
FF Extension: LastPass - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-05]
FF Extension: FireShot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-05]
FF Extension: EPUBReader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-05]
FF Extension: Easy App Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-05]
FF Extension: MEGA - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-05]
FF Extension: Save My Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-05]
FF Extension: Media Stealer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-05]
FF Extension: Reader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-02-05]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2015-02-05]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV="
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Downloads) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkhjekibcfjngomhbbifihellcaebcn [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (Download Manager (video and mp3)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapnjmgdanmelbcmjdjljogelnlfepcj [2015-02-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (RankRecon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdckfonfkdoeiobllnejjieicmjodh [2015-02-05]
CHR Extension: (OneTab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-02-05]
CHR Extension: (Webpage Screenshot) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-02-05]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (SEO I.Q.) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadlnlnlpkpchfljjcpkodcljofniggm [2015-02-05]
CHR Extension: (Tabs Backup & Restore) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2015-02-05]
CHR Extension: (FB Pixel Helper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-02-05]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-05]
CHR Extension: (Share As Image Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhphfbdfbkokcfajipbmkcakmmepeb [2015-02-05]
CHR Extension: (SEO & Website Analysis) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2015-02-05]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-02-08]
CHR Extension: (AS Magic Player) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-06]
CHR Extension: (Hangouts) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-02-07] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-14] (Panda Security, S.L.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [598528 2012-05-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppleCamera; C:\Windows\System32\DRIVERS\AppleCamera.sys [1793664 2013-12-05] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2013-09-07] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [39424 2013-09-07] (Apple Inc.)
R3 AppleSDR; C:\Windows\System32\DRIVERS\AppleSDR.sys [12800 2013-09-04] (Apple Inc.)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFD.sys [56720 2013-10-18] (Cirrus Logic Inc.)
R3 CirrusUFD; C:\Windows\System32\DRIVERS\CSUFD.sys [11928 2013-10-18] (Cirrus Logic Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-17] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-14] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-14] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-14] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 23:54 - 2014-03-25 21:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-02-08 11:21 - 2015-02-08 11:21 - 00426164 _____ () C:\Users\user\Downloads\idmmzcc.xpi
2015-02-08 01:32 - 2015-02-08 01:32 - 00141203 _____ () C:\Users\user\Desktop\New Text Document (2).txt
2015-02-07 17:05 - 2015-02-07 17:09 - 168221626 _____ () C:\Users\user\Desktop\Webinar 2.rar
2015-02-07 16:25 - 2015-02-07 04:37 - 1107135517 _____ () C:\Users\user\Desktop\DDR3boy-7 Minute Income- (Ryan Lee)-1 GB.zip
2015-02-06 23:21 - 2015-02-06 23:21 - 00025128 _____ () C:\Users\user\Downloads\JDM_USA.xlsx
2015-02-06 23:21 - 2015-02-06 23:21 - 00020396 _____ () C:\Users\user\Downloads\JDM_Australia.xlsx
2015-02-06 13:12 - 2015-02-06 13:12 - 00000929 _____ () C:\Users\user\Desktop\JRT.txt
2015-02-06 12:59 - 2015-02-10 23:55 - 00000000 ____D () C:\FRST
2015-02-06 12:46 - 2015-02-06 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-06 12:45 - 2015-02-06 12:50 - 00000000 ____D () C:\Users\user\Desktop\mbar
2015-02-06 12:27 - 2015-02-06 12:32 - 00000000 ____D () C:\AdwCleaner
2015-02-06 10:40 - 2015-02-08 11:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 10:39 - 2015-02-06 12:45 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 10:39 - 2015-02-06 10:39 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 10:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 10:35 - 2015-02-06 10:36 - 01924810 _____ () C:\Users\user\Downloads\Adaware_Installer.exe
2015-02-06 09:45 - 2015-01-10 10:46 - 00000000 ____D () C:\Users\user\Desktop\LongTailPro
2015-02-06 09:44 - 2015-02-06 09:43 - 03265362 _____ () C:\Users\user\Desktop\Long Tail Pro Platinum 2.4.42 Updated.rar
2015-02-06 09:36 - 2015-02-06 09:36 - 06908471 _____ () C:\Users\user\Downloads\Introduction.mp4
2015-02-06 09:34 - 2015-02-06 10:11 - 00000000 ____D () C:\Users\user\Desktop\Video Traffic Fusion - Iceberg Formula
2015-02-06 09:14 - 2015-02-06 09:15 - 35738846 _____ () C:\Users\user\Desktop\OMG Directors Cut Feb1.rar
2015-02-06 09:12 - 2015-02-06 09:31 - 00010215 _____ () C:\Users\user\Downloads\piquant.com.sg-h0vy-01142015.xlsx
2015-02-06 09:12 - 2015-02-06 09:12 - 00028160 _____ () C:\Users\user\Downloads\piquant 2015 kws.xls
2015-02-06 09:10 - 2015-02-06 09:24 - 00009857 _____ () C:\Users\user\Downloads\piquant.com.sg-w0wk-02062015.xlsx
2015-02-06 09:05 - 2015-02-06 09:05 - 00000088 _____ () C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2015-02-05 22:32 - 2015-02-05 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia
2015-02-05 22:31 - 2015-02-08 02:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 22:31 - 2015-02-05 22:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 22:31 - 2015-02-05 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 22:31 - 2015-02-05 22:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-05 19:15 - 2015-02-05 19:17 - 00000000 ____D () C:\Program Files (x86)\InterestArchitect
2015-02-05 19:15 - 2015-02-05 19:15 - 00002053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002041 _____ () C:\Users\Public\Desktop\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\Windows\Interst Architect
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interst Architect
2015-02-05 19:14 - 2015-02-05 19:14 - 00042150 _____ () C:\Users\user\Downloads\Interest Architect Patch.zip
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Panda Security
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-05 18:02 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150205-180212.backup
2015-02-05 17:58 - 2015-02-05 18:08 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-05 17:58 - 2015-02-05 17:58 - 01630952 _____ () C:\Users\user\Downloads\PANDAFREEAV.exe
2015-02-05 17:41 - 2015-02-05 17:41 - 00001403 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-05 17:41 - 2015-02-05 17:41 - 00001391 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-02-05 17:41 - 2015-02-05 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-05 17:41 - 2015-02-05 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-05 17:40 - 2015-02-05 19:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-05 17:40 - 2015-02-05 17:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-05 17:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-02-05 17:38 - 2015-02-05 17:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
2015-02-05 17:28 - 2015-02-05 17:29 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2015-02-05 17:23 - 2015-02-05 17:23 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-05 17:23 - 2015-02-05 17:23 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-05 15:22 - 2015-02-05 15:22 - 00000215 _____ () C:\Users\user\Desktop\New Text Document.txt
2015-02-05 10:27 - 2015-02-05 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-05 10:38 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-05 10:25 - 2015-02-05 10:33 - 00002125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-05 10:25 - 2015-02-05 10:33 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-05 10:25 - 2015-02-05 10:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList
2015-02-05 10:01 - 2014-12-19 11:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-05 10:01 - 2014-12-19 09:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-05 10:01 - 2014-12-06 12:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-05 09:42 - 2015-02-05 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-05 09:39 - 2015-02-08 11:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache
2015-02-05 09:39 - 2015-02-07 16:59 - 00000000 ____D () C:\Users\user\Downloads\Compressed
2015-02-05 09:39 - 2015-02-06 10:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM
2015-02-05 09:39 - 2015-02-05 09:42 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00001021 _____ () C:\Users\user\Desktop\Internet Download Manager.lnk
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\Users\user\Downloads\Video
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\IDM
2015-02-05 09:35 - 2015-02-05 09:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-05 09:31 - 2015-02-05 09:32 - 01977432 _____ () C:\Users\user\Downloads\winrar-x64-501.exe
2015-02-05 09:11 - 2015-02-05 09:59 - 00000468 _____ () C:\Windows\Tasks\InstallShield Update Task.job
2015-02-05 09:11 - 2015-02-05 09:11 - 00003202 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-05 09:09 - 2015-02-05 09:09 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-02-05 09:08 - 2015-02-05 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-05 09:07 - 2015-02-05 10:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 __RHD () C:\MSOCache
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-05 09:06 - 2014-12-12 13:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-05 09:06 - 2014-12-12 13:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-05 09:06 - 2014-12-12 13:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-05 09:06 - 2014-12-12 13:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-05 09:06 - 2014-12-12 13:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-05 09:06 - 2014-12-12 13:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-05 09:06 - 2014-12-12 13:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-05 09:06 - 2014-12-12 01:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-23 14:06 - 2015-01-23 14:06 - 00025354 _____ () C:\Users\user\Downloads\Download.csv
2015-01-13 20:36 - 2014-11-29 08:37 - 00180648 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 23:54 - 2014-12-16 14:40 - 00000000 ___RD () C:\Users\user\Dropbox
2015-02-10 23:54 - 2014-12-16 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2015-02-10 23:54 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 23:53 - 2009-07-14 12:51 - 00036279 _____ () C:\Windows\setupact.log
2015-02-08 11:55 - 2014-12-01 23:30 - 01056472 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 11:43 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 11:43 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 11:42 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-08 11:16 - 2014-12-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-07 18:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-02-06 12:33 - 2010-11-21 11:47 - 00016054 _____ () C:\Windows\PFRO.log
2015-02-06 09:45 - 2015-01-06 15:53 - 00000256 _____ () C:\Users\user\AppData\Roaming\RO39-2M3Q
2015-02-05 22:31 - 2014-12-29 17:18 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-02-05 18:41 - 2009-07-14 12:45 - 00477768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-05 18:08 - 2014-12-11 18:12 - 00111992 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-05 10:28 - 2014-12-26 14:53 - 00774004 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-05 09:50 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-05 09:50 - 2009-07-14 10:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-05 09:49 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-05 09:08 - 2014-12-26 14:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-05 09:08 - 2010-11-21 15:16 - 00000000 ____D () C:\Windows\ShellNew
2015-02-05 09:06 - 2014-12-26 14:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-01-06 15:53 - 2015-01-06 15:53 - 0000088 _____ () C:\Users\user\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2015-02-06 09:05 - 2015-02-06 09:05 - 0000088 _____ () C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2015-01-06 15:53 - 2015-02-06 09:45 - 0000256 _____ () C:\Users\user\AppData\Roaming\RO39-2M3Q

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphxeggz.dll
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-07 18:51

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by user at 2015-02-10 23:55:42
Running from C:\Users\user\Downloads\Programs
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Boot Camp Services (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.1.5640 - Apple Inc.)
Chrysanth Cheque Writer [Free] (HKLM-x32\...\627237A3-ACD1-4EC8-B382-2061531CE8E5_is1) (Version: 9.8 - Chrysanth Software Sdn. Bhd.)
Dropbox (HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Interst Architect (HKLM-x32\...\Interst Architect1.0.0.1) (Version: 1.0.0.1 - InnAnTech Industries Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.002.08.02.1014 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SMSCaster E-Marketer GSM Enterprise v3.6 (HKLM-x32\...\SMSCaster E-Marketer GSM Enterprise_is1) (Version: v3.6 (build 1071) - SDJ Software Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Windows Driver Package - Apple Inc. (AppleCamera) Image (11/21/2013 5.0.22.0) (HKLM\...\1FCF3C93707C46D648F0B00E216A55E96DEB5A17) (Version: 11/21/2013 5.0.22.0 - Apple Inc.)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0) (HKLM\...\ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA) (Version: 01/10/2014 5.0.8.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0) (HKLM\...\277F15E06E6EEB458048F41BCB8FB843B3241E95) (Version: 09/04/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1) (HKLM\...\D323E2C0C5E4948B07EE346CF62161281B0A8578) (Version: 07/22/2013 1.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple System Device (05/20/2013 5.0.2.0) (HKLM\...\1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC) (Version: 05/20/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows Driver Package - Broadcom (b57nd60a) Net (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows Driver Package - Broadcom (B57ports) Net (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (12/13/2013 6.30.223.215) (HKLM\...\A5E73046BA905B7B0235AB40FA98A4E3AB96E00E) (Version: 12/13/2013 6.30.223.215 - Broadcom)
Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (02/19/2013 6.6001.1.40) (HKLM\...\969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7) (Version: 02/19/2013 6.6001.1.40 - Cirrus Logic, Inc.)
Windows Driver Package - Cirrus Logic, Inc. (CirrusLFD) MEDIA (10/03/2013 6.6001.3.13) (HKLM\...\9EBC96DD99F2C854D540FBF6A16A557BADDBC228) (Version: 10/03/2013 6.6001.3.13 - Cirrus Logic, Inc.)
Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

29-12-2014 17:55:51 Windows Update
06-01-2015 15:55:24 Windows Update
05-02-2015 09:06:09 Windows Update
05-02-2015 09:39:37 Windows Update
05-02-2015 10:01:56 Windows Update
05-02-2015 10:08:06 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2015-02-05 18:02 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00224C3E-5C4C-4B38-BA29-1CA7A4DEF9E3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {03BB9D3B-E0C8-4734-89ED-D1D1B38B613B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {0D0A3FC9-90F6-445D-8928-9CD45CBCB592} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {22301B59-B949-4B23-8295-A527C3238080} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {6C9B52B7-755C-46E9-9A8D-1E6FE7A3D371} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {937004F1-A33E-4B22-952E-8A61E5B32E6E} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
Task: {B9E7E609-E093-4DCF-9E62-9FC05D6E6070} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BDD07F24-3E3E-4DE9-9DBA-25CCFCE278E7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DF4160AB-8548-4341-972C-8C4932C487D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {E38BABCA-8361-45BC-B394-7BF1A8B8554A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {F659F77E-C946-4B34-B66E-58A3A225A817} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\InstallShield Update Task.job => C:\Windows\system32\wscript.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-12 17:17 - 2014-11-12 17:17 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-10 08:04 - 2014-10-03 17:36 - 00457616 _____ () C:\Windows\System32\igfxTray.exe
2014-02-07 04:36 - 2014-02-07 04:36 - 00226112 _____ () C:\Windows\system32\AppleOSSMgr.exe
2011-03-14 23:27 - 2011-03-14 23:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-12-11 18:11 - 2011-12-23 18:03 - 00655712 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-12-11 18:11 - 2009-01-10 18:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-12-11 18:11 - 2009-06-23 02:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-12-11 18:11 - 2010-05-10 10:51 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-12-11 18:11 - 2010-02-10 22:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-12-11 18:11 - 2011-12-23 15:52 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-12-11 18:11 - 2010-02-10 22:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-04-13 01:23 - 2013-04-13 01:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-02-05 17:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-05 17:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-05 17:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-05 17:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-05 17:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-11-12 17:17 - 2014-11-12 17:17 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-16 14:39 - 2014-10-22 08:22 - 00750080 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-10 23:54 - 2015-02-10 23:54 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphxeggz.dll
2014-12-16 14:39 - 2014-10-22 08:22 - 00047616 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-12-16 14:39 - 2014-10-22 08:22 - 00863744 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-12-16 14:39 - 2014-10-22 08:22 - 00200704 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\user\Downloads\DNC.csv:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2059749266-3525964498-4138522283-500 - Administrator - Disabled)
Guest (S-1-5-21-2059749266-3525964498-4138522283-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2059749266-3525964498-4138522283-1002 - Limited - Enabled)
user (S-1-5-21-2059749266-3525964498-4138522283-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 11:54:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:36:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:33:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:23:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:18:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:15:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:11:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:09:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2015 04:16:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 11:19:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (02/10/2015 11:54:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/10/2015 11:54:09 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/10/2015 11:54:11 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (02/10/2015 11:54:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053

Error: (02/10/2015 11:54:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (02/08/2015 11:52:50 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/08/2015 11:50:50 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/08/2015 11:49:40 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/08/2015 11:49:35 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/08/2015 11:48:05 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Microsoft Office Sessions:
=========================
Error: (02/10/2015 11:54:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:36:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:33:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:23:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:18:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:15:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:11:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:09:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/07/2015 04:16:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 11:19:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4278U CPU @ 2.60GHz
Percentage of memory in use: 19%
Total physical RAM: 8100.69 MB
Available physical RAM: 6519.2 MB
Total Pagefile: 16199.57 MB
Available Pagefile: 14497.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:116.41 GB) (Free:62.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Macintosh HD) (Fixed) (Total:116.55 GB) (Free:83.35 GB) HFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233.8 GB) (Disk ID: B153E265)

Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=116.5 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=116.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## JSntgRvr (Jul 1, 2003)

Computer B

Download the enclosed file. (see below) Save it in the same location FRST is saved. Open *FRST*. Click on the *Fix* button and wait. The tool will produce a log, *fixlog.txt*. Please post its contents in your next reply.

Open AdwCleaner and uninstall on both computer. That should remove the quarantined items.

Then:

Run the ESET Online Scanner.
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.
Check _"YES, I accept the Terms of Use."_
Click the *Start* button.
Accept any security warnings from your browser.
Under *scan settings*, check _"Scan Archives"_ and _"Remove found threats" _
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click *List Threats*
Click *Export*, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the *Back* button.
Click the *Finish* button.
*NOTE:*Sometimes if ESET finds no infections it will not create a log.


----------



## kango88 (Feb 5, 2015)

Hi, what do i do for computer A?

I've already uninstalled AdwCleaner. Do i install it back for another scan before uninstalling it again?

Do i need to run the ESET Online Scanner again?

Do i need to run the fixlist.txt again as every time i reboot the same problem occur again? If i need to, when do i run it again? After the two above steps?

Thanks for your help so far


----------



## JSntgRvr (Jul 1, 2003)

Lets work on only one computer at a time. It is kind of confusing to work on two. Lets work on the First computer, the one that lost its connection to the internet after AdwCleaner, and not on the second, until the first is cleaned.

The latest version of AdwCleaner should not detect Hotspot as a threat, but this application should not interfere with Windows. So first, remove Hotspot from your programs throughout the Control Panel and let me know if after uninstall you still have a connection.


----------



## kango88 (Feb 5, 2015)

Hi, I thought letting you see the conditions of both computer with similar infections can help you spot the similarities.

Ok. Back to the first computer. I removed Hotspot Shield and the internet is still working but with the same search engine issue


----------



## JSntgRvr (Jul 1, 2003)

Run the latest FRST. Put a checkmark under addition.txt and click on Scan. Post the latest FRST.txt and Addition.txt


----------



## kango88 (Feb 5, 2015)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Gladwin (administrator) on GLADWIN on 11-02-2015 12:04:20
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Loaded Profiles: Gladwin (Available profiles: Gladwin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvMon.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Spotify Ltd) C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_hub.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
() C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_browser.exe
(Barracuda Networks, Inc.) C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_central_control.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_monitor.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_dialogs.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
(Dropbox, Inc.) C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\Users\ASUS\AppData\Roaming\ACEStream\updater\ace_update.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\AsusWSPanel.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Google) C:\Users\ASUS\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-12-23] (Realtek Semiconductor)
HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [29696 2013-08-22] (Microsoft Corporation)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-30] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-30] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [70656 2014-12-23] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-05] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\ASUSWSLoader.exe [63296 2014-07-08] ()
HKLM-x32\...\Run: [Launcher] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe [2400768 2012-04-28] (Fuji Xerox Co., Ltd.)
HKLM-x32\...\Run: [M205f RUN] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe [355840 2012-06-20] ()
HKLM-x32\...\Run: [StatusAutoRunm205f] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe [3978752 2012-06-20] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-02-08] (Tonec Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [AceStream] => C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Spotify Web Helper] => C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Google Update] => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-13] (Google Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [MediaFire Tray] => C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe [4002120 2015-02-04] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [instanteyedropper] => C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe [352256 2007-10-17] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Copy] => C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-01-23] (Barracuda Networks, Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [GoogleChromeAutoLaunch_D5DDF34FE692FC2EA1B8968615A3C02A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\MountPoints2: {c7345423-f2fd-11e3-bf91-2cd05a4163df} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\MountPoints2: {e49a6483-8e37-11e3-824e-806e6f6e6963} - "F:\start.exe" 
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-01-23] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\Run: [Backblaze] => "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_d548a.dll (TODO: <Company name>)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> URL http://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://sg.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @acestream.net/acestreamplugin,version=2.2.0-next -> C:\Users\ASUS\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @citrixonline.com/appdetectorplugin -> C:\Users\ASUS\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @talk.google.com/O1DPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @tools.google.com/Google Update;version=3 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @tools.google.com/Google Update;version=9 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-11-21]
FF Extension: IDM CC - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-01-29]
FF Extension: LastPass - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-02-08]
FF Extension: FireShot - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-01-30]
FF Extension: EPUBReader - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-10]
FF Extension: Easy App Tabs - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-02-05]
FF Extension: MEGA - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-02-11]
FF Extension: Save My Tabs - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-02-05]
FF Extension: Media Stealer - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-08-24]
FF Extension: Reader - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-01-30]
FF Extension: Graph Authority - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{CBECCADF-6A82-4141-A264-7ED25F718BCB}.xpi [2014-04-10]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Firefox\Extensions: [[email protected]] - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5 [2015-02-08]
FF HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Downloads) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkhjekibcfjngomhbbifihellcaebcn [2014-07-18]
CHR Extension: (Download Manager (video and mp3)) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapnjmgdanmelbcmjdjljogelnlfepcj [2015-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Honey) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-02-08]
CHR Extension: (RankRecon) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdckfonfkdoeiobllnejjieicmjodh [2014-06-03]
CHR Extension: (OneTab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-02-08]
CHR Extension: (Webpage Screenshot) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-03-22]
CHR Extension: (SEO I.Q.) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadlnlnlpkpchfljjcpkodcljofniggm [2014-09-23]
CHR Extension: (Tabs Backup & Restore) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2014-03-22]
CHR Extension: (Graph Authority) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeaaoidckfbpinpmjbbmgnapanfnkdkc [2014-04-10]
CHR Extension: (FB Pixel Helper) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-02-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-02]
CHR Extension: (Share As Image Extension) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhphfbdfbkokcfajipbmkcakmmepeb [2015-02-08]
CHR Extension: (SEO & Website Analysis) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2014-12-22]
CHR Extension: (IDM Integration Module) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-02-06]
CHR Extension: (AS Magic Player) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-08]
CHR Extension: (Hangouts) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-06]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSWinService.exe [71680 2014-01-15] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-30] (Qualcomm Atheros Commnucations)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2014-12-23] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [118728 2014-12-23] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [92672 2014-12-23] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [88064 2014-12-23] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-31] (Diskeeper Corporation)
R2 FXNADB; C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [96768 2012-06-20] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-18] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-18] (McAfee, Inc.)
R2 MF NTFS Monitor; C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456504 2015-02-04] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-17] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-30] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2014-12-23] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [50640 2014-12-23] (Intel Corporation)
S3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [42224 2014-12-23] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2014-12-23] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [234736 2014-12-23] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-31] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-31] (Diskeeper Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-23] (REALiX(tm))
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-12-23] (Intel Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-02-04] (Windows (R) Win 7 DDK provider)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 11:40 - 2015-02-11 11:40 - 03529407 _____ () C:\Users\ASUS\Desktop\Cap Updates New.zip
2015-02-11 11:07 - 2015-02-11 11:46 - 00000000 ____D () C:\Users\ASUS\Desktop\kw research
2015-02-11 10:47 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 10:47 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 10:47 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 10:47 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 10:47 - 2015-01-12 10:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 10:47 - 2015-01-12 10:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 10:47 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 10:47 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 10:47 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 10:47 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 10:47 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 10:47 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 10:47 - 2015-01-12 09:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 10:47 - 2015-01-12 09:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 10:47 - 2015-01-12 09:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 10:47 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 10:47 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 10:47 - 2015-01-12 09:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 10:47 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 10:47 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 10:47 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 10:47 - 2015-01-12 09:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 10:47 - 2015-01-12 09:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 10:47 - 2015-01-12 09:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 10:47 - 2015-01-12 09:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 10:47 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 10:47 - 2015-01-12 09:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 10:47 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 10:47 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 10:47 - 2015-01-12 09:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 10:47 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 10:47 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 10:47 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 10:47 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 10:47 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 10:47 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 10:47 - 2015-01-10 17:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 10:47 - 2015-01-10 17:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 10:47 - 2015-01-10 16:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 10:47 - 2015-01-10 15:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 10:47 - 2015-01-10 14:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 10:19 - 2015-01-16 06:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 10:19 - 2015-01-16 06:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 10:19 - 2015-01-14 12:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 10:19 - 2015-01-14 11:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 10:19 - 2014-10-29 10:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 10:19 - 2014-10-29 10:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 10:18 - 2015-02-04 07:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 10:18 - 2015-02-04 07:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 10:18 - 2015-02-04 07:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 10:18 - 2015-02-03 07:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 10:18 - 2015-02-03 07:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 10:18 - 2015-02-03 07:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 10:18 - 2015-01-20 02:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 10:18 - 2015-01-14 06:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 10:18 - 2015-01-14 06:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 10:18 - 2015-01-10 16:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 10:18 - 2014-12-19 16:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 10:18 - 2014-12-19 16:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 10:18 - 2014-12-09 11:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 10:18 - 2014-12-09 09:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 10:18 - 2014-12-09 07:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 00:18 - 2015-02-11 00:46 - 00000128 _____ () C:\Users\ASUS\Desktop\New Text Document (2).txt
2015-02-10 19:02 - 2015-02-11 00:51 - 00011275 _____ () C:\Users\ASUS\Desktop\Penalty Recovery Fiverr.xlsx
2015-02-10 17:19 - 2015-02-07 16:18 - 2207364237 _____ () C:\Users\ASUS\Desktop\thenewrulesofseo.zip
2015-02-10 16:46 - 2015-02-10 16:46 - 00000298 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Gladwin.job
2015-02-10 14:33 - 2015-02-10 15:51 - 00001220 _____ () C:\Users\ASUS\Desktop\Competitor research.txt
2015-02-10 10:44 - 2015-02-10 10:46 - 00000000 ____D () C:\Users\ASUS\Desktop\LongTailPro2
2015-02-10 10:40 - 2015-02-10 10:40 - 03265362 _____ () C:\Users\ASUS\Desktop\123new.rar
2015-02-09 22:41 - 2015-02-09 22:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-09 22:39 - 2015-02-09 22:47 - 00000000 ____D () C:\Users\ASUS\Downloads\Doraemon Stand by Me Leaked 720p - ENG - INA SUB
2015-02-09 19:04 - 2015-02-09 19:04 - 00000268 _____ () C:\Users\ASUS\Desktop\Download Page.URL
2015-02-09 15:41 - 2015-02-09 15:41 - 00000835 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slf.lnk
2015-02-09 15:41 - 2015-02-09 15:41 - 00000823 _____ () C:\Users\Public\Desktop\slf.lnk
2015-02-09 15:41 - 2015-02-09 15:41 - 00000000 ____D () C:\Program Files (x86)\slf
2015-02-09 12:43 - 2015-02-08 03:24 - 1008327089 _____ () C:\Users\ASUS\Desktop\Instagram Mastery Formula.zip
2015-02-09 12:34 - 2015-02-09 12:42 - 1015885669 _____ () C:\Users\ASUS\Desktop\OV Allstars; CPA Jumpstart.rar
2015-02-09 11:51 - 2015-02-08 03:56 - 1179768965 _____ () C:\Users\ASUS\Desktop\DDR3boy-Marketplace Super Heroes-$997.zip
2015-02-09 11:34 - 2015-02-09 11:35 - 31816649 _____ () C:\Users\ASUS\Desktop\StudioPress.zip
2015-02-09 11:29 - 2015-02-09 08:13 - 00000000 ____D () C:\Users\ASUS\Desktop\Themify
2015-02-09 11:01 - 2015-02-09 11:02 - 00000071 _____ () C:\Users\ASUS\Desktop\New Text Document.txt
2015-02-09 00:08 - 2015-02-09 00:08 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Clarus
2015-02-08 23:14 - 2015-02-08 23:27 - 1335840460 _____ () C:\Users\ASUS\Desktop\Affplaybook - Greatest Hits Mastermind 2015.rar
2015-02-08 23:04 - 2015-02-08 23:08 - 262547091 _____ () C:\Users\ASUS\Desktop\Reverse Sales Method by Jamie and David.zip
2015-02-08 22:59 - 2015-02-08 23:25 - 1707891903 _____ () C:\Users\ASUS\Desktop\Ryan Deiss - Funnel Blueprint 2.0 UP2.rar
2015-02-08 21:49 - 2015-02-04 03:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-08 21:49 - 2015-02-04 03:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-08 21:46 - 2014-04-16 07:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-08 21:46 - 2014-04-16 07:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-08 11:48 - 2015-02-08 11:48 - 00000000 ____D () C:\Users\ASUS\Downloads\Internet Download Manager (IDM) 6.22 Final Incl. Crack [ATOM]
2015-02-08 02:52 - 2015-02-11 11:57 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 02:51 - 2015-02-11 11:05 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 02:26 - 2015-02-08 02:26 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1d04303a250e3f3.job
2015-02-08 02:26 - 2015-02-08 02:26 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cfffdbc8a5ac38.job
2015-02-08 00:16 - 2015-02-08 11:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 00:15 - 2015-02-08 00:15 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-08 00:15 - 2015-02-08 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-08 00:14 - 2015-02-08 00:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-08 00:14 - 2015-02-08 00:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-08 00:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-08 00:14 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-08 00:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-08 00:12 - 2015-02-11 12:04 - 00000000 ____D () C:\FRST
2015-02-08 00:11 - 2015-02-11 12:04 - 00000000 ____D () C:\Users\ASUS\Desktop\Troubleshoot Program
2015-02-08 00:05 - 2015-02-08 00:05 - 00000631 _____ () C:\WINDOWS\system32\network.txt
2015-02-06 20:06 - 2014-11-29 08:37 - 00180648 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2015-02-05 10:01 - 2013-08-27 23:42 - 00086035 ____N () C:\WINDOWS\system32\athwbx.cat
2015-02-05 10:01 - 2013-08-15 20:13 - 03859968 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2015-02-05 10:01 - 2013-08-15 20:13 - 03859968 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2015-02-05 00:55 - 2015-02-05 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-02-04 23:09 - 2014-12-07 19:53 - 00452755 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150204-230941.backup
2015-02-04 23:03 - 2015-02-04 23:03 - 00003859 _____ () C:\Users\ASUS\Downloads\software_removal_tool.log
2015-02-04 22:47 - 2015-02-08 02:58 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 22:47 - 2015-02-04 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 22:46 - 2015-02-08 02:52 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 22:46 - 2015-02-08 02:52 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 11:34 - 2015-02-10 16:45 - 00000000 ____D () C:\Users\ASUS\Desktop\Firefox Portable
2015-02-02 01:24 - 2015-02-02 01:24 - 00008477 _____ () C:\Users\ASUS\Downloads\Invoice 1480331 (01-30-2015).html
2015-02-01 23:29 - 2015-02-11 11:05 - 00003754 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-02-01 23:28 - 2015-02-10 12:00 - 00000492 _____ () C:\WINDOWS\Tasks\InstallShield Update Task.job
2015-02-01 23:28 - 2015-02-01 23:28 - 00003224 _____ () C:\WINDOWS\System32\Tasks\InstallShield Update Task
2015-02-01 23:28 - 2015-02-01 23:28 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-01 22:58 - 2015-02-01 22:59 - 45488338 _____ () C:\Users\ASUS\Downloads\Microsoft Office Professional Plus 2013 -32-64 Bit(Activator)[RareAbyss].rar
2015-01-26 23:41 - 2015-02-11 11:27 - 00000578 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002.job
2015-01-22 09:37 - 2015-02-05 10:22 - 00000000 ____D () C:\Users\ASUS\Downloads\Ryan Deiss - Invisible Selling Machine
2015-01-22 09:31 - 2015-01-22 09:30 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 21:55 - 2014-12-09 03:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 21:55 - 2014-12-06 09:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-15 22:25 - 2015-01-15 22:25 - 00001056 _____ () C:\Users\Public\Desktop\ICCExpress.lnk
2015-01-15 22:25 - 2015-01-15 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Dimensions
2015-01-14 15:07 - 2015-01-14 15:07 - 00004456 _____ () C:\Users\ASUS\Downloads\Keyword Planner 2015-01-14 at 15-07-16.csv
2015-01-14 12:01 - 2014-12-19 14:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 12:01 - 2014-12-12 10:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 12:01 - 2014-12-12 08:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 12:01 - 2014-12-09 09:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 12:01 - 2014-12-06 11:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 12:01 - 2014-12-06 09:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 22:58 - 2015-01-13 22:58 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Hobbyist Software
2015-01-13 22:34 - 2015-02-04 23:12 - 00000000 ____D () C:\Program Files (x86)\Hobbyist Software
2015-01-13 22:34 - 2015-01-13 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Setup Helper
2015-01-13 17:24 - 2015-02-11 11:46 - 00000000 ____D () C:\Users\ASUS\Desktop\SEO

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 12:05 - 2014-04-06 12:47 - 00000000 ___HD () C:\Users\ASUS\.mediafire
2015-02-11 12:02 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-11 11:39 - 2014-02-07 10:23 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-11 11:18 - 2014-02-05 15:36 - 02062846 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-11 11:10 - 2014-02-05 08:51 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-147487581-2992457104-1551078015-1002
2015-02-11 11:10 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-11 11:09 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Packages
2015-02-11 11:07 - 2014-02-14 12:12 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Copy
2015-02-11 11:06 - 2014-04-06 12:47 - 00000000 ___RD () C:\Users\ASUS\MediaFire
2015-02-11 11:06 - 2014-02-05 16:11 - 00000000 ___RD () C:\Users\ASUS\Dropbox
2015-02-11 11:06 - 2014-02-05 16:10 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Dropbox
2015-02-11 11:05 - 2014-02-05 16:05 - 00000000 ___DO () C:\Users\ASUS\SkyDrive
2015-02-11 11:05 - 2014-02-05 08:50 - 00000062 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2015-02-11 11:04 - 2014-12-23 18:10 - 00015420 _____ () C:\WINDOWS\setupact.log
2015-02-11 11:04 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-11 11:04 - 2013-08-22 22:44 - 05118432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 11:03 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-11 11:01 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\DMCache
2015-02-11 10:52 - 2014-02-05 22:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-11 10:52 - 2014-02-05 16:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 10:50 - 2014-12-11 17:14 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 10:50 - 2014-07-09 16:20 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 10:37 - 2014-12-07 21:07 - 00055010 _____ () C:\WINDOWS\PFRO.log
2015-02-11 10:32 - 2014-02-05 12:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 10:26 - 2014-02-05 12:06 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 10:25 - 2012-07-26 13:26 - 00000199 _____ () C:\WINDOWS\win.ini
2015-02-11 10:16 - 2014-05-08 18:20 - 00000000 ____D () C:\Users\ASUS\AppData\Local\CrashDumps
2015-02-10 23:53 - 2013-11-14 15:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-10 22:52 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\Downloads\Compressed
2015-02-10 16:50 - 2014-02-08 18:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\uTorrent
2015-02-10 16:46 - 2014-08-20 23:07 - 00003087 _____ () C:\WINDOWS\wininit.ini
2015-02-10 16:46 - 2014-06-02 00:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-10 16:22 - 2014-02-14 13:27 - 00000248 _____ () C:\Users\ASUS\AppData\Roaming\RO39-2M3Q
2015-02-10 15:21 - 2014-03-22 12:27 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Skype
2015-02-10 00:32 - 2014-02-06 21:03 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2015-02-09 15:41 - 2014-02-06 23:22 - 13933568 ___SH () C:\Users\ASUS\Desktop\Thumbs.db
2015-02-08 23:00 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\IDM
2015-02-08 21:50 - 2014-02-05 11:55 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-08 21:43 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-08 11:54 - 2014-02-05 18:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-08 11:49 - 2014-02-05 18:45 - 00001023 _____ () C:\Users\ASUS\Desktop\Internet Download Manager.lnk
2015-02-08 11:28 - 2013-11-14 15:17 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-02-08 10:57 - 2014-02-12 22:49 - 09024000 ___SH () C:\Users\ASUS\Downloads\Thumbs.db
2015-02-08 02:39 - 2014-02-07 10:23 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-08 00:46 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-07 23:50 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-05 14:40 - 2014-06-23 03:09 - 00000000 ____D () C:\Users\ASUS\Downloads\Bank Statement
2015-02-05 10:02 - 2014-02-05 07:02 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2015-02-05 01:13 - 2014-02-10 21:17 - 00000000 ____D () C:\Users\ASUS\Desktop\Shortcuts
2015-02-05 01:06 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\ASUS
2015-02-05 01:06 - 2014-02-05 07:20 - 00000000 ____D () C:\ProgramData\P4G
2015-02-05 00:59 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-05 00:36 - 2014-02-05 15:41 - 00000000 ____D () C:\Users\ASUS
2015-02-05 00:22 - 2014-12-11 11:59 - 00000000 ____D () C:\Program Files\Recuva
2015-02-04 22:47 - 2014-02-05 12:46 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-04 12:04 - 2014-02-05 12:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Mozilla
2015-02-04 02:03 - 2014-04-06 12:32 - 00020696 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mfmonitor_x64.sys
2015-02-01 23:29 - 2014-02-05 17:09 - 00000000 ____D () C:\WINDOWS\AutoKMS
2015-01-30 21:51 - 2014-02-05 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-29 21:13 - 2014-02-05 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 23:41 - 2014-04-26 11:28 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002
2015-01-26 00:16 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\Downloads\Video
2015-01-22 13:17 - 2014-09-26 00:52 - 00000000 __SHD () C:\Users\ASUS\wc
2015-01-22 09:33 - 2014-06-16 11:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-22 09:30 - 2014-12-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 10:24 - 2015-01-06 11:24 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\FileZilla
2015-01-18 23:56 - 2014-02-08 18:15 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\.ACEStream
2015-01-18 23:50 - 2014-07-01 00:10 - 00000000 ___HD () C:\_acestream_cache_
2015-01-16 16:58 - 2014-10-25 14:26 - 00000000 ___RD () C:\Users\ASUS\Copy [email protected]
2015-01-15 22:25 - 2014-09-10 15:59 - 00000000 ____D () C:\Users\ASUS\Documents\ICCExpress
2015-01-15 22:25 - 2014-09-10 15:59 - 00000000 ____D () C:\Program Files (x86)\Web Dimensions
2015-01-14 20:05 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-13 00:20 - 2014-12-23 22:57 - 00000000 ____D () C:\Users\ASUS\Downloads\GKIC_Holiday_Training

==================== Files in the root of some directories =======

2014-08-28 09:34 - 2014-08-28 09:35 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-14 13:26 - 2014-02-14 13:26 - 0000088 _____ () C:\Users\ASUS\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2014-02-14 13:26 - 2014-02-14 13:26 - 0000088 _____ () C:\Users\ASUS\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2014-11-14 15:36 - 2014-11-25 18:41 - 0000132 _____ () C:\Users\ASUS\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-14 13:27 - 2015-02-10 16:22 - 0000248 _____ () C:\Users\ASUS\AppData\Roaming\RO39-2M3Q
2014-02-05 08:50 - 2015-02-11 11:05 - 0000062 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2014-06-19 10:28 - 2014-06-19 10:28 - 0000024 _____ () C:\Users\ASUS\AppData\Roaming\temp.ini
2014-11-14 15:45 - 2014-11-14 15:45 - 0001456 _____ () C:\Users\ASUS\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-09-10 19:49 - 2012-09-10 19:49 - 0001050 ____H () C:\Users\ASUS\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}
2014-12-23 18:14 - 2014-12-23 18:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-08-05 09:42 - 2012-07-30 14:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-05 09:42 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwuawrp.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon2_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon3_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon4_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon5_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MFDesktopShellStatic_x64.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-09 10:54

==================== End Of Log ============================


----------



## kango88 (Feb 5, 2015)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Gladwin at 2015-02-11 12:06:09
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ace Stream Media 2.2.0-next (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\AceStream) (Version: 2.2.0-next - Ace Stream Media)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AliG SLF (HKLM-x32\...\com.aligmarketing.slf) (Version: 3.2.2 - Ali G. Marketing LLC)
AliG SLF (x32 Version: 3.2.2 - Ali G. Marketing LLC) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
Atheros Outlook Addin 2010 (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\BB108A893815B64BF41C4574C3324FB7371AA244) (Version: 1.0.0.0 - Microsoft)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AudienceMakr (HKLM-x32\...\AudienceMakr) (Version: 1.0.2 - Infomastery, LLC)
AudienceMakr (x32 Version: 1.0.2 - Infomastery, LLC) Hidden
Brother MFL-Pro Suite MFC-9330CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Copy (HKLM\...\{EE4CEBB9-C0FC-4503-9BC0-1E32B566DE71}) (Version: 1.47.410.0 - Barracuda Networks, Inc.)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DocuPrint CM205 f_fw (HKLM-x32\...\InstallShield_{82E36284-5E49-4800-9882-0B69D7EEAC2D}) (Version: 1.011.00 - Fuji Xerox)
DocuPrint CM205 f_fw (x32 Version: 1.011.00 - Fuji Xerox) Hidden
Dropbox (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Explaindio Sketch Line Color Changer (HKLM-x32\...\Coloring) (Version: 0.0.0 - UNKNOWN)
Explaindio Sketch Line Color Changer (x32 Version: 0.0.0 - UNKNOWN) Hidden
Explaindio Video Creator version 1.004 (HKLM-x32\...\{FE60174E-0881-4634-946F-9F9C8672710A}_is1) (Version: 1.004 - Explaindio LLC)
Explaindio Video Creator version 1.009 (HKLM-x32\...\{9E347DDD-DB67-4348-8C96-75E0BBC65407}_is1) (Version: 1.009 - Explaindio LLC)
Explaindio Video Creator version 1.012 (HKLM-x32\...\{C38A770F-F857-4357-84ED-FF71D8DE90BF}_is1) (Version: 1.012 - Explaindio LLC)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
GSA Email Spider v7.13 (HKLM-x32\...\GSA Email Spider_is1) (Version: 7.13 - GSA Software)
GSA Search Engine Ranker v9.42 (HKLM-x32\...\GSA Search Engine Ranker_is1) (Version: 9.42 - GSA Software)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Instant Content Curator Express (HKLM-x32\...\com.webdimensions.instantcontentcurator.express) (Version: 2.0.8 - Web Dimensions, Inc.)
Instant Content Curator Express (x32 Version: 2.0.8 - Web Dimensions, Inc.) Hidden
Instant Eyedropper 1.75 (HKLM-x32\...\Instant Eyedropper_is1) (Version: - )
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.7.1084 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Last Man (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Last Man) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LongTailPro - Version 2.4.28 (HKLM-x32\...\com.longtailpro.LongTailPro) (Version: 2.4.28 - Long Tail Media, LLC)
LongTailPro - Version 2.4.28 (x32 Version: 2.4.28 - Long Tail Media, LLC) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.38 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.93.38 - Alliance Software Pty Ltd) Hidden
MediaFire Desktop (HKLM-x32\...\MediaFire Desktop 0.10.21.9247) (Version: 1.4.17.10772 - MediaFire)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Lead Monster (HKLM-x32\...\MobileLeadMonster) (Version: 1.0 - Axiom Marketing Inc.)
Mobile Lead Monster (x32 Version: 1.0 - Axiom Marketing Inc.) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{9AFDC558-9575-48B8-BC39-CCAACB8DC05E}) (Version: 4.4.1.0 - Alexander Nikiforov)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
NZ Financial MT4 Terminal (HKLM-x32\...\NZ Financial MT4 Terminal) (Version: 4.00 - MetaQuotes Software Corp.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguin Recovery Jeet (HKLM-x32\...\Penguin Recovery Jeet_is1) (Version: 1.0 - Teknikforce)
PureVPN (HKLM-x32\...\PureVPN_is1) (Version: 3.2 - PureVPN)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.172 - Clarus, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SMSCaster E-Marketer GSM Enterprise v3.6 (HKLM-x32\...\SMSCaster E-Marketer GSM Enterprise_is1) (Version: v3.6 (build 1071) - SDJ Software Limited)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spotify (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version: - )
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Telegram Desktop version 0.7.4 (HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.4 - Telegram Messenger LLP)
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.858.1 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VideoMakerFX (HKLM-x32\...\VideoMakerFX 1.01) (Version: 1.01 - Webvati)
VideoMakerFX (HKLM-x32\...\VideoMakerFX 1.04) (Version: 1.04 - Webvati)
VideoMakerFX (HKLM-x32\...\VideoMakerFX 1.05) (Version: 1.05 - Webvati)
VideoMakerFX (x32 Version: 1.01 - Webvati) Hidden
VideoMakerFX (x32 Version: 1.05 - Webvati) Hidden
VideoMakerFX Josh Ratta Bonus Scenes (HKLM-x32\...\{E7CAFBCF-1A20-4AF8-AE0E-89A8282CCA46}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes August Addon 1.0 (HKLM-x32\...\{BC117729-A0EA-48CF-941E-6F12EFB7D71E}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes December Addon 1.0 (HKLM-x32\...\{F5AEF14E-731A-4875-B55D-1561E2F87722}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes July Addon 1.0 (HKLM-x32\...\{BDAA3BD7-1BA0-4727-B99F-89FD45A1D15A}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes June Addon 1.0 (HKLM-x32\...\{AE11668B-174C-461F-8A4D-5AEF54DD3B5F}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes May Addon 1.0 (HKLM-x32\...\{6073BA7B-671F-4F41-AA93-05164AAE6A72}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes November Addon 1.0 (HKLM-x32\...\{23CFA575-AD8D-48AD-971D-EF76F70FC94F}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes October Addon 1.0 (HKLM-x32\...\{C7F12978-67A4-45F3-9010-9F94BC730894}) (Version: 1.0 - Webvati)
VideoMakerFX ProThemes September Addon 1.0 (HKLM-x32\...\{703AEFFE-6830-4BEB-A697-62D5566A7557}) (Version: 1.0 - Webvati)
VideoMakerFX VideoProfitFX Add On 1.0 (HKLM-x32\...\{8F99303E-4E46-45DC-964D-649DBC72B717}) (Version: 1.0 - Webvati)
VideoMakerFX Webinar Bonus Kinetic Special Scenes (HKLM-x32\...\{1895C465-14C6-4AEB-8478-13F0A1953282}) (Version: 1.0 - Webvati)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC Setup Helper (HKLM-x32\...\VLC Setup Helper_is1) (Version: - )
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.8.381 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Citrix\GoToMeeting\1865\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-147487581-2992457104-1551078015-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

11-02-2015 10:49:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-11-13 11:30 - 2015-02-04 23:09 - 00452879 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1EC4E477-8FB4-4785-8F1C-B28E2F00A284} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-25] (ASUS)
Task: {231A1BC4-7F52-433B-BA49-DAC21ED77E2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {275ADBFC-8958-496E-9374-8D0A637CF457} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-02-01] ()
Task: {35631E60-74ED-44BE-9C60-43DC09DA1993} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {3B5951F4-199B-490D-922E-06D0B82A59A9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-19] (ASUSTek Computer Inc.)
Task: {3C3C1EA3-2DAE-4B67-921E-D4A2A529B8C4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-08] (Adobe Systems Incorporated)
Task: {453A192F-EFE2-4E59-8DB3-DF1E1F1EAA85} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2012-11-30] ()
Task: {48BC6164-F3B2-4DD2-B8EB-BFF8A59B9E6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {63A5081D-D5AD-495D-9006-1519CB6CB077} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-30] (ASUS)
Task: {78CDE10B-3C8A-496A-9D53-0E2A2A2B2A22} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8006A781-C47E-4391-BCE9-EDCC3A3492D6} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-25] (ASUS)
Task: {8108059B-D47E-4FD8-9981-0D9623B0DD77} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {82AA3937-45DC-4A88-955B-05EFCC1B721E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9411BCD0-CBCE-4E6F-9E4A-C6C5743A2F6F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-23] (ASUSTeK Computer Inc.)
Task: {97DAD6E6-1844-4F80-A827-CFC2AA087E3A} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-17] (AsusTek)
Task: {A1E533F8-F20E-4D0F-89D0-771BCE3B0147} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-05] ()
Task: {E10CE05D-CD0F-4E10-A184-B9E613977FC6} - System32\Tasks\CLARUS_DRIVE_MANAGER\Clarus_Drive_Manager => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [2013-12-18] (Clarus, Inc.)
Task: {F0BBFD4C-5614-49DB-8CA1-69D298C40533} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F50BA656-7650-4D52-8358-18794A1F735F} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
Task: {F9D63969-0932-4E38-A93A-91E6D66279D8} - System32\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002 => C:\Users\ASUS\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002.job => C:\Users\ASUS\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cf8e99a9971846.job => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cfedc1168c14f4.job => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cfffdbc8a5ac38.job => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1d04303a250e3f3.job => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\InstallShield Update Task.job => C:\WINDOWS\system32\wscript.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Gladwin.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-10 08:13 - 2014-03-04 22:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-05 15:36 - 2014-03-04 21:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-18 10:02 - 2011-11-18 10:02 - 00023040 _____ () C:\WINDOWS\System32\fxhk4alm.dll
2012-06-20 12:21 - 2012-06-20 12:21 - 00096768 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 00456504 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
2014-12-02 17:11 - 2005-04-22 12:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-02 03:29 - 2014-05-02 03:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-11-30 09:15 - 2012-11-30 09:15 - 00171224 _____ () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
2012-08-25 09:26 - 2012-08-25 09:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-09-30 11:02 - 2012-09-30 11:02 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-30 10:59 - 2012-09-30 10:59 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-09-30 11:01 - 2012-09-30 11:01 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-01-28 17:46 - 2014-09-25 13:57 - 00027904 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 04002120 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 01228616 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_hub.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 04672328 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 04242760 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
2014-07-09 10:55 - 2007-10-17 16:22 - 00352256 _____ () C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 03957064 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_browser.exe
2015-01-23 23:40 - 2015-01-23 23:40 - 02092544 _____ () C:\Users\ASUS\AppData\Roaming\Copy\Gui.dll
2015-01-23 23:40 - 2015-01-23 23:40 - 08212480 _____ () C:\Users\ASUS\AppData\Roaming\Copy\Brt.dll
2015-01-23 23:40 - 2015-01-23 23:40 - 09276928 _____ () C:\Users\ASUS\AppData\Roaming\Copy\AgentSync.dll
2015-01-23 23:40 - 2015-01-23 23:40 - 05327872 _____ () C:\Users\ASUS\AppData\Roaming\Copy\CloudSync.dll
2014-04-06 12:32 - 2015-02-04 02:32 - 09501000 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_central_control.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 02406216 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_monitor.exe
2012-06-20 12:21 - 2012-06-20 12:21 - 00248320 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
2012-06-20 12:21 - 2012-06-20 12:21 - 00229376 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
2014-01-10 13:26 - 2014-01-10 13:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-04-06 12:32 - 2015-02-04 02:32 - 07139144 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_dialogs.exe
2013-03-29 19:18 - 2013-03-29 19:18 - 00026744 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\ace_update.exe
2012-03-08 10:27 - 2012-03-08 10:27 - 00016384 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\ACVsWin.dll
2014-09-25 13:33 - 2014-09-25 13:33 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2014-01-23 16:05 - 2014-01-23 16:05 - 01424552 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-10 08:13 - 2014-03-04 22:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-28 17:46 - 2014-11-28 13:46 - 00249856 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 21:09 - 2011-06-12 21:09 - 00038400 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 21:09 - 2011-06-12 21:09 - 00720896 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2013-11-27 23:50 - 2013-11-27 23:50 - 00018944 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00287232 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2014-01-28 17:45 - 2014-11-28 13:46 - 01732096 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2014-01-23 19:37 - 2014-01-23 19:37 - 00036352 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2013-12-21 21:20 - 2013-12-21 21:20 - 00053248 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00106496 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2013-12-21 21:20 - 2013-12-21 21:20 - 00040448 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00011776 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\select.pyd
2011-01-19 05:56 - 2011-01-19 05:56 - 00334336 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00152576 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 23:02 - 2011-02-13 23:02 - 00031232 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2014-01-28 17:55 - 2014-11-28 13:46 - 03083264 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-08 00:37 - 2012-02-08 00:37 - 00098816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-08 00:35 - 2012-02-08 00:35 - 00110080 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-08 00:38 - 2012-02-08 00:38 - 00358912 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-08 00:36 - 2012-02-08 00:36 - 00111616 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-08 00:36 - 2012-02-08 00:36 - 00024064 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-11 06:23 - 2010-10-11 06:23 - 00723968 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-30 00:20 - 2013-01-30 00:20 - 00082944 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-16 03:37 - 2011-07-16 03:37 - 00981504 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00746496 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00670720 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00966144 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00674816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00688128 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2013-12-21 21:02 - 2013-12-21 21:02 - 00061952 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-30 00:20 - 2013-01-30 00:20 - 00066048 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2014-04-06 12:32 - 2015-02-04 02:22 - 00112142 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\libgcc_s_dw2-1.dll
2014-04-06 12:32 - 2015-02-04 02:22 - 01000974 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\libstdc++-6.dll
2015-01-29 21:13 - 2015-01-29 21:13 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-08 11:05 - 2015-02-08 11:05 - 01020928 _____ () C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
2014-07-05 14:20 - 2015-02-04 02:04 - 04188400 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\libsqlite3cc.dll
2014-04-06 12:32 - 2015-02-04 02:03 - 00042496 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\win32overlay.dll
2014-10-16 17:15 - 2014-10-16 17:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-25 00:41 - 2014-05-25 00:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-25 00:41 - 2014-05-25 00:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-02-08 02:58 - 2015-02-04 17:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-08 02:58 - 2015-02-04 17:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-08 02:58 - 2015-02-04 17:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2014-04-06 12:32 - 2015-02-04 02:03 - 00007680 _____ () C:\Users\ASUS\AppData\Local\MediaFire Desktop\mfmonitor.dll
2014-01-10 13:28 - 2014-01-10 13:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00750080 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-11 11:06 - 2015-02-11 11:06 - 00043008 _____ () c:\users\asus\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwuawrp.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00047616 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00863744 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00200704 _____ () C:\Users\ASUS\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-02-05 07:06 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-06-12 21:09 - 2011-06-12 21:09 - 00038400 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 21:09 - 2011-06-12 21:09 - 00720896 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-16 03:37 - 2011-07-16 03:37 - 00981504 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00746496 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00670720 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00966144 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-16 03:38 - 2011-07-16 03:38 - 00674816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00287232 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-19 05:56 - 2011-01-19 05:56 - 00334336 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00011776 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 21:06 - 2011-06-12 21:06 - 00152576 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-08 00:37 - 2012-02-08 00:37 - 00098816 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-08 00:35 - 2012-02-08 00:35 - 00110080 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-08 00:38 - 2012-02-08 00:38 - 00358912 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-08 00:36 - 2012-02-08 00:36 - 00111616 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-08 00:36 - 2012-02-08 00:36 - 00024064 _____ () C:\Users\ASUS\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\ASUS\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-147487581-2992457104-1551078015-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ASUS\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-147487581-2992457104-1551078015-500 - Administrator - Disabled)
Gladwin (S-1-5-21-147487581-2992457104-1551078015-1002 - Administrator - Enabled) => C:\Users\ASUS
Guest (S-1-5-21-147487581-2992457104-1551078015-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-147487581-2992457104-1551078015-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Intel(R) Dynamic Platform & Thermal Framework Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfManager
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Virtual Bluetooth Support
Description: Virtual Bluetooth Support
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Description: Intel(R) Dynamic Platform & Thermal Framework Generic Participant Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: DptfDevGen
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2015 11:06:10 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TrayManager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ThrowHelper.ThrowInvalidOperationException(System.ExceptionResource)
at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNextRare()
at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNext()
at Wpf4TrayManager.App.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at Wpf4TrayManager.App.Main()

Error: (02/11/2015 11:05:45 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (02/11/2015 11:05:16 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.

Error: (02/11/2015 11:05:16 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]

Error: (02/11/2015 11:04:40 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/11/2015 11:04:40 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/11/2015 11:04:40 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceMain: ServiceStart() failed.

Error: (02/11/2015 11:04:40 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/11/2015 11:04:40 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/11/2015 11:04:40 AM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPService
ServiceMain: ServiceStart() failed.

System errors:
=============
Error: (02/11/2015 11:04:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StartMenu8 Service service failed to start due to the following error: 
%%2

Error: (02/11/2015 11:04:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%1053

Error: (02/11/2015 11:04:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/11/2015 11:04:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error: 
%%1053

Error: (02/11/2015 11:04:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service2 service to connect.

Error: (02/11/2015 11:04:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error: 
%%2

Error: (02/11/2015 11:03:53 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (02/11/2015 10:42:38 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/11/2015 10:37:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StartMenu8 Service service failed to start due to the following error: 
%%2

Error: (02/11/2015 10:37:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%1053

Microsoft Office Sessions:
=========================
Error: (02/11/2015 11:06:10 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TrayManager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
at System.ThrowHelper.ThrowInvalidOperationException(System.ExceptionResource)
at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNextRare()
at System.Collections.Generic.List`1+Enumerator[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].MoveNext()
at Wpf4TrayManager.App.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at Wpf4TrayManager.App.Main()

Error: (02/11/2015 11:05:45 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (02/11/2015 11:05:16 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain: CreateSharedMemory() failed.

Error: (02/11/2015 11:05:16 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory: CreateFileMapping() failed.Last error = [0x00000005]

Error: (02/11/2015 11:04:40 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/11/2015 11:04:40 AM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/11/2015 11:04:40 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceMain: ServiceStart() failed.

Error: (02/11/2015 11:04:40 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceServiceStart: ConnectToDptfFrameworkDriver() failed.

Error: (02/11/2015 11:04:40 AM) (Source: DptfPolicyCriticalService) (EventID: 1) (User: )
Description: DptfPolicyCriticalServiceConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed.Last error = [0x00000103]

Error: (02/11/2015 11:04:40 AM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPServiceServiceMain: ServiceStart() failed.

CodeIntegrity Errors:
===================================
Date: 2015-02-10 16:06:49.176
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:06:48.929
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:06:48.723
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:06:47.847
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:06:47.628
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:06:47.380
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:04:19.972
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:04:19.704
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:04:19.363
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-02-10 16:04:19.099
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 62%
Total physical RAM: 8077.59 MB
Available physical RAM: 3005.95 MB
Total Pagefile: 10509.59 MB
Available Pagefile: 5007.81 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:31.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:1.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 185485F0)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: BC223D42)

Partition: GPT Partition Type.

==================== End Of Log ============================


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed file. (see below) Save it in the same location FRST is saved. Open FRST. Click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post its contents in your next reply.

Reset your browsers to default. For instructions see *here*.

Let me know how is it doing after a restart.


----------



## kango88 (Feb 5, 2015)

hi, i cannot see the enclosed file

Will reseting of my browser while my chrome is synced to my google account remove everything as well?


----------



## JSntgRvr (Jul 1, 2003)

I have just replaced it for another user. I will review FRST and build another one. In regard to Google, I believe so, but passwords and account names may not be present once reset.


----------



## JSntgRvr (Jul 1, 2003)

Here is the fixlist.txt.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 01
Ran by Gladwin at 2015-02-11 23:47:20 Run:3
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Loaded Profiles: Gladwin (Available profiles: Gladwin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= 5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= => Value not found.
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.

==== End of Fixlog 23:47:20 ====


----------



## kango88 (Feb 5, 2015)

Reset my browsers and restarted my comp and problem still exist


----------



## JSntgRvr (Jul 1, 2003)

I believe it is a setting pointing to conduit.com.

Download the latest AdwCleaner from *here*. Save the file to the desktop.

*NOTE:* If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

*Close all open windows and browsers.*

*XP users:* Double click the *AdwCleaner* icon to start the program.
*Vista/7/8 users:* Right click the *AdwCleaner* icon on the desktop, click *Run as administrator* and accept the UAC prompt to run AdwCleaner.
You will see the following console:










Click the *Scan* button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: *Pending. Please uncheck elements you don't want to remove.*
Click the *Clean* button.
*Everything checked* will be deleted.
When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this










On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to *C:\AdwCleaner\AdwCleaner[S0].txt*


----------



## JSntgRvr (Jul 1, 2003)

Remove *Surfing Protection* from your programs.

Run a *Fix* with FRST using the enclosed *fixlist.txt.*


----------



## kango88 (Feb 5, 2015)

hi, what do you mean by remove surfing protection?


----------



## JSntgRvr (Jul 1, 2003)

According to the Addition.txt, the following programs are installed.:

*Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)*

Go to the Control Panel, Program Features and remove those programs.


----------



## kango88 (Feb 5, 2015)

# AdwCleaner v4.110 - Logfile created 12/02/2015 at 11:11:29
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Gladwin - GLADWIN
# Running from : C:\Users\ASUS\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
Folder Deleted : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
File Deleted : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\invalidprefs.js

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\anchorfree

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

-\\ Google Chrome v40.0.2214.111

*************************

AdwCleaner[R0].txt - [1851 bytes] - [12/02/2015 11:09:21]
AdwCleaner[S0].txt - [1746 bytes] - [12/02/2015 11:11:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1805 bytes] ##########


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 01
Ran by Gladwin at 2015-02-12 11:15:25 Run:4
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Loaded Profiles: Gladwin (Available profiles: Gladwin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> URL http://search.conduit.com/Results.as...ce=58&CUI=&UM= 5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Ext ensions\[email protected] [2014-11-21]
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.conduit.com/Results.as...ce=58&CUI=&UM= => Value not found.
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value not found.
C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Ext ensions\[email protected] not found.

==== End of Fixlog 11:15:25 ====


----------



## kango88 (Feb 5, 2015)

In addition, I'm facing a new problem as every now and then I'll get 

DNS Lookup for "xxx.com" failed. System.Net.Sockets.SocketException This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server


----------



## JSntgRvr (Jul 1, 2003)

kango88 said:


> In addition, I'm facing a new problem as every now and then I'll get
> 
> DNS Lookup for "xxx.com" failed. System.Net.Sockets.SocketException This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server


That must be your ISP or router. Two option; reset your router to factory defaults (See your router documentation) or test using *OpenDNS*


----------



## JSntgRvr (Jul 1, 2003)

How is this computer doing?


----------



## kango88 (Feb 5, 2015)

i flushed the dns but now most of the sites i go to giving me this problem on firefox and there are no other options to skip it

This Connection is Untrusted

You have asked Firefox to connect securely to www.yahoo.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

www.yahoo.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)


----------



## kango88 (Feb 5, 2015)

The previous corrupted search engine probelm seems to be solved for now but the dns and untrusted connection issues are now present. 

For the dns problem, after refreshing the site for sometime, sometime it will work again. Is not the router as my other devices working well


----------



## JSntgRvr (Jul 1, 2003)

Is that only in Firefox?


----------



## JSntgRvr (Jul 1, 2003)

Go to the Internet Options in the control panel. Select the Connection tab and click on LAN Settings. Is there a checkmark under Proxy Server?


----------



## kango88 (Feb 5, 2015)

the untrusted connection issues is only for firefox. 

Yes, there is a checkmark under proxy server


----------



## JSntgRvr (Jul 1, 2003)

Right click on Internet Explorer and select Run as an Administrator. Select Tools from the menu, then Internet Options. Select the Connection tab and click on LAN Settings. Remove all checkmarks, click on Apply then OK. Close Internet Explorer and restart the Computer.

Upon restart, confirm that the Proxy Server no longer have the check mark, then test the computer.

Let me know the outcome.


----------



## kango88 (Feb 5, 2015)

Hi, i cannot click the apply button after unchecking even when running in adminsitrator mode


----------



## JSntgRvr (Jul 1, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.

*32 bit Download Mirror #1
32 bit Download Mirror #2*

For 64bit systems, Please download *SystemLook* from the link below and save it to your Desktop.

*64 bit Download Mirror*


Double-click *SystemLook.exe* (or SystemLook_x64.exe) to run the application.
Copy the content of the following quote box into the main textfield:


> :regfind
> proxy



Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## JSntgRvr (Jul 1, 2003)

Open Firefox. Click on Tools ->Options->Advanced->Network tab->Connection->Settings-> select No proxy. Click OK.

See if that resolves the issue with Firefox.


----------



## kango88 (Feb 5, 2015)

Hi, i have some problem with copying and pasting the SystemLook.txt file as it is too big. Also cannot attach it here. Can i upload to some other site for you to take a look?

I have changed the firefox settings and firefox is working fine now


----------



## JSntgRvr (Jul 1, 2003)

You can either attempt to zip the file (Right click on it and select Send to ->Compressed, zipped folder) and attach the zipped folder, or upload the file *here*.


----------



## kango88 (Feb 5, 2015)

I've submitted the files through the given link as even the zip file is larger than the max limit for attachments. Thanks


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed folder. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, *RegFix.reg* . Once extracted, open the folder and double click on the *RegFix.reg* file and select *Yes* when prompted to merge it into the registry.

Restart the computer.

Open FRST and allow it to update. Once done, click on the Scan button and post the new FRST.txt log.


----------



## kango88 (Feb 5, 2015)

The browser corrupted issue is back again before i carried out the last steps. Could be after i changed the firefox settings and restarted the comp

Below is the new FRST report after applying the .reg file

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Gladwin (administrator) on GLADWIN on 15-02-2015 12:47:23
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Loaded Profiles: Gladwin (Available profiles: Gladwin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvMon.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Spotify Ltd) C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_hub.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
() C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_browser.exe
(Barracuda Networks, Inc.) C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_central_control.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\ASUSWSLoader.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_monitor.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
(Dropbox, Inc.) C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_dialogs.exe
() C:\Users\ASUS\AppData\Roaming\ACEStream\updater\ace_update.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-12-23] (Realtek Semiconductor)
HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [29696 2013-08-22] (Microsoft Corporation)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-30] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-30] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [70656 2014-12-23] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-05] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\ASUSWSLoader.exe [63296 2014-07-08] ()
HKLM-x32\...\Run: [Launcher] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe [2400768 2012-04-28] (Fuji Xerox Co., Ltd.)
HKLM-x32\...\Run: [M205f RUN] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe [355840 2012-06-20] ()
HKLM-x32\...\Run: [StatusAutoRunm205f] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe [3978752 2012-06-20] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-02-08] (Tonec Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [AceStream] => C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Spotify Web Helper] => C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Google Update] => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-13] (Google Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [MediaFire Tray] => C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe [4002120 2015-02-04] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [instanteyedropper] => C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe [352256 2007-10-17] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Copy] => C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-01-23] (Barracuda Networks, Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [GoogleChromeAutoLaunch_D5DDF34FE692FC2EA1B8968615A3C02A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\MountPoints2: {c7345423-f2fd-11e3-bf91-2cd05a4163df} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\MountPoints2: {e49a6483-8e37-11e3-824e-806e6f6e6963} - "F:\start.exe" 
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-01-23] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\Run: [Backblaze] => "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> URL http://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&q={searchTerms}&SSPV=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://sg.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @acestream.net/acestreamplugin,version=2.2.0-next -> C:\Users\ASUS\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @citrixonline.com/appdetectorplugin -> C:\Users\ASUS\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @talk.google.com/O1DPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @tools.google.com/Google Update;version=3 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @tools.google.com/Google Update;version=9 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-11-21]
FF Extension: IDM CC - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-01-29]
FF Extension: LastPass - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-02-08]
FF Extension: FireShot - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-01-30]
FF Extension: EPUBReader - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-10]
FF Extension: Easy App Tabs - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-02-05]
FF Extension: MEGA - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-02-15]
FF Extension: Save My Tabs - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-02-05]
FF Extension: Media Stealer - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-08-24]
FF Extension: Reader - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-01-30]
FF Extension: Graph Authority - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{CBECCADF-6A82-4141-A264-7ED25F718BCB}.xpi [2014-04-10]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Firefox\Extensions: [[email protected]] - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5 [2015-02-08]
FF HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Downloads) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkhjekibcfjngomhbbifihellcaebcn [2014-07-18]
CHR Extension: (Download Manager (video and mp3)) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapnjmgdanmelbcmjdjljogelnlfepcj [2015-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (RankRecon) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdckfonfkdoeiobllnejjieicmjodh [2014-06-03]
CHR Extension: (OneTab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-02-08]
CHR Extension: (Webpage Screenshot) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-03-22]
CHR Extension: (SEO I.Q.) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadlnlnlpkpchfljjcpkodcljofniggm [2014-09-23]
CHR Extension: (Tabs Backup & Restore) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2014-03-22]
CHR Extension: (Graph Authority) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeaaoidckfbpinpmjbbmgnapanfnkdkc [2014-04-10]
CHR Extension: (FB Pixel Helper) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-02-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-02]
CHR Extension: (Share As Image Extension) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhphfbdfbkokcfajipbmkcakmmepeb [2015-02-08]
CHR Extension: (SEO & Website Analysis) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2014-12-22]
CHR Extension: (IDM Integration Module) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-02-06]
CHR Extension: (Hangouts) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-06]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSWinService.exe [71680 2014-01-15] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-30] (Qualcomm Atheros Commnucations)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2014-12-23] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [118728 2014-12-23] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [92672 2014-12-23] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [88064 2014-12-23] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-31] (Diskeeper Corporation)
R2 FXNADB; C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [96768 2012-06-20] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-18] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-18] (McAfee, Inc.)
R2 MF NTFS Monitor; C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456504 2015-02-04] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-17] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-30] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2014-12-23] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [50640 2014-12-23] (Intel Corporation)
S3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [42224 2014-12-23] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2014-12-23] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [234736 2014-12-23] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-31] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-31] (Diskeeper Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-23] (REALiX(tm))
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-12-23] (Intel Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-02-04] (Windows (R) Win 7 DDK provider)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 12:43 - 2015-02-15 12:43 - 00000225 _____ () C:\Users\ASUS\Desktop\music box cities.URL
2015-02-15 12:43 - 2015-02-15 12:43 - 00000208 _____ () C:\Users\ASUS\Desktop\The Redwood Shop.URL
2015-02-15 02:20 - 2015-02-15 02:21 - 63756644 _____ () C:\Users\ASUS\Desktop\John Reese - Spy For Profits.rar
2015-02-14 23:27 - 2015-02-15 12:24 - 00000578 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002.job
2015-02-14 12:38 - 2015-02-14 12:38 - 00000000 ____D () C:\Users\ASUS\Desktop\Local SEO Checklist
2015-02-14 12:17 - 2015-02-14 12:20 - 403112397 _____ () C:\Users\ASUS\Desktop\Local SEO Checklist.rar
2015-02-14 12:04 - 2015-02-14 13:52 - 11051160 _____ () C:\Users\ASUS\Desktop\SystemLook.txt
2015-02-14 11:45 - 2015-02-14 11:46 - 00165376 _____ () C:\Users\ASUS\Desktop\SystemLook_x64.exe
2015-02-14 00:36 - 2015-02-14 00:36 - 00000000 ____D () C:\ProgramData\ASUS
2015-02-14 00:25 - 2015-02-14 00:25 - 00226849 _____ () C:\Users\ASUS\Desktop\thematic-wedding.csv
2015-02-13 10:01 - 2015-02-13 10:01 - 00001067 _____ () C:\Users\ASUS\Desktop\Dropbox.lnk
2015-02-13 10:00 - 2015-02-13 10:01 - 00000000 ____D () C:\Users\ASUS\Desktop\Firefox tabs
2015-02-12 23:30 - 2015-02-12 23:43 - 00000241 _____ () C:\Users\ASUS\Desktop\Motivational Youtube Channels.txt
2015-02-12 10:21 - 2015-02-12 10:21 - 00005069 _____ () C:\Users\ASUS\Desktop\Instant Agency Funnel.txt
2015-02-12 08:53 - 2015-02-12 08:51 - 02112512 _____ () C:\Users\ASUS\Desktop\adwcleaner_4.110.exe
2015-02-12 08:52 - 2015-02-12 11:11 - 00000000 ____D () C:\AdwCleaner
2015-02-11 23:17 - 2015-02-11 23:17 - 00000199 _____ () C:\Users\ASUS\Desktop\Providing Quality SEO Services Singapore TNC SEO Company.URL
2015-02-11 11:10 - 2015-01-23 12:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 11:10 - 2015-01-23 11:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 10:47 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 10:47 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 10:47 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 10:47 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 10:47 - 2015-01-12 10:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 10:47 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 10:47 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 10:47 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 10:47 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 10:47 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 10:47 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 10:47 - 2015-01-12 09:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 10:47 - 2015-01-12 09:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 10:47 - 2015-01-12 09:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 10:47 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 10:47 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 10:47 - 2015-01-12 09:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 10:47 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 10:47 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 10:47 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 10:47 - 2015-01-12 09:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 10:47 - 2015-01-12 09:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 10:47 - 2015-01-12 09:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 10:47 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 10:47 - 2015-01-12 09:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 10:47 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 10:47 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 10:47 - 2015-01-12 09:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 10:47 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 10:47 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 10:47 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 10:47 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 10:47 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 10:47 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 10:47 - 2015-01-10 17:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 10:47 - 2015-01-10 17:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 10:47 - 2015-01-10 16:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 10:47 - 2015-01-10 15:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 10:47 - 2015-01-10 14:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 10:19 - 2015-01-16 06:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 10:19 - 2015-01-16 06:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 10:19 - 2015-01-14 12:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 10:19 - 2015-01-14 11:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 10:19 - 2014-10-29 10:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 10:19 - 2014-10-29 10:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 10:18 - 2015-02-04 07:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 10:18 - 2015-02-04 07:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 10:18 - 2015-02-04 07:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 10:18 - 2015-02-03 07:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 10:18 - 2015-02-03 07:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 10:18 - 2015-02-03 07:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 10:18 - 2015-01-20 02:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 10:18 - 2015-01-14 06:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 10:18 - 2015-01-14 06:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 10:18 - 2015-01-10 16:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 10:18 - 2014-12-19 16:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 10:18 - 2014-12-19 16:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 10:18 - 2014-12-09 11:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 10:18 - 2014-12-09 09:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 10:18 - 2014-12-09 07:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 19:02 - 2015-02-11 22:32 - 00011388 _____ () C:\Users\ASUS\Desktop\Penalty Recovery Fiverr.xlsx
2015-02-10 17:19 - 2015-02-07 16:18 - 2207364237 _____ () C:\Users\ASUS\Desktop\thenewrulesofseo.zip
2015-02-10 16:46 - 2015-02-10 16:46 - 00000298 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Gladwin.job
2015-02-10 10:44 - 2015-02-10 10:46 - 00000000 ____D () C:\Users\ASUS\Desktop\LongTailPro2
2015-02-09 22:41 - 2015-02-09 22:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-09 22:39 - 2015-02-09 22:47 - 00000000 ____D () C:\Users\ASUS\Downloads\Doraemon Stand by Me Leaked 720p - ENG - INA SUB
2015-02-09 19:04 - 2015-02-09 19:04 - 00000268 _____ () C:\Users\ASUS\Desktop\Download Page.URL
2015-02-09 15:41 - 2015-02-09 15:41 - 00000835 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slf.lnk
2015-02-09 15:41 - 2015-02-09 15:41 - 00000823 _____ () C:\Users\Public\Desktop\slf.lnk
2015-02-09 15:41 - 2015-02-09 15:41 - 00000000 ____D () C:\Program Files (x86)\slf
2015-02-09 12:43 - 2015-02-08 03:24 - 1008327089 _____ () C:\Users\ASUS\Desktop\Instagram Mastery Formula.zip
2015-02-09 12:34 - 2015-02-09 12:42 - 1015885669 _____ () C:\Users\ASUS\Desktop\OV Allstars; CPA Jumpstart.rar
2015-02-09 11:51 - 2015-02-08 03:56 - 1179768965 _____ () C:\Users\ASUS\Desktop\DDR3boy-Marketplace Super Heroes-$997.zip
2015-02-09 11:34 - 2015-02-09 11:35 - 31816649 _____ () C:\Users\ASUS\Desktop\StudioPress.zip
2015-02-09 11:29 - 2015-02-09 08:13 - 00000000 ____D () C:\Users\ASUS\Desktop\Themify
2015-02-09 11:01 - 2015-02-09 11:02 - 00000071 _____ () C:\Users\ASUS\Desktop\New Text Document.txt
2015-02-09 00:08 - 2015-02-09 00:08 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Clarus
2015-02-08 23:14 - 2015-02-08 23:27 - 1335840460 _____ () C:\Users\ASUS\Desktop\Affplaybook - Greatest Hits Mastermind 2015.rar
2015-02-08 23:04 - 2015-02-08 23:08 - 262547091 _____ () C:\Users\ASUS\Desktop\Reverse Sales Method by Jamie and David.zip
2015-02-08 22:59 - 2015-02-08 23:25 - 1707891903 _____ () C:\Users\ASUS\Desktop\Ryan Deiss - Funnel Blueprint 2.0 UP2.rar
2015-02-08 21:49 - 2015-02-04 03:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-08 21:49 - 2015-02-04 03:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-08 21:46 - 2014-04-16 07:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-08 21:46 - 2014-04-16 07:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-08 11:48 - 2015-02-08 11:48 - 00000000 ____D () C:\Users\ASUS\Downloads\Internet Download Manager (IDM) 6.22 Final Incl. Crack [ATOM]
2015-02-08 02:52 - 2015-02-15 11:57 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 02:51 - 2015-02-15 12:45 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 02:26 - 2015-02-08 02:26 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1d04303a250e3f3.job
2015-02-08 02:26 - 2015-02-08 02:26 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cfffdbc8a5ac38.job
2015-02-08 00:16 - 2015-02-08 11:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 00:15 - 2015-02-08 00:15 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-08 00:15 - 2015-02-08 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-08 00:14 - 2015-02-08 00:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-08 00:14 - 2015-02-08 00:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-08 00:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-08 00:14 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-08 00:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-08 00:12 - 2015-02-15 12:47 - 00000000 ____D () C:\FRST
2015-02-08 00:11 - 2015-02-15 12:47 - 00000000 ____D () C:\Users\ASUS\Desktop\Troubleshoot Program
2015-02-08 00:05 - 2015-02-08 00:05 - 00000631 _____ () C:\WINDOWS\system32\network.txt
2015-02-06 20:06 - 2014-11-29 08:37 - 00180648 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2015-02-05 10:01 - 2013-08-27 23:42 - 00086035 ____N () C:\WINDOWS\system32\athwbx.cat
2015-02-05 10:01 - 2013-08-15 20:13 - 03859968 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2015-02-05 10:01 - 2013-08-15 20:13 - 03859968 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2015-02-05 00:55 - 2015-02-05 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-02-04 23:09 - 2014-12-07 19:53 - 00452755 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150204-230941.backup
2015-02-04 23:03 - 2015-02-04 23:03 - 00003859 _____ () C:\Users\ASUS\Downloads\software_removal_tool.log
2015-02-04 22:47 - 2015-02-08 02:58 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 22:47 - 2015-02-04 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 22:46 - 2015-02-08 02:52 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 22:46 - 2015-02-08 02:52 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 11:34 - 2015-02-10 16:45 - 00000000 ____D () C:\Users\ASUS\Desktop\Firefox Portable
2015-02-02 01:24 - 2015-02-02 01:24 - 00008477 _____ () C:\Users\ASUS\Downloads\Invoice 1480331 (01-30-2015).html
2015-02-01 23:29 - 2015-02-15 12:46 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-02-01 23:28 - 2015-02-14 12:00 - 00000492 _____ () C:\WINDOWS\Tasks\InstallShield Update Task.job
2015-02-01 23:28 - 2015-02-01 23:28 - 00003224 _____ () C:\WINDOWS\System32\Tasks\InstallShield Update Task
2015-02-01 23:28 - 2015-02-01 23:28 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-01 22:58 - 2015-02-01 22:59 - 45488338 _____ () C:\Users\ASUS\Downloads\Microsoft Office Professional Plus 2013 -32-64 Bit(Activator)[RareAbyss].rar
2015-01-22 09:37 - 2015-02-05 10:22 - 00000000 ____D () C:\Users\ASUS\Downloads\Ryan Deiss - Invisible Selling Machine
2015-01-22 09:31 - 2015-01-22 09:30 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 21:55 - 2014-12-09 03:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 21:55 - 2014-12-06 09:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 12:47 - 2014-04-06 12:47 - 00000000 ___HD () C:\Users\ASUS\.mediafire
2015-02-15 12:46 - 2014-02-14 12:12 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Copy
2015-02-15 12:46 - 2014-02-05 16:11 - 00000000 ___RD () C:\Users\ASUS\Dropbox
2015-02-15 12:46 - 2014-02-05 16:10 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Dropbox
2015-02-15 12:45 - 2014-04-06 12:47 - 00000000 ___RD () C:\Users\ASUS\MediaFire
2015-02-15 12:45 - 2014-02-05 16:05 - 00000000 __RDO () C:\Users\ASUS\SkyDrive
2015-02-15 12:45 - 2014-02-05 08:50 - 00000062 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2015-02-15 12:44 - 2014-12-23 18:10 - 00017268 _____ () C:\WINDOWS\setupact.log
2015-02-15 12:44 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-15 12:44 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-15 12:43 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\DMCache
2015-02-15 12:41 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Packages
2015-02-15 12:39 - 2014-02-07 10:23 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-15 12:25 - 2014-02-05 15:36 - 01824377 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-15 12:02 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-15 01:09 - 2014-04-22 10:20 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Telegram Win (Unofficial)
2015-02-14 23:27 - 2014-04-26 11:28 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002
2015-02-14 17:15 - 2014-05-08 18:20 - 00000000 ____D () C:\Users\ASUS\AppData\Local\CrashDumps
2015-02-14 11:46 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\IDM
2015-02-14 01:11 - 2014-02-05 08:51 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-147487581-2992457104-1551078015-1002
2015-02-14 01:08 - 2014-02-05 12:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Mozilla
2015-02-14 00:36 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\VirtualStore
2015-02-14 00:36 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\ASUS
2015-02-13 23:56 - 2013-11-14 15:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-13 10:01 - 2014-02-05 16:10 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 22:16 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-11 21:32 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\Downloads\Compressed
2015-02-11 12:48 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 12:06 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-11 11:46 - 2015-01-13 17:24 - 00000000 ____D () C:\Users\ASUS\Desktop\SEO
2015-02-11 11:04 - 2013-08-22 22:44 - 05118432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 10:52 - 2014-02-05 22:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-11 10:52 - 2014-02-05 16:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 10:50 - 2014-12-11 17:14 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 10:50 - 2014-07-09 16:20 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 10:37 - 2014-12-07 21:07 - 00055010 _____ () C:\WINDOWS\PFRO.log
2015-02-11 10:32 - 2014-02-05 12:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 10:26 - 2014-02-05 12:06 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 10:25 - 2012-07-26 13:26 - 00000199 _____ () C:\WINDOWS\win.ini
2015-02-10 16:50 - 2014-02-08 18:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\uTorrent
2015-02-10 16:46 - 2014-08-20 23:07 - 00003087 _____ () C:\WINDOWS\wininit.ini
2015-02-10 16:46 - 2014-06-02 00:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-10 16:22 - 2014-02-14 13:27 - 00000248 _____ () C:\Users\ASUS\AppData\Roaming\RO39-2M3Q
2015-02-10 15:21 - 2014-03-22 12:27 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Skype
2015-02-10 00:32 - 2014-02-06 21:03 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2015-02-09 15:41 - 2014-02-06 23:22 - 13933568 ___SH () C:\Users\ASUS\Desktop\Thumbs.db
2015-02-08 21:50 - 2014-02-05 11:55 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-08 11:54 - 2014-02-05 18:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-08 11:49 - 2014-02-05 18:45 - 00001023 _____ () C:\Users\ASUS\Desktop\Internet Download Manager.lnk
2015-02-08 11:28 - 2013-11-14 15:17 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-02-08 10:57 - 2014-02-12 22:49 - 09024000 ___SH () C:\Users\ASUS\Downloads\Thumbs.db
2015-02-08 02:39 - 2014-02-07 10:23 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-08 00:46 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-07 23:50 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-05 14:40 - 2014-06-23 03:09 - 00000000 ____D () C:\Users\ASUS\Downloads\Bank Statement
2015-02-05 10:02 - 2014-02-05 07:02 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2015-02-05 01:13 - 2014-02-10 21:17 - 00000000 ____D () C:\Users\ASUS\Desktop\Shortcuts
2015-02-05 01:06 - 2014-02-05 07:20 - 00000000 ____D () C:\ProgramData\P4G
2015-02-05 00:59 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-05 00:36 - 2014-02-05 15:41 - 00000000 ____D () C:\Users\ASUS
2015-02-05 00:22 - 2014-12-11 11:59 - 00000000 ____D () C:\Program Files\Recuva
2015-02-04 23:12 - 2015-01-13 22:34 - 00000000 ____D () C:\Program Files (x86)\Hobbyist Software
2015-02-04 22:47 - 2014-02-05 12:46 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-04 02:03 - 2014-04-06 12:32 - 00020696 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mfmonitor_x64.sys
2015-02-01 23:29 - 2014-02-05 17:09 - 00000000 ____D () C:\WINDOWS\AutoKMS
2015-01-30 21:51 - 2014-02-05 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-29 21:13 - 2014-02-05 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 00:16 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\Downloads\Video
2015-01-22 13:17 - 2014-09-26 00:52 - 00000000 __SHD () C:\Users\ASUS\wc
2015-01-22 09:33 - 2014-06-16 11:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-22 09:30 - 2014-12-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 10:24 - 2015-01-06 11:24 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\FileZilla
2015-01-18 23:56 - 2014-02-08 18:15 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\.ACEStream
2015-01-18 23:50 - 2014-07-01 00:10 - 00000000 ___HD () C:\_acestream_cache_
2015-01-16 16:58 - 2014-10-25 14:26 - 00000000 ___RD () C:\Users\ASUS\Copy [email protected]

==================== Files in the root of some directories =======

2014-08-28 09:34 - 2014-08-28 09:35 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-14 13:26 - 2014-02-14 13:26 - 0000088 _____ () C:\Users\ASUS\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2014-02-14 13:26 - 2014-02-14 13:26 - 0000088 _____ () C:\Users\ASUS\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2014-11-14 15:36 - 2014-11-25 18:41 - 0000132 _____ () C:\Users\ASUS\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-14 13:27 - 2015-02-10 16:22 - 0000248 _____ () C:\Users\ASUS\AppData\Roaming\RO39-2M3Q
2014-02-05 08:50 - 2015-02-15 12:45 - 0000062 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2014-06-19 10:28 - 2014-06-19 10:28 - 0000024 _____ () C:\Users\ASUS\AppData\Roaming\temp.ini
2014-11-14 15:45 - 2014-11-14 15:45 - 0001456 _____ () C:\Users\ASUS\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-09-10 19:49 - 2012-09-10 19:49 - 0001050 ____H () C:\Users\ASUS\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}
2014-12-23 18:14 - 2014-12-23 18:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-08-05 09:42 - 2012-07-30 14:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-05 09:42 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpepbmky.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon2_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon3_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon4_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon5_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MFDesktopShellStatic_x64.dll
C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe
C:\Users\ASUS\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-09 10:54

==================== End Of Log ============================


----------



## JSntgRvr (Jul 1, 2003)

You don't have an anti-virus. Please download AVAST from *here*. Once installed, perform a full scan.

Some entries I have fixed have returned. uTorrent is a program that will install adware, such as redirections to conduit.com.

Download the enclosed file. (see below) Save it in the same location FRST is saved. Open FRST. Click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post its contents in your next reply.

Once done, re-scan with FRST and post its report.


----------



## JSntgRvr (Jul 1, 2003)

BTW

Keep away from CCleaner, especially the Registry Cleaner. It may remove important keys in the Registry.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Gladwin at 2015-02-16 14:30:18 Run:5
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Loaded Profiles: Gladwin (Available profiles: Gladwin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B9 58F-6C5F-431F-B5D3-7D8E0D53175F&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B9 58F-6C5F-431F-B5D3-7D8E0D53175F&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={goo gle:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :inputType}{google:cursorPosition}{google:currentPageUrl}{googleageClassi fication}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}s ugkey={google:suggestAPIKeyParameter}
CHR Extension: (Download Manager (video and mp3)) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapnjmgdanmelbcmjdjljogelnlfepcj [2015-02-08]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-02-06]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [X]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Ext ensions\[email protected] [2014-11-21]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= 5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&q={searchTerms}&SSPV=
C:\Users\ASUS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpepbmky.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon2_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon3_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon4_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon5_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon_x64.dll
C:\Users\ASUS\AppData\Local\Temp\MFDesktopShellStatic_x64.dll
C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe
C:\Users\ASUS\AppData\Local\Temp\sqlite3.dll
C:\ProgramData\SetStretch.exe
End
*****************

Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapnjmgdanmelbcmjdjljogelnlfepcj => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" => Key deleted successfully.
C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" => Key deleted successfully.
"C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx" => File/Directory not found.
LiveUpdateSvc => Service deleted successfully.
StartMenuService => Service deleted successfully.
C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Ext ensions\[email protected] not found.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.conduit.com/Results.a...tid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM= => Value not found.
"C:\Users\ASUS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpepbmky.dll" => File/Directory not found.
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon2_x64.dll => Moved successfully.
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon3_x64.dll => Moved successfully.
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon4_x64.dll => Moved successfully.
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon5_x64.dll => Moved successfully.
C:\Users\ASUS\AppData\Local\Temp\MediaFireIcon_x64.dll => Moved successfully.
C:\Users\ASUS\AppData\Local\Temp\MFDesktopShellStatic_x64.dll => Moved successfully.
C:\Users\ASUS\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\ASUS\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.

==== End of Fixlog 14:30:21 ====


----------



## kango88 (Feb 5, 2015)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Gladwin (administrator) on GLADWIN on 16-02-2015 14:35:38
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Loaded Profiles: Gladwin (Available profiles: Gladwin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSWinService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvMon.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Spotify Ltd) C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_hub.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_browser.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_central_control.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_monitor.exe
() C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
(Barracuda Networks, Inc.) C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_dialogs.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmwj.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
(Dropbox, Inc.) C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\ASUS\AppData\Roaming\ACEStream\updater\ace_update.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\AsusWSPanel.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
Failed to access process -> plugin-container.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Users\ASUS\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-12-23] (Realtek Semiconductor)
HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [29696 2013-08-22] (Microsoft Corporation)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-09-30] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-30] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [70656 2014-12-23] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-08-05] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.8.381\ASUSWSLoader.exe [63296 2014-07-08] ()
HKLM-x32\...\Run: [Launcher] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe [2400768 2012-04-28] (Fuji Xerox Co., Ltd.)
HKLM-x32\...\Run: [M205f RUN] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe [355840 2012-06-20] ()
HKLM-x32\...\Run: [StatusAutoRunm205f] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe [3978752 2012-06-20] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-16] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-02-08] (Tonec Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [AceStream] => C:\Users\ASUS\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Spotify Web Helper] => C:\Users\ASUS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Google Update] => C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-13] (Google Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [MediaFire Tray] => C:\Users\ASUS\AppData\Local\MediaFire Desktop\mf_watch.exe [4002120 2015-02-04] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [instanteyedropper] => C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe [352256 2007-10-17] ()
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [Copy] => C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-01-23] (Barracuda Networks, Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Run: [GoogleChromeAutoLaunch_D5DDF34FE692FC2EA1B8968615A3C02A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\MountPoints2: {c7345423-f2fd-11e3-bf91-2cd05a4163df} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\MountPoints2: {e49a6483-8e37-11e3-824e-806e6f6e6963} - "F:\start.exe" 
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\ASUS\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-01-23] (Barracuda Networks, Inc.)
HKU\S-1-5-18\...\Run: [Backblaze] => "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\ASUS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.8.381\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\ASUS\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_d548a.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ASUS\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-147487581-2992457104-1551078015-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
SearchScopes: HKU\S-1-5-21-147487581-2992457104-1551078015-1002 -> URL http://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&q={searchTerms}&SSPV=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxp://sg.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=599486&p=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @acestream.net/acestreamplugin,version=2.2.0-next -> C:\Users\ASUS\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @citrixonline.com/appdetectorplugin -> C:\Users\ASUS\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @talk.google.com/O1DPlugin -> C:\Users\ASUS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @tools.google.com/Google Update;version=3 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-147487581-2992457104-1551078015-1002: @tools.google.com/Google Update;version=9 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ASUS\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: IDM CC - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-01-29]
FF Extension: LastPass - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-02-08]
FF Extension: FireShot - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-01-30]
FF Extension: EPUBReader - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-10]
FF Extension: Easy App Tabs - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-02-05]
FF Extension: MEGA - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2015-02-15]
FF Extension: Save My Tabs - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-02-05]
FF Extension: Media Stealer - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\[email protected] [2014-08-24]
FF Extension: Reader - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-01-30]
FF Extension: Graph Authority - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\8aqpcbli.default\Extensions\{CBECCADF-6A82-4141-A264-7ED25F718BCB}.xpi [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-16]
FF HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\Firefox\Extensions: [[email protected]] - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5 [2015-02-08]
FF HKU\S-1-5-21-147487581-2992457104-1551078015-1002\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\ASUS\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Downloads) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkhjekibcfjngomhbbifihellcaebcn [2014-07-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (RankRecon) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdckfonfkdoeiobllnejjieicmjodh [2014-06-03]
CHR Extension: (OneTab) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-02-08]
CHR Extension: (Webpage Screenshot) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-03-22]
CHR Extension: (SEO I.Q.) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadlnlnlpkpchfljjcpkodcljofniggm [2014-09-23]
CHR Extension: (Tabs Backup & Restore) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2014-03-22]
CHR Extension: (Graph Authority) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeaaoidckfbpinpmjbbmgnapanfnkdkc [2014-04-10]
CHR Extension: (FB Pixel Helper) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-02-08]
CHR Extension: (Avast Online Security) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-02]
CHR Extension: (Share As Image Extension) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhphfbdfbkokcfajipbmkcakmmepeb [2015-02-08]
CHR Extension: (SEO & Website Analysis) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2014-12-22]
CHR Extension: (IDM Integration Module) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-02-06]
CHR Extension: (Hangouts) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-03-25]
CHR Extension: (Google Wallet) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-14] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSWinService.exe [71680 2014-01-15] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-30] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-16] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-16] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2014-12-23] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [118728 2014-12-23] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [92672 2014-12-23] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [88064 2014-12-23] (Intel Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-31] (Diskeeper Corporation)
R2 FXNADB; C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [96768 2012-06-20] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-18] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [219832 2012-06-18] (McAfee, Inc.)
R2 MF NTFS Monitor; C:\Users\ASUS\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456504 2015-02-04] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-16] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-01-17] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-30] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2014-12-23] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [50640 2014-12-23] (Intel Corporation)
S3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [42224 2014-12-23] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2014-12-23] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [234736 2014-12-23] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-31] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-31] (Diskeeper Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-23] (REALiX(tm))
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-12-23] (Intel Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-02-04] (Windows (R) Win 7 DDK provider)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-16] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 14:35 - 2015-02-16 14:35 - 00000000 ___SH () C:\DkHyperbootSync
2015-02-16 13:57 - 2015-02-16 14:01 - 240804411 _____ () C:\Users\ASUS\Desktop\DDR3boy-The Funnel Mechanics-$97.rar
2015-02-16 12:02 - 2015-02-16 12:02 - 00000197 _____ () C:\WINDOWS\system32\2015-02-16-04-02-27.078-AvastVBoxSVC.exe-4836.log
2015-02-16 11:40 - 2015-02-16 11:40 - 00000247 _____ () C:\WINDOWS\system32\2015-02-16-03-40-29.040-aswFe.exe-3496.log
2015-02-16 11:38 - 2015-02-16 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-16 11:38 - 2015-02-16 11:38 - 00000000 ____D () C:\Program Files\7-Zip
2015-02-16 11:36 - 2015-01-22 09:30 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-16 11:36 - 2015-01-22 09:30 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-16 11:36 - 2015-01-22 09:30 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-16 11:36 - 2015-01-22 09:30 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-16 11:34 - 2015-02-16 11:40 - 00000247 _____ () C:\WINDOWS\system32\2015-02-16-03-34-16.089-aswFe.exe-6520.log
2015-02-16 11:34 - 2015-02-16 11:34 - 00000197 _____ () C:\WINDOWS\system32\2015-02-16-03-34-10.096-AvastVBoxSVC.exe-5812.log
2015-02-16 11:27 - 2015-02-16 11:27 - 00003260 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-147487581-2992457104-1551078015-1002
2015-02-16 11:23 - 2015-02-16 11:24 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2015-02-16 11:23 - 2015-02-16 11:24 - 00000000 ____D () C:\WINDOWS\system32\vbox
2015-02-16 11:23 - 2015-02-16 11:23 - 00001988 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-16 11:23 - 2015-02-16 11:23 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\AVAST Software
2015-02-16 11:23 - 2015-02-16 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-16 11:22 - 2015-02-16 11:23 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-16 11:22 - 2015-02-16 11:22 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-02-16 11:22 - 2015-02-16 11:22 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-02-16 11:22 - 2015-02-16 11:22 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-02-16 11:22 - 2015-02-16 11:22 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-02-16 11:22 - 2015-02-16 11:22 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-02-16 11:22 - 2015-02-16 11:22 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-02-16 11:22 - 2015-02-16 11:22 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-02-16 11:22 - 2015-02-16 11:22 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-02-16 11:22 - 2015-02-16 11:22 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-02-16 11:22 - 2015-02-16 11:22 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-02-16 11:20 - 2015-02-16 11:20 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-16 11:19 - 2015-02-16 11:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-16 07:57 - 2015-02-16 07:57 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Clarus
2015-02-15 14:21 - 2015-02-15 14:29 - 217249423 _____ () C:\Users\ASUS\Desktop\GSA Course.7z
2015-02-15 14:08 - 2015-02-15 14:08 - 00000331 _____ () C:\Users\ASUS\Desktop\Japan Anime Pokemon Pikachu Stuffed Large Cartoon Japanese Bed Mattress Pad Bedding Set Mat Memory Foam Cushion Summer Tatam.URL
2015-02-15 12:43 - 2015-02-15 12:43 - 00000225 _____ () C:\Users\ASUS\Desktop\music box cities.URL
2015-02-15 12:43 - 2015-02-15 12:43 - 00000208 _____ () C:\Users\ASUS\Desktop\The Redwood Shop.URL
2015-02-15 02:20 - 2015-02-15 02:21 - 63756644 _____ () C:\Users\ASUS\Desktop\John Reese - Spy For Profits.rar
2015-02-14 23:27 - 2015-02-16 14:24 - 00000578 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002.job
2015-02-14 12:38 - 2015-02-14 12:38 - 00000000 ____D () C:\Users\ASUS\Desktop\Local SEO Checklist
2015-02-14 12:17 - 2015-02-14 12:20 - 403112397 _____ () C:\Users\ASUS\Desktop\Local SEO Checklist.rar
2015-02-14 12:04 - 2015-02-14 13:52 - 11051160 _____ () C:\Users\ASUS\Desktop\SystemLook.txt
2015-02-14 11:45 - 2015-02-14 11:46 - 00165376 _____ () C:\Users\ASUS\Desktop\SystemLook_x64.exe
2015-02-14 00:36 - 2015-02-14 00:36 - 00000000 ____D () C:\ProgramData\ASUS
2015-02-14 00:25 - 2015-02-14 00:25 - 00226849 _____ () C:\Users\ASUS\Desktop\thematic-wedding.csv
2015-02-13 10:01 - 2015-02-13 10:01 - 00001067 _____ () C:\Users\ASUS\Desktop\Dropbox.lnk
2015-02-13 10:00 - 2015-02-13 10:01 - 00000000 ____D () C:\Users\ASUS\Desktop\Firefox tabs
2015-02-12 23:30 - 2015-02-12 23:43 - 00000241 _____ () C:\Users\ASUS\Desktop\Motivational Youtube Channels.txt
2015-02-12 10:21 - 2015-02-12 10:21 - 00005069 _____ () C:\Users\ASUS\Desktop\Instant Agency Funnel.txt
2015-02-12 08:53 - 2015-02-12 08:51 - 02112512 _____ () C:\Users\ASUS\Desktop\adwcleaner_4.110.exe
2015-02-12 08:52 - 2015-02-12 11:11 - 00000000 ____D () C:\AdwCleaner
2015-02-11 23:17 - 2015-02-11 23:17 - 00000199 _____ () C:\Users\ASUS\Desktop\Providing Quality SEO Services Singapore TNC SEO Company.URL
2015-02-11 11:10 - 2015-01-23 12:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 11:10 - 2015-01-23 11:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 10:47 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 10:47 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 10:47 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 10:47 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 10:47 - 2015-01-12 10:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 10:47 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 10:47 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 10:47 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 10:47 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 10:47 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 10:47 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 10:47 - 2015-01-12 09:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 10:47 - 2015-01-12 09:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 10:47 - 2015-01-12 09:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 10:47 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 10:47 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 10:47 - 2015-01-12 09:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 10:47 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 10:47 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 10:47 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 10:47 - 2015-01-12 09:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 10:47 - 2015-01-12 09:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 10:47 - 2015-01-12 09:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 10:47 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 10:47 - 2015-01-12 09:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 10:47 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 10:47 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 10:47 - 2015-01-12 09:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 10:47 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 10:47 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 10:47 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 10:47 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 10:47 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 10:47 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 10:47 - 2015-01-10 17:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 10:47 - 2015-01-10 17:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 10:47 - 2015-01-10 16:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 10:47 - 2015-01-10 15:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 10:47 - 2015-01-10 14:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 10:19 - 2015-01-16 06:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 10:19 - 2015-01-16 06:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 10:19 - 2015-01-14 12:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 10:19 - 2015-01-14 11:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 10:19 - 2014-10-29 10:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 10:19 - 2014-10-29 10:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 10:18 - 2015-02-04 07:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 10:18 - 2015-02-04 07:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 10:18 - 2015-02-04 07:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 10:18 - 2015-02-03 07:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 10:18 - 2015-02-03 07:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 10:18 - 2015-02-03 07:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 10:18 - 2015-01-20 02:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 10:18 - 2015-01-14 06:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 10:18 - 2015-01-14 06:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 10:18 - 2015-01-10 16:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 10:18 - 2014-12-19 16:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 10:18 - 2014-12-19 16:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 10:18 - 2014-12-09 11:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 10:18 - 2014-12-09 09:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 10:18 - 2014-12-09 07:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 19:02 - 2015-02-11 22:32 - 00011388 _____ () C:\Users\ASUS\Desktop\Penalty Recovery Fiverr.xlsx
2015-02-10 17:19 - 2015-02-07 16:18 - 2207364237 _____ () C:\Users\ASUS\Desktop\thenewrulesofseo.zip
2015-02-10 16:46 - 2015-02-10 16:46 - 00000298 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Gladwin.job
2015-02-10 10:44 - 2015-02-10 10:46 - 00000000 ____D () C:\Users\ASUS\Desktop\LongTailPro2
2015-02-09 22:41 - 2015-02-09 22:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-09 22:39 - 2015-02-09 22:47 - 00000000 ____D () C:\Users\ASUS\Downloads\Doraemon Stand by Me Leaked 720p - ENG - INA SUB
2015-02-09 19:04 - 2015-02-09 19:04 - 00000268 _____ () C:\Users\ASUS\Desktop\Download Page.URL
2015-02-09 15:41 - 2015-02-09 15:41 - 00000835 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slf.lnk
2015-02-09 15:41 - 2015-02-09 15:41 - 00000823 _____ () C:\Users\Public\Desktop\slf.lnk
2015-02-09 15:41 - 2015-02-09 15:41 - 00000000 ____D () C:\Program Files (x86)\slf
2015-02-09 12:43 - 2015-02-08 03:24 - 1008327089 _____ () C:\Users\ASUS\Desktop\Instagram Mastery Formula.zip
2015-02-09 12:34 - 2015-02-09 12:42 - 1015885669 _____ () C:\Users\ASUS\Desktop\OV Allstars; CPA Jumpstart.rar
2015-02-09 11:51 - 2015-02-08 03:56 - 1179768965 _____ () C:\Users\ASUS\Desktop\DDR3boy-Marketplace Super Heroes-$997.zip
2015-02-09 11:34 - 2015-02-09 11:35 - 31816649 _____ () C:\Users\ASUS\Desktop\StudioPress.zip
2015-02-09 11:29 - 2015-02-09 08:13 - 00000000 ____D () C:\Users\ASUS\Desktop\Themify
2015-02-09 11:01 - 2015-02-09 11:02 - 00000071 _____ () C:\Users\ASUS\Desktop\New Text Document.txt
2015-02-08 23:14 - 2015-02-08 23:27 - 1335840460 _____ () C:\Users\ASUS\Desktop\Affplaybook - Greatest Hits Mastermind 2015.rar
2015-02-08 23:04 - 2015-02-08 23:08 - 262547091 _____ () C:\Users\ASUS\Desktop\Reverse Sales Method by Jamie and David.zip
2015-02-08 22:59 - 2015-02-08 23:25 - 1707891903 _____ () C:\Users\ASUS\Desktop\Ryan Deiss - Funnel Blueprint 2.0 UP2.rar
2015-02-08 21:49 - 2015-02-04 03:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-08 21:49 - 2015-02-04 03:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-08 21:46 - 2014-04-16 07:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-08 21:46 - 2014-04-16 07:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-08 11:48 - 2015-02-08 11:48 - 00000000 ____D () C:\Users\ASUS\Downloads\Internet Download Manager (IDM) 6.22 Final Incl. Crack [ATOM]
2015-02-08 02:52 - 2015-02-16 13:57 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 02:51 - 2015-02-16 12:00 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 02:26 - 2015-02-08 02:26 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1d04303a250e3f3.job
2015-02-08 02:26 - 2015-02-08 02:26 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-147487581-2992457104-1551078015-1002Core1cfffdbc8a5ac38.job
2015-02-08 00:16 - 2015-02-08 11:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 00:15 - 2015-02-08 00:15 - 00001132 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-08 00:15 - 2015-02-08 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-08 00:14 - 2015-02-08 00:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-08 00:14 - 2015-02-08 00:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-08 00:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-08 00:14 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-08 00:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-08 00:12 - 2015-02-16 14:35 - 00000000 ____D () C:\FRST
2015-02-08 00:11 - 2015-02-16 14:35 - 00000000 ____D () C:\Users\ASUS\Desktop\Troubleshoot Program
2015-02-08 00:05 - 2015-02-08 00:05 - 00000631 _____ () C:\WINDOWS\system32\network.txt
2015-02-06 20:06 - 2014-11-29 08:37 - 00180648 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2015-02-05 10:01 - 2013-08-27 23:42 - 00086035 ____N () C:\WINDOWS\system32\athwbx.cat
2015-02-05 10:01 - 2013-08-15 20:13 - 03859968 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2015-02-05 10:01 - 2013-08-15 20:13 - 03859968 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2015-02-05 00:55 - 2015-02-05 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-02-04 23:09 - 2014-12-07 19:53 - 00452755 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150204-230941.backup
2015-02-04 23:03 - 2015-02-04 23:03 - 00003859 _____ () C:\Users\ASUS\Downloads\software_removal_tool.log
2015-02-04 22:47 - 2015-02-08 02:58 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 22:47 - 2015-02-04 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 22:46 - 2015-02-08 02:52 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 22:46 - 2015-02-08 02:52 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 11:34 - 2015-02-10 16:45 - 00000000 ____D () C:\Users\ASUS\Desktop\Firefox Portable
2015-02-02 01:24 - 2015-02-02 01:24 - 00008477 _____ () C:\Users\ASUS\Downloads\Invoice 1480331 (01-30-2015).html
2015-02-01 23:29 - 2015-02-16 12:00 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-02-01 23:28 - 2015-02-14 12:00 - 00000492 _____ () C:\WINDOWS\Tasks\InstallShield Update Task.job
2015-02-01 23:28 - 2015-02-01 23:28 - 00003224 _____ () C:\WINDOWS\System32\Tasks\InstallShield Update Task
2015-02-01 23:28 - 2015-02-01 23:28 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-01 22:58 - 2015-02-01 22:59 - 45488338 _____ () C:\Users\ASUS\Downloads\Microsoft Office Professional Plus 2013 -32-64 Bit(Activator)[RareAbyss].rar
2015-01-22 09:37 - 2015-02-05 10:22 - 00000000 ____D () C:\Users\ASUS\Downloads\Ryan Deiss - Invisible Selling Machine
2015-01-20 21:55 - 2014-12-09 03:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 21:55 - 2014-12-09 03:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 21:55 - 2014-12-09 03:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 21:55 - 2014-12-06 09:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 14:36 - 2014-04-06 12:47 - 00000000 ___HD () C:\Users\ASUS\.mediafire
2015-02-16 14:30 - 2014-05-08 18:20 - 00000000 ____D () C:\Users\ASUS\AppData\Local\CrashDumps
2015-02-16 14:30 - 2014-02-05 18:45 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-16 14:28 - 2014-12-07 19:56 - 00000000 ____D () C:\Users\ASUS\Desktop\FB LeadChef3
2015-02-16 14:19 - 2014-02-05 15:36 - 01051903 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 14:08 - 2014-02-05 08:51 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-147487581-2992457104-1551078015-1002
2015-02-16 14:02 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-16 13:39 - 2014-02-07 10:23 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-16 13:15 - 2014-02-14 12:12 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Copy
2015-02-16 12:48 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\Downloads\Compressed
2015-02-16 12:03 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-16 12:01 - 2014-04-06 12:47 - 00000000 ___RD () C:\Users\ASUS\MediaFire
2015-02-16 12:01 - 2014-02-05 16:11 - 00000000 ___RD () C:\Users\ASUS\Dropbox
2015-02-16 12:01 - 2014-02-05 16:10 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Dropbox
2015-02-16 12:00 - 2014-12-23 18:10 - 00017961 _____ () C:\WINDOWS\setupact.log
2015-02-16 12:00 - 2014-02-05 16:05 - 00000000 __RDO () C:\Users\ASUS\SkyDrive
2015-02-16 12:00 - 2014-02-05 08:50 - 00000062 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2015-02-16 12:00 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 11:59 - 2014-12-07 21:07 - 00055572 _____ () C:\WINDOWS\PFRO.log
2015-02-16 11:59 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-16 11:58 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\DMCache
2015-02-16 11:36 - 2014-12-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-16 11:28 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\Downloads\Video
2015-02-16 00:37 - 2014-02-06 21:03 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\vlc
2015-02-16 00:04 - 2014-02-06 23:22 - 14355968 ___SH () C:\Users\ASUS\Desktop\Thumbs.db
2015-02-15 23:40 - 2013-11-14 15:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-15 16:43 - 2014-02-05 18:45 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\IDM
2015-02-15 12:41 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Packages
2015-02-15 01:09 - 2014-04-22 10:20 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Telegram Win (Unofficial)
2015-02-14 23:27 - 2014-04-26 11:28 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002
2015-02-14 01:08 - 2014-02-05 12:47 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Mozilla
2015-02-14 00:36 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\VirtualStore
2015-02-14 00:36 - 2014-02-05 08:43 - 00000000 ____D () C:\Users\ASUS\AppData\Local\ASUS
2015-02-13 10:01 - 2014-02-05 16:10 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 12:48 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 12:06 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-11 11:46 - 2015-01-13 17:24 - 00000000 ____D () C:\Users\ASUS\Desktop\SEO
2015-02-11 11:04 - 2013-08-22 22:44 - 05118432 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 10:52 - 2014-02-05 22:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-11 10:52 - 2014-02-05 16:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 10:50 - 2014-12-11 17:14 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 10:50 - 2014-07-09 16:20 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 10:32 - 2014-02-05 12:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 10:26 - 2014-02-05 12:06 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 10:25 - 2012-07-26 13:26 - 00000199 _____ () C:\WINDOWS\win.ini
2015-02-10 16:50 - 2014-02-08 18:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\uTorrent
2015-02-10 16:46 - 2014-08-20 23:07 - 00003087 _____ () C:\WINDOWS\wininit.ini
2015-02-10 16:46 - 2014-06-02 00:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-10 16:22 - 2014-02-14 13:27 - 00000248 _____ () C:\Users\ASUS\AppData\Roaming\RO39-2M3Q
2015-02-10 15:21 - 2014-03-22 12:27 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Skype
2015-02-08 21:50 - 2014-02-05 11:55 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-08 11:49 - 2014-02-05 18:45 - 00001023 _____ () C:\Users\ASUS\Desktop\Internet Download Manager.lnk
2015-02-08 11:28 - 2013-11-14 15:17 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-02-08 10:57 - 2014-02-12 22:49 - 09024000 ___SH () C:\Users\ASUS\Downloads\Thumbs.db
2015-02-08 02:39 - 2014-02-07 10:23 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-08 00:46 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-02-07 23:50 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-05 14:40 - 2014-06-23 03:09 - 00000000 ____D () C:\Users\ASUS\Downloads\Bank Statement
2015-02-05 10:02 - 2014-02-05 07:02 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2015-02-05 01:13 - 2014-02-10 21:17 - 00000000 ____D () C:\Users\ASUS\Desktop\Shortcuts
2015-02-05 01:06 - 2014-02-05 07:20 - 00000000 ____D () C:\ProgramData\P4G
2015-02-05 00:59 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-05 00:36 - 2014-02-05 15:41 - 00000000 ____D () C:\Users\ASUS
2015-02-05 00:22 - 2014-12-11 11:59 - 00000000 ____D () C:\Program Files\Recuva
2015-02-04 23:12 - 2015-01-13 22:34 - 00000000 ____D () C:\Program Files (x86)\Hobbyist Software
2015-02-04 22:47 - 2014-02-05 12:46 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-04 02:03 - 2014-04-06 12:32 - 00020696 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mfmonitor_x64.sys
2015-02-01 23:29 - 2014-02-05 17:09 - 00000000 ____D () C:\WINDOWS\AutoKMS
2015-01-30 21:51 - 2014-02-05 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-29 21:13 - 2014-02-05 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-22 13:17 - 2014-09-26 00:52 - 00000000 __SHD () C:\Users\ASUS\wc
2015-01-22 09:33 - 2014-06-16 11:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 10:24 - 2015-01-06 11:24 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\FileZilla
2015-01-18 23:56 - 2014-02-08 18:15 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\.ACEStream
2015-01-18 23:50 - 2014-07-01 00:10 - 00000000 ___HD () C:\_acestream_cache_

==================== Files in the root of some directories =======

2014-08-28 09:34 - 2014-08-28 09:35 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-02-14 13:26 - 2014-02-14 13:26 - 0000088 _____ () C:\Users\ASUS\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2014-02-14 13:26 - 2014-02-14 13:26 - 0000088 _____ () C:\Users\ASUS\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2014-11-14 15:36 - 2014-11-25 18:41 - 0000132 _____ () C:\Users\ASUS\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-14 13:27 - 2015-02-10 16:22 - 0000248 _____ () C:\Users\ASUS\AppData\Roaming\RO39-2M3Q
2014-02-05 08:50 - 2015-02-16 12:00 - 0000062 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
2014-06-19 10:28 - 2014-06-19 10:28 - 0000024 _____ () C:\Users\ASUS\AppData\Roaming\temp.ini
2014-11-14 15:45 - 2014-11-14 15:45 - 0001456 _____ () C:\Users\ASUS\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-09-10 19:49 - 2012-09-10 19:49 - 0001050 ____H () C:\Users\ASUS\AppData\Local\{793FD447-37EB-4083-B222-2E447297AF07}
2014-12-23 18:14 - 2014-12-23 18:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-08-05 09:42 - 2012-07-30 14:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd

Some content of TEMP:
====================
C:\Users\ASUS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_7i0l_.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-09 10:54

==================== End Of Log ============================


----------



## JSntgRvr (Jul 1, 2003)

Any findings by AVAST? Still having issues?


----------



## kango88 (Feb 5, 2015)

Attached is the files found and quarantined. For now, everything is working well. Thanks


----------



## kango88 (Feb 5, 2015)

Maybe we can move on to solve the 2nd computer while waiting for a few days to see if the problem comes back?


----------



## JSntgRvr (Jul 1, 2003)

Lets go to the second one. Open FRST, let it update and put a check mark on *Addition.txt*. Press on *Scan*. Post the *FRST.txt* and *addition.txt* logs in a reply


----------



## kango88 (Feb 5, 2015)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by user (administrator) on USER-PC on 17-02-2015 21:33:55
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-02-07] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-02] (Intel Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2015-01-25] (Tonec Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990352-8160-11e4-8edf-6c4008aff89a} - E:\AutoRun.exe
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990377-8160-11e4-8edf-6c4008aff89b} - E:\AutoRun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-08]
FF Extension: LastPass - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-05]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\trash [2015-02-17]
FF Extension: FireShot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-05]
FF Extension: EPUBReader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-13]
FF Extension: Easy App Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-05]
FF Extension: MEGA - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-05]
FF Extension: Save My Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-05]
FF Extension: Media Stealer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\[email protected] [2015-02-05]
FF Extension: Reader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-02-05]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2015-02-05]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV="
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Downloads) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkhjekibcfjngomhbbifihellcaebcn [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (Download Manager (video and mp3)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapnjmgdanmelbcmjdjljogelnlfepcj [2015-02-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (RankRecon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdckfonfkdoeiobllnejjieicmjodh [2015-02-05]
CHR Extension: (OneTab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-02-05]
CHR Extension: (Webpage Screenshot) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-02-05]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (SEO I.Q.) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadlnlnlpkpchfljjcpkodcljofniggm [2015-02-05]
CHR Extension: (Tabs Backup & Restore) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2015-02-05]
CHR Extension: (FB Pixel Helper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-02-05]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-05]
CHR Extension: (Share As Image Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhphfbdfbkokcfajipbmkcakmmepeb [2015-02-05]
CHR Extension: (SEO & Website Analysis) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2015-02-05]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-02-08]
CHR Extension: (AS Magic Player) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-06]
CHR Extension: (Hangouts) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-02-07] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-14] (Panda Security, S.L.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [598528 2012-05-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppleCamera; C:\Windows\System32\DRIVERS\AppleCamera.sys [1793664 2013-12-05] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2013-09-07] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [39424 2013-09-07] (Apple Inc.)
R3 AppleSDR; C:\Windows\System32\DRIVERS\AppleSDR.sys [12800 2013-09-04] (Apple Inc.)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFD.sys [56720 2013-10-18] (Cirrus Logic Inc.)
R3 CirrusUFD; C:\Windows\System32\DRIVERS\CSUFD.sys [11928 2013-10-18] (Cirrus Logic Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-17] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-14] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-14] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-14] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 21:30 - 2014-03-25 21:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-02-14 00:03 - 2015-02-14 00:03 - 00086565 _____ () C:\Users\user\Desktop\GWT links.rar
2015-02-14 00:01 - 2015-02-14 00:01 - 00276097 _____ () C:\Users\user\Desktop\GWT links (latest links).csv
2015-02-14 00:00 - 2015-02-14 00:00 - 00245662 _____ () C:\Users\user\Desktop\GWT links (sample).csv
2015-02-13 17:58 - 2015-02-17 21:30 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 17:58 - 2015-02-17 17:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 17:58 - 2015-02-13 17:58 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-13 17:58 - 2015-02-13 17:58 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-13 17:58 - 2015-02-13 17:58 - 00002267 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-13 17:58 - 2015-02-13 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-13 17:03 - 2015-02-13 23:42 - 00000406 _____ () C:\Users\user\Desktop\Article instructions.txt
2015-02-13 16:01 - 2015-02-13 16:01 - 00000053 _____ () C:\Users\user\Downloads\google732d6e0197cef43d.html
2015-02-13 15:53 - 2015-02-13 16:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2015-02-13 15:51 - 2015-02-13 15:51 - 00001078 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-02-13 15:29 - 2015-02-13 15:53 - 00000114 _____ () C:\Users\user\Desktop\Article Writing Service.txt
2015-02-13 11:11 - 2015-01-23 12:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 12:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 11:11 - 2015-01-23 11:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 11:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 11:04 - 2015-02-13 12:11 - 00000000 ____D () C:\Users\user\Desktop\Transfer
2015-02-11 23:45 - 2015-01-14 13:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 23:45 - 2015-01-14 13:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 23:45 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 23:45 - 2015-01-12 11:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 11:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 23:45 - 2015-01-12 10:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 10:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 23:45 - 2015-01-12 10:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 23:45 - 2015-01-12 10:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 10:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 23:45 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 23:45 - 2015-01-12 10:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 23:45 - 2015-01-12 10:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 10:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 09:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 23:45 - 2015-01-12 09:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 23:45 - 2015-01-12 09:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 23:45 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 09:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 23:45 - 2015-01-12 09:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 09:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 23:45 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 23:45 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 23:45 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 23:45 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 23:45 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 23:41 - 2015-01-14 14:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 14:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 23:41 - 2015-01-14 14:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 23:41 - 2015-01-14 14:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 23:40 - 2015-01-15 16:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 23:40 - 2015-01-15 16:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 23:40 - 2015-01-15 16:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 23:40 - 2015-01-15 16:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 23:40 - 2015-01-15 16:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 23:40 - 2015-01-15 16:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 23:40 - 2015-01-15 16:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 23:40 - 2015-01-15 16:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 23:40 - 2015-01-15 15:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 23:40 - 2015-01-15 15:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 23:40 - 2015-01-15 15:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 23:40 - 2015-01-15 15:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 23:40 - 2015-01-15 12:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 23:40 - 2015-01-13 11:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 23:40 - 2015-01-13 10:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 23:40 - 2014-12-12 13:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 23:40 - 2014-12-12 13:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 23:40 - 2014-07-07 10:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 23:40 - 2014-07-07 10:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 23:39 - 2015-01-09 10:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 23:38 - 2014-12-08 11:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 23:38 - 2014-12-08 10:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 23:38 - 2014-11-26 11:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 23:38 - 2014-11-26 11:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 23:58 - 2015-02-10 23:58 - 00000085 _____ () C:\Windows\wininit.ini
2015-02-06 12:59 - 2015-02-17 21:33 - 00000000 ____D () C:\FRST
2015-02-06 12:46 - 2015-02-06 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-06 12:45 - 2015-02-06 12:50 - 00000000 ____D () C:\Users\user\Desktop\mbar
2015-02-06 12:27 - 2015-02-06 12:32 - 00000000 ____D () C:\AdwCleaner
2015-02-06 10:40 - 2015-02-08 11:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 10:39 - 2015-02-06 12:45 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 10:39 - 2015-02-06 10:39 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 10:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 09:45 - 2015-01-10 10:46 - 00000000 ____D () C:\Users\user\Desktop\LongTailPro
2015-02-06 09:44 - 2015-02-06 09:43 - 03265362 _____ () C:\Users\user\Desktop\Long Tail Pro Platinum 2.4.42 Updated.rar
2015-02-06 09:34 - 2015-02-13 11:19 - 00000000 ____D () C:\Users\user\Desktop\Video Traffic Fusion - Iceberg Formula
2015-02-06 09:14 - 2015-02-06 09:15 - 35738846 _____ () C:\Users\user\Desktop\OMG Directors Cut Feb1.rar
2015-02-06 09:05 - 2015-02-06 09:05 - 00000088 _____ () C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2015-02-05 22:32 - 2015-02-05 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia
2015-02-05 22:31 - 2015-02-17 17:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 22:31 - 2015-02-05 22:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 22:31 - 2015-02-05 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 22:31 - 2015-02-05 22:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-05 19:15 - 2015-02-05 19:17 - 00000000 ____D () C:\Program Files (x86)\InterestArchitect
2015-02-05 19:15 - 2015-02-05 19:15 - 00002053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002041 _____ () C:\Users\Public\Desktop\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\Windows\Interst Architect
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interst Architect
2015-02-05 19:14 - 2015-02-05 19:14 - 00042150 _____ () C:\Users\user\Downloads\Interest Architect Patch.zip
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Panda Security
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-05 18:02 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150205-180212.backup
2015-02-05 17:58 - 2015-02-05 18:08 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-05 17:58 - 2015-02-05 17:58 - 01630952 _____ () C:\Users\user\Downloads\PANDAFREEAV.exe
2015-02-05 17:41 - 2015-02-05 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-05 17:40 - 2015-02-10 23:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-05 17:40 - 2015-02-10 23:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-05 17:38 - 2015-02-05 17:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
2015-02-05 17:28 - 2015-02-05 17:29 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2015-02-05 17:23 - 2015-02-05 17:23 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-05 17:23 - 2015-02-05 17:23 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-05 15:22 - 2015-02-05 15:22 - 00000215 _____ () C:\Users\user\Desktop\New Text Document.txt
2015-02-05 10:27 - 2015-02-05 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-12 00:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-05 10:25 - 2015-02-12 00:25 - 00002125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList
2015-02-05 10:01 - 2014-12-19 11:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-05 10:01 - 2014-12-19 09:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-05 10:01 - 2014-12-06 12:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-05 09:42 - 2015-02-05 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-05 09:39 - 2015-02-17 18:02 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache
2015-02-05 09:39 - 2015-02-07 16:59 - 00000000 ____D () C:\Users\user\Downloads\Compressed
2015-02-05 09:39 - 2015-02-06 10:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM
2015-02-05 09:39 - 2015-02-05 09:42 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00001021 _____ () C:\Users\user\Desktop\Internet Download Manager.lnk
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\Users\user\Downloads\Video
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\IDM
2015-02-05 09:35 - 2015-02-05 09:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-05 09:31 - 2015-02-05 09:32 - 01977432 _____ () C:\Users\user\Downloads\winrar-x64-501.exe
2015-02-05 09:11 - 2015-02-05 09:59 - 00000468 _____ () C:\Windows\Tasks\InstallShield Update Task.job
2015-02-05 09:11 - 2015-02-05 09:11 - 00003202 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-05 09:09 - 2015-02-05 09:09 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-02-05 09:08 - 2015-02-12 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-05 09:07 - 2015-02-12 00:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 __RHD () C:\MSOCache
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-05 09:06 - 2014-12-12 01:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-23 14:06 - 2015-01-23 14:06 - 00025354 _____ () C:\Users\user\Downloads\Download.csv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 21:34 - 2014-12-01 23:30 - 01989876 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 21:32 - 2014-12-16 14:40 - 00000000 ___RD () C:\Users\user\Dropbox
2015-02-17 21:32 - 2014-12-16 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2015-02-17 21:32 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 21:32 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 21:30 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 21:30 - 2009-07-14 12:51 - 00036671 _____ () C:\Windows\setupact.log
2015-02-17 14:59 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 14:57 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-17 14:53 - 2010-11-21 11:47 - 00018940 _____ () C:\Windows\PFRO.log
2015-02-13 17:58 - 2014-12-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-13 11:13 - 2014-12-16 14:40 - 00001021 _____ () C:\Users\user\Desktop\Dropbox.lnk
2015-02-13 11:13 - 2014-12-16 14:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 00:33 - 2009-07-14 12:45 - 00477768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 00:30 - 2014-12-01 23:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 00:26 - 2009-07-14 10:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-12 00:23 - 2014-12-26 14:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 00:21 - 2014-12-26 14:44 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 18:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-02-06 09:45 - 2015-01-06 15:53 - 00000256 _____ () C:\Users\user\AppData\Roaming\RO39-2M3Q
2015-02-05 22:31 - 2014-12-29 17:18 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-02-05 18:08 - 2014-12-11 18:12 - 00111992 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-05 10:28 - 2014-12-26 14:53 - 00774004 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-05 09:50 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-05 09:08 - 2010-11-21 15:16 - 00000000 ____D () C:\Windows\ShellNew

==================== Files in the root of some directories =======

2015-01-06 15:53 - 2015-01-06 15:53 - 0000088 _____ () C:\Users\user\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2015-02-06 09:05 - 2015-02-06 09:05 - 0000088 _____ () C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2015-01-06 15:53 - 2015-02-06 09:45 - 0000256 _____ () C:\Users\user\AppData\Roaming\RO39-2M3Q

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq26dnv.dll
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-07 18:51

==================== End Of Log ============================


----------



## kango88 (Feb 5, 2015)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by user at 2015-02-17 21:34:23
Running from C:\Users\user\Downloads\Programs
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Boot Camp Services (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.1.5640 - Apple Inc.)
Chrysanth Cheque Writer [Free] (HKLM-x32\...\627237A3-ACD1-4EC8-B382-2061531CE8E5_is1) (Version: 9.8 - Chrysanth Software Sdn. Bhd.)
Dropbox (HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Interst Architect (HKLM-x32\...\Interst Architect1.0.0.1) (Version: 1.0.0.1 - InnAnTech Industries Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.002.08.02.1014 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SMSCaster E-Marketer GSM Enterprise v3.6 (HKLM-x32\...\SMSCaster E-Marketer GSM Enterprise_is1) (Version: v3.6 (build 1071) - SDJ Software Limited)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Apple Inc. (AppleCamera) Image (11/21/2013 5.0.22.0) (HKLM\...\1FCF3C93707C46D648F0B00E216A55E96DEB5A17) (Version: 11/21/2013 5.0.22.0 - Apple Inc.)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0) (HKLM\...\ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA) (Version: 01/10/2014 5.0.8.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0) (HKLM\...\277F15E06E6EEB458048F41BCB8FB843B3241E95) (Version: 09/04/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1) (HKLM\...\D323E2C0C5E4948B07EE346CF62161281B0A8578) (Version: 07/22/2013 1.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple System Device (05/20/2013 5.0.2.0) (HKLM\...\1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC) (Version: 05/20/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows Driver Package - Broadcom (b57nd60a) Net (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows Driver Package - Broadcom (B57ports) Net (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (12/13/2013 6.30.223.215) (HKLM\...\A5E73046BA905B7B0235AB40FA98A4E3AB96E00E) (Version: 12/13/2013 6.30.223.215 - Broadcom)
Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (02/19/2013 6.6001.1.40) (HKLM\...\969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7) (Version: 02/19/2013 6.6001.1.40 - Cirrus Logic, Inc.)
Windows Driver Package - Cirrus Logic, Inc. (CirrusLFD) MEDIA (10/03/2013 6.6001.3.13) (HKLM\...\9EBC96DD99F2C854D540FBF6A16A557BADDBC228) (Version: 10/03/2013 6.6001.3.13 - Cirrus Logic, Inc.)
Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

05-02-2015 10:08:06 Windows Update
11-02-2015 23:48:31 Windows Update
12-02-2015 00:20:28 Windows Update
17-02-2015 14:56:49 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2015-02-05 18:02 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00224C3E-5C4C-4B38-BA29-1CA7A4DEF9E3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {0D0A3FC9-90F6-445D-8928-9CD45CBCB592} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C9B52B7-755C-46E9-9A8D-1E6FE7A3D371} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {937004F1-A33E-4B22-952E-8A61E5B32E6E} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
Task: {B9E7E609-E093-4DCF-9E62-9FC05D6E6070} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BDD07F24-3E3E-4DE9-9DBA-25CCFCE278E7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D13F9FB6-0E65-4239-9921-6D789666F819} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {DF4160AB-8548-4341-972C-8C4932C487D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {F635D639-52F6-4812-8BD6-9232493EE6C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {F659F77E-C946-4B34-B66E-58A3A225A817} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\InstallShield Update Task.job => C:\Windows\system32\wscript.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-10 08:04 - 2014-10-03 17:36 - 00457616 _____ () C:\Windows\System32\igfxTray.exe
2014-02-07 04:36 - 2014-02-07 04:36 - 00226112 _____ () C:\Windows\system32\AppleOSSMgr.exe
2011-03-14 23:27 - 2011-03-14 23:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-12-11 18:11 - 2011-12-23 18:03 - 00655712 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-12-11 18:11 - 2009-01-10 18:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-12-11 18:11 - 2009-06-23 02:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-12-11 18:11 - 2010-05-10 10:51 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-12-11 18:11 - 2010-02-10 22:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-12-11 18:11 - 2011-12-23 15:52 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-12-11 18:11 - 2010-02-10 22:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-04-13 01:23 - 2013-04-13 01:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00750080 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-17 21:32 - 2015-02-17 21:32 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq26dnv.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00047616 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00865280 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00200704 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-13 17:58 - 2015-02-04 17:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-13 17:58 - 2015-02-04 17:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-13 17:58 - 2015-02-04 17:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-05 17:23 - 2015-01-23 18:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-05 22:22 - 2015-02-05 22:22 - 01020928 _____ () C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wrb1z01v.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-02-05 22:31 - 2015-02-05 22:31 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
2014-12-01 23:55 - 2014-02-01 09:54 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\user\Downloads\DNC.csv:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2059749266-3525964498-4138522283-500 - Administrator - Disabled)
Guest (S-1-5-21-2059749266-3525964498-4138522283-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2059749266-3525964498-4138522283-1002 - Limited - Enabled)
user (S-1-5-21-2059749266-3525964498-4138522283-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2015 09:30:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 02:53:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 02:51:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 11:04:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2015 00:33:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 11:35:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 11:59:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 11:54:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:36:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:33:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (02/17/2015 09:33:48 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/17/2015 09:32:18 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/17/2015 09:30:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/17/2015 09:30:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (02/17/2015 09:30:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053

Error: (02/17/2015 09:30:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (02/17/2015 05:57:23 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/17/2015 05:55:38 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/17/2015 05:51:23 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/17/2015 05:50:08 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Microsoft Office Sessions:
=========================
Error: (02/17/2015 09:30:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 02:53:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 02:51:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2015 11:04:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/12/2015 00:33:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2015 11:35:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 11:59:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2015 11:54:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:36:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 11:33:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4278U CPU @ 2.60GHz
Percentage of memory in use: 37%
Total physical RAM: 8100.69 MB
Available physical RAM: 5057.43 MB
Total Pagefile: 16199.57 MB
Available Pagefile: 12977.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:116.41 GB) (Free:62.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Macintosh HD) (Fixed) (Total:116.55 GB) (Free:83.35 GB) HFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233.8 GB) (Disk ID: B153E265)

Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=116.5 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=116.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## JSntgRvr (Jul 1, 2003)

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
*On-Access* and *On-Demand*

*On-Access Scanners*
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

*On-Demand Scanners*
As the name implies, are scanners that only run when you ask them to.
Such as: Online Scans and scanners that run on your machine but are not actively scanning your machine.

Panda has a firewall. In your position I would remove Microsoft Essentials.

*Download the enclosed file.* (see below) Save it in the same location FRST is saved. Open FRST. Click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post its contents in your next reply.








Please download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)

Select the language and click OK.
Accept the agreement
Make sure a checkmark is placed next to *Enable the Free Trial* and *Launch [*]Malwarebytes' Anti-Malware*, then click on finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Scan Now*".
The scan may take some time to finish,so please be patient.
When the scan is complete, click on *Quanrantee All*,.
When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
Upon restart, launch Malwarebytes Antimalware and select History.
Double click on the last scan done, then on Copy to Clipboard.
Right click on your next reply and select Paste.
Submit your reply.

Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by user at 2015-02-17 23:46:55 Run:1
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

==== End of Fixlog 23:46:55 ====


----------



## kango88 (Feb 5, 2015)

Nothing found from Malwarebytes' Anti-Malware


----------



## JSntgRvr (Jul 1, 2003)

I believe that computer is clear.

We need to remove the tools we've used during cleaning your machine


Download Delfix from *here*
Ensure *Remove disinfection tools* is ticked
*Also tick:
*
Create registry backup
Purge system restore










Click *Run*

Let me know how is it doing?


----------



## kango88 (Feb 5, 2015)

# DelFix v10.8 - Logfile created 18/02/2015 at 09:17:02
# Updated 29/07/2014 by Xplode
# Username : user - USER-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\user\Desktop\mbar
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #21 [Windows Update | 02/11/2015 15:48:31]
Deleted : RP #22 [Windows Update | 02/11/2015 16:20:28]
Deleted : RP #23 [Windows Update | 02/17/2015 06:56:49]
Deleted : RP #24 [Windows Update | 02/17/2015 14:12:12]

New restore point created !

########## - EOF - ##########


----------



## kango88 (Feb 5, 2015)

The browser issue still persist


----------



## JSntgRvr (Jul 1, 2003)

Set the browser to its default settings.

Click *here* for instructions.


----------



## kango88 (Feb 5, 2015)

Set to default but problem still persist


----------



## JSntgRvr (Jul 1, 2003)

Please explain the problem with the browser to refresh my memory.

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Make sure that under *Optional Scans*, there is a checkmark on Addition.txt and Shortcut.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The tool will also produce another two logs (*Addition.txt and Shortcut.txt*). Please attach these to your reply.


 Download *RogueKiller* (by tigzy) *on the desktop*
 Quit all programs
 Start *RogueKiller.exe.*
 Wait until Prescan has finished ...
 Click on *Scan*. Once finished, click on *Report*

Please post the contents of the RKreport.txt in your next Reply.


----------



## kango88 (Feb 5, 2015)

Hi, the problem, similar to the 1st comp, is that the browsers' search engines are corrupted. For Google, it looks weird as it is showing I'm not signed in though I am and the search navigation bar at the bottom for going from page to page is missing the Google logo and blue arrow for navigation to the next search page is missing. For yahoo and bing, cannot even use them to search


----------



## kango88 (Feb 5, 2015)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by user (administrator) on USER-PC on 19-02-2015 21:34:30
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-02-07] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-02] (Intel Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2015-01-25] (Tonec Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990352-8160-11e4-8edf-6c4008aff89a} - E:\AutoRun.exe
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990377-8160-11e4-8edf-6c4008aff89b} - E:\AutoRun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: LastPass - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: FireShot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-18]
FF Extension: EPUBReader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-18]
FF Extension: Easy App Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: MEGA EXTENSION - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Save My Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Media Stealer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Reader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-02-18]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2015-02-05]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV="
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Downloads) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkhjekibcfjngomhbbifihellcaebcn [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (Download Manager (video and mp3)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapnjmgdanmelbcmjdjljogelnlfepcj [2015-02-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (RankRecon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdckfonfkdoeiobllnejjieicmjodh [2015-02-05]
CHR Extension: (OneTab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-02-05]
CHR Extension: (Webpage Screenshot) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-02-05]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (SEO I.Q.) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadlnlnlpkpchfljjcpkodcljofniggm [2015-02-05]
CHR Extension: (Tabs Backup & Restore) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2015-02-05]
CHR Extension: (FB Pixel Helper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-02-05]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-05]
CHR Extension: (Share As Image Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhphfbdfbkokcfajipbmkcakmmepeb [2015-02-05]
CHR Extension: (SEO & Website Analysis) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2015-02-05]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-02-08]
CHR Extension: (AS Magic Player) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-06]
CHR Extension: (Hangouts) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-02-07] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-14] (Panda Security, S.L.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [598528 2012-05-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppleCamera; C:\Windows\System32\DRIVERS\AppleCamera.sys [1793664 2013-12-05] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2013-09-07] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [39424 2013-09-07] (Apple Inc.)
R3 AppleSDR; C:\Windows\System32\DRIVERS\AppleSDR.sys [12800 2013-09-04] (Apple Inc.)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFD.sys [56720 2013-10-18] (Cirrus Logic Inc.)
R3 CirrusUFD; C:\Windows\System32\DRIVERS\CSUFD.sys [11928 2013-10-18] (Cirrus Logic Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-17] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-14] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-14] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-14] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 21:34 - 2015-02-19 21:34 - 00000000 ____D () C:\FRST
2015-02-18 22:14 - 2014-03-25 21:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-02-18 22:12 - 2015-02-18 22:12 - 00000000 ____D () C:\Users\user\Desktop\Old Firefox Data
2015-02-18 22:08 - 2015-02-18 22:08 - 00000218 _____ () C:\Users\user\Desktop\Boot Camp About keyboards and key assignment for Microsoft Windows - Apple Support.URL
2015-02-18 22:07 - 2015-02-18 22:07 - 00000235 _____ () C:\Users\user\Desktop\The best of Oliver Emberton.URL
2015-02-18 22:07 - 2015-02-18 22:07 - 00000213 _____ () C:\Users\user\Desktop\Pricing Plans Call Loop.URL
2015-02-18 09:17 - 2015-02-18 09:17 - 00000709 _____ () C:\DelFix.txt
2015-02-18 09:17 - 2015-02-18 09:17 - 00000000 ____D () C:\Windows\ERUNT
2015-02-14 00:03 - 2015-02-14 00:03 - 00086565 _____ () C:\Users\user\Desktop\GWT links.rar
2015-02-14 00:01 - 2015-02-14 00:01 - 00276097 _____ () C:\Users\user\Desktop\GWT links (latest links).csv
2015-02-14 00:00 - 2015-02-14 00:00 - 00245662 _____ () C:\Users\user\Desktop\GWT links (sample).csv
2015-02-13 17:58 - 2015-02-19 21:27 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 17:58 - 2015-02-19 20:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 17:58 - 2015-02-13 17:58 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-13 17:58 - 2015-02-13 17:58 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-13 17:58 - 2015-02-13 17:58 - 00002267 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-13 17:58 - 2015-02-13 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-13 17:03 - 2015-02-13 23:42 - 00000406 _____ () C:\Users\user\Desktop\Article instructions.txt
2015-02-13 16:01 - 2015-02-13 16:01 - 00000053 _____ () C:\Users\user\Downloads\google732d6e0197cef43d.html
2015-02-13 15:53 - 2015-02-13 16:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2015-02-13 15:51 - 2015-02-13 15:51 - 00001078 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-02-13 15:29 - 2015-02-13 15:53 - 00000114 _____ () C:\Users\user\Desktop\Article Writing Service.txt
2015-02-13 11:11 - 2015-01-23 12:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 12:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 11:11 - 2015-01-23 11:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 11:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 11:04 - 2015-02-13 12:11 - 00000000 ____D () C:\Users\user\Desktop\Transfer
2015-02-11 23:45 - 2015-01-14 13:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 23:45 - 2015-01-14 13:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 23:45 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 23:45 - 2015-01-12 11:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 11:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 23:45 - 2015-01-12 10:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 10:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 23:45 - 2015-01-12 10:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 23:45 - 2015-01-12 10:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 10:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 23:45 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 23:45 - 2015-01-12 10:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 23:45 - 2015-01-12 10:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 10:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 09:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 23:45 - 2015-01-12 09:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 23:45 - 2015-01-12 09:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 23:45 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 09:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 23:45 - 2015-01-12 09:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 09:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 23:45 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 23:45 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 23:45 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 23:45 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 23:45 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 23:41 - 2015-01-14 14:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 14:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 23:41 - 2015-01-14 14:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 23:41 - 2015-01-14 14:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 23:40 - 2015-01-15 16:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 23:40 - 2015-01-15 16:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 23:40 - 2015-01-15 16:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 23:40 - 2015-01-15 16:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 23:40 - 2015-01-15 16:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 23:40 - 2015-01-15 16:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 23:40 - 2015-01-15 16:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 23:40 - 2015-01-15 16:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 23:40 - 2015-01-15 15:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 23:40 - 2015-01-15 15:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 23:40 - 2015-01-15 15:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 23:40 - 2015-01-15 15:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 23:40 - 2015-01-15 12:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 23:40 - 2015-01-13 11:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 23:40 - 2015-01-13 10:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 23:40 - 2014-12-12 13:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 23:40 - 2014-12-12 13:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 23:40 - 2014-07-07 10:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 23:40 - 2014-07-07 10:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 23:39 - 2015-01-09 10:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 23:38 - 2014-12-08 11:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 23:38 - 2014-12-08 10:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 23:38 - 2014-11-26 11:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 23:38 - 2014-11-26 11:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 23:58 - 2015-02-10 23:58 - 00000085 _____ () C:\Windows\wininit.ini
2015-02-06 12:46 - 2015-02-06 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-06 10:40 - 2015-02-17 23:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 10:39 - 2015-02-06 12:45 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 10:39 - 2015-02-06 10:39 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 10:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 09:45 - 2015-01-10 10:46 - 00000000 ____D () C:\Users\user\Desktop\LongTailPro
2015-02-06 09:44 - 2015-02-06 09:43 - 03265362 _____ () C:\Users\user\Desktop\Long Tail Pro Platinum 2.4.42 Updated.rar
2015-02-06 09:34 - 2015-02-17 22:11 - 00000000 ____D () C:\Users\user\Desktop\Video Traffic Fusion - Iceberg Formula
2015-02-06 09:14 - 2015-02-06 09:15 - 35738846 _____ () C:\Users\user\Desktop\OMG Directors Cut Feb1.rar
2015-02-06 09:05 - 2015-02-06 09:05 - 00000088 _____ () C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2015-02-05 22:32 - 2015-02-05 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia
2015-02-05 22:31 - 2015-02-17 23:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 22:31 - 2015-02-05 22:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 22:31 - 2015-02-05 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 22:31 - 2015-02-05 22:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-05 19:15 - 2015-02-05 19:17 - 00000000 ____D () C:\Program Files (x86)\InterestArchitect
2015-02-05 19:15 - 2015-02-05 19:15 - 00002053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002041 _____ () C:\Users\Public\Desktop\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\Windows\Interst Architect
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interst Architect
2015-02-05 19:14 - 2015-02-05 19:14 - 00042150 _____ () C:\Users\user\Downloads\Interest Architect Patch.zip
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Panda Security
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-05 18:02 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150205-180212.backup
2015-02-05 17:58 - 2015-02-05 18:08 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-05 17:58 - 2015-02-05 17:58 - 01630952 _____ () C:\Users\user\Downloads\PANDAFREEAV.exe
2015-02-05 17:41 - 2015-02-05 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-05 17:40 - 2015-02-10 23:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-05 17:40 - 2015-02-10 23:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-05 17:38 - 2015-02-05 17:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
2015-02-05 17:28 - 2015-02-05 17:29 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2015-02-05 17:23 - 2015-02-05 17:23 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-05 17:23 - 2015-02-05 17:23 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-05 15:22 - 2015-02-05 15:22 - 00000215 _____ () C:\Users\user\Desktop\New Text Document.txt
2015-02-05 10:27 - 2015-02-05 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-12 00:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-05 10:25 - 2015-02-12 00:25 - 00002125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList
2015-02-05 10:01 - 2014-12-19 11:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-05 10:01 - 2014-12-19 09:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-05 10:01 - 2014-12-06 12:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-05 09:42 - 2015-02-05 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-05 09:39 - 2015-02-19 20:47 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache
2015-02-05 09:39 - 2015-02-07 16:59 - 00000000 ____D () C:\Users\user\Downloads\Compressed
2015-02-05 09:39 - 2015-02-06 10:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM
2015-02-05 09:39 - 2015-02-05 09:42 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00001021 _____ () C:\Users\user\Desktop\Internet Download Manager.lnk
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\Users\user\Downloads\Video
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\IDM
2015-02-05 09:35 - 2015-02-05 09:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-05 09:31 - 2015-02-05 09:32 - 01977432 _____ () C:\Users\user\Downloads\winrar-x64-501.exe
2015-02-05 09:11 - 2015-02-05 09:59 - 00000468 _____ () C:\Windows\Tasks\InstallShield Update Task.job
2015-02-05 09:11 - 2015-02-05 09:11 - 00003202 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-05 09:09 - 2015-02-05 09:09 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-02-05 09:08 - 2015-02-17 22:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-05 09:07 - 2015-02-17 22:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 __RHD () C:\MSOCache
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-05 09:06 - 2014-12-12 01:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-23 14:06 - 2015-01-23 14:06 - 00025354 _____ () C:\Users\user\Downloads\Download.csv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 21:33 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-19 21:31 - 2014-12-01 23:30 - 01081609 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 21:28 - 2014-12-16 14:40 - 00000000 ___RD () C:\Users\user\Dropbox
2015-02-19 21:28 - 2014-12-16 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2015-02-19 21:27 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-19 21:27 - 2009-07-14 12:51 - 00037175 _____ () C:\Windows\setupact.log
2015-02-19 20:10 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-19 20:10 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 14:57 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-17 14:53 - 2010-11-21 11:47 - 00018940 _____ () C:\Windows\PFRO.log
2015-02-13 17:58 - 2014-12-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-13 11:13 - 2014-12-16 14:40 - 00001021 _____ () C:\Users\user\Desktop\Dropbox.lnk
2015-02-13 11:13 - 2014-12-16 14:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 00:33 - 2009-07-14 12:45 - 00477768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 00:30 - 2014-12-01 23:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 00:26 - 2009-07-14 10:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-12 00:23 - 2014-12-26 14:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 00:21 - 2014-12-26 14:44 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 18:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-02-06 09:45 - 2015-01-06 15:53 - 00000256 _____ () C:\Users\user\AppData\Roaming\RO39-2M3Q
2015-02-05 22:31 - 2014-12-29 17:18 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-02-05 18:08 - 2014-12-11 18:12 - 00111992 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-05 10:28 - 2014-12-26 14:53 - 00774004 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-05 09:50 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-05 09:08 - 2010-11-21 15:16 - 00000000 ____D () C:\Windows\ShellNew

==================== Files in the root of some directories =======

2015-01-06 15:53 - 2015-01-06 15:53 - 0000088 _____ () C:\Users\user\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2015-02-06 09:05 - 2015-02-06 09:05 - 0000088 _____ () C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2015-01-06 15:53 - 2015-02-06 09:45 - 0000256 _____ () C:\Users\user\AppData\Roaming\RO39-2M3Q

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2fxj84.dll
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-07 18:51

==================== End Of Log ============================


----------



## kango88 (Feb 5, 2015)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by user at 2015-02-19 21:34:54
Running from C:\Users\user\Downloads\Programs
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Boot Camp Services (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.1.5640 - Apple Inc.)
Chrysanth Cheque Writer [Free] (HKLM-x32\...\627237A3-ACD1-4EC8-B382-2061531CE8E5_is1) (Version: 9.8 - Chrysanth Software Sdn. Bhd.)
Dropbox (HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Interst Architect (HKLM-x32\...\Interst Architect1.0.0.1) (Version: 1.0.0.1 - InnAnTech Industries Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.002.08.02.1014 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SMSCaster E-Marketer GSM Enterprise v3.6 (HKLM-x32\...\SMSCaster E-Marketer GSM Enterprise_is1) (Version: v3.6 (build 1071) - SDJ Software Limited)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Apple Inc. (AppleCamera) Image (11/21/2013 5.0.22.0) (HKLM\...\1FCF3C93707C46D648F0B00E216A55E96DEB5A17) (Version: 11/21/2013 5.0.22.0 - Apple Inc.)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0) (HKLM\...\ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA) (Version: 01/10/2014 5.0.8.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0) (HKLM\...\277F15E06E6EEB458048F41BCB8FB843B3241E95) (Version: 09/04/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1) (HKLM\...\D323E2C0C5E4948B07EE346CF62161281B0A8578) (Version: 07/22/2013 1.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple System Device (05/20/2013 5.0.2.0) (HKLM\...\1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC) (Version: 05/20/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows Driver Package - Broadcom (b57nd60a) Net (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows Driver Package - Broadcom (B57ports) Net (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (12/13/2013 6.30.223.215) (HKLM\...\A5E73046BA905B7B0235AB40FA98A4E3AB96E00E) (Version: 12/13/2013 6.30.223.215 - Broadcom)
Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (02/19/2013 6.6001.1.40) (HKLM\...\969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7) (Version: 02/19/2013 6.6001.1.40 - Cirrus Logic, Inc.)
Windows Driver Package - Cirrus Logic, Inc. (CirrusLFD) MEDIA (10/03/2013 6.6001.3.13) (HKLM\...\9EBC96DD99F2C854D540FBF6A16A557BADDBC228) (Version: 10/03/2013 6.6001.3.13 - Cirrus Logic, Inc.)
Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

18-02-2015 09:17:04 End of disinfection

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2015-02-05 18:02 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00224C3E-5C4C-4B38-BA29-1CA7A4DEF9E3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {0D0A3FC9-90F6-445D-8928-9CD45CBCB592} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C9B52B7-755C-46E9-9A8D-1E6FE7A3D371} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {937004F1-A33E-4B22-952E-8A61E5B32E6E} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
Task: {B9E7E609-E093-4DCF-9E62-9FC05D6E6070} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BDD07F24-3E3E-4DE9-9DBA-25CCFCE278E7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D13F9FB6-0E65-4239-9921-6D789666F819} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {DF4160AB-8548-4341-972C-8C4932C487D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {F635D639-52F6-4812-8BD6-9232493EE6C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {F659F77E-C946-4B34-B66E-58A3A225A817} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\InstallShield Update Task.job => C:\Windows\system32\wscript.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-10 08:04 - 2014-10-03 17:36 - 00457616 _____ () C:\Windows\System32\igfxTray.exe
2014-02-07 04:36 - 2014-02-07 04:36 - 00226112 _____ () C:\Windows\system32\AppleOSSMgr.exe
2011-03-14 23:27 - 2011-03-14 23:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-12-11 18:11 - 2011-12-23 18:03 - 00655712 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-12-11 18:11 - 2009-01-10 18:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-12-11 18:11 - 2009-06-23 02:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-12-11 18:11 - 2010-05-10 10:51 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-12-11 18:11 - 2010-02-10 22:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-12-11 18:11 - 2011-12-23 15:52 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-12-11 18:11 - 2010-02-10 22:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-04-13 01:23 - 2013-04-13 01:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-13 17:58 - 2015-02-04 17:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-13 17:58 - 2015-02-04 17:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00750080 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-19 21:28 - 2015-02-19 21:28 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2fxj84.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00047616 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00865280 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00200704 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-13 17:58 - 2015-02-04 17:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-05 17:23 - 2015-01-23 18:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-18 22:16 - 2015-02-18 22:16 - 01020928 _____ () C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-02-05 22:31 - 2015-02-05 22:31 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
2014-12-01 23:55 - 2014-02-01 09:54 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\user\Downloads\DNC.csv:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2059749266-3525964498-4138522283-500 - Administrator - Disabled)
Guest (S-1-5-21-2059749266-3525964498-4138522283-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2059749266-3525964498-4138522283-1002 - Limited - Enabled)
user (S-1-5-21-2059749266-3525964498-4138522283-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2015 09:28:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 08:46:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 08:03:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 10:14:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 10:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 09:19:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 09:14:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 11:56:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 11:44:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 09:30:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (02/19/2015 09:30:17 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/19/2015 09:28:02 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/19/2015 09:27:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/19/2015 09:27:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (02/19/2015 09:27:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053

Error: (02/19/2015 09:27:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (02/19/2015 09:27:44 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/19/2015 08:46:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/19/2015 08:46:46 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/19/2015 08:46:45 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Microsoft Office Sessions:
=========================
Error: (02/19/2015 09:28:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 08:46:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/19/2015 08:03:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 10:14:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 10:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 09:19:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/18/2015 09:14:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 11:56:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 11:44:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/17/2015 09:30:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4278U CPU @ 2.60GHz
Percentage of memory in use: 29%
Total physical RAM: 8100.69 MB
Available physical RAM: 5716.39 MB
Total Pagefile: 16199.57 MB
Available Pagefile: 13524.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:116.41 GB) (Free:67.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Macintosh HD) (Fixed) (Total:116.55 GB) (Free:83.35 GB) HFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233.8 GB) (Disk ID: B153E265)

Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=116.5 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=116.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## kango88 (Feb 5, 2015)

RogueKiller V10.4.1.0 (x64) [Feb 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Administrator]
Mode : Scan -- Date : 02/19/2015 21:48:45

¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] PSANHost.exe(8920) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 13 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HWDeviceService64.exe ("C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HWDeviceService64.exe ("C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HWDeviceService64.exe ("C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service) -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: APPLE SSD SM0256F ATA Device +++++
--- User ---
[MBR] 0060b91082a8c6cfd1c1a191f53d8160
[BSP] 7354eba38a3d1dfbad0f38f8808e7fc5 : Windows Vista/7/8 MBR Code
Partition table:
0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB
1 - Customer | Offset (sectors): 409640 | Size: 119343 MB
2 - Recovery HD | Offset (sectors): 244824552 | Size: 619 MB
3 - BOOTCAMP | Offset (sectors): 246095872 | Size: 119208 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: APPLE SD Card Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


----------



## JSntgRvr (Jul 1, 2003)

Follow these steps:

 Quit all programs
 Start *RogueKiller.exe.*
 Wait until Prescan has finished ...
 Click on *Scan*. 
In the *Registry* tab, check all lines.
Click on *Delete*.​Click on *Report* and copy/paste the content of the notepad in your reply.

Restart and rerun RogueKiller.


 Quit all programs
 Start *RogueKiller.exe.*
 Wait until Prescan has finished ...
 Click on *Scan*. Then on Report

Post its contents on your next reply. (You should submit or rename the previous report after the fix, so it is not overwritten)


----------



## kango88 (Feb 5, 2015)

RogueKiller V10.4.1.0 (x64) [Feb 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Administrator]
Mode : Scan -- Date : 02/20/2015 00:10:09

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] ouc.exe(2204) -- C:\ProgramData\Mobile Partner\OnlineUpdate

\ouc.exe[7] -> Killed [TermProc]
[Proc.Injected] PSANHost.exe(2220) -- C:\Program Files (x86)\Panda Security

\Panda Security Protection\PSANHost.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 5 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

\PSKMAD (System32\DRIVERS\PSKMAD.sys) -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 ->

Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080 ->

Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: APPLE SSD SM0256F ATA Device +++++
--- User ---
[MBR] 0060b91082a8c6cfd1c1a191f53d8160
[BSP] 7354eba38a3d1dfbad0f38f8808e7fc5 : Windows Vista/7/8 MBR Code
Partition table:
0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB
1 - Customer | Offset (sectors): 409640 | Size: 119343 MB
2 - Recovery HD | Offset (sectors): 244824552 | Size: 619 MB
3 - BOOTCAMP | Offset (sectors): 246095872 | Size: 119208 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: APPLE SD Card Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_02202015_000245.log - RKreport_SCN_02192015_214845.log -

RKreport_SCN_02202015_000103.log


----------



## kango88 (Feb 5, 2015)

Problem still assist


----------



## JSntgRvr (Jul 1, 2003)

That Proxy setting is still pops up. Seems either protected, or something is resetting it.

Download the enclosed file. Save it in the same location FRST is saved. Open FRST, except that this time around click on the Fix button and wait.

The tool will produce a log, fixlog.txt. Please post it on your next reply.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by user at 2015-02-20 10:05:13 Run:1
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Reg: Reg query "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer" /s
Reg: Reg Query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer" /s
End
*****************


========= Reg query "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


==== End of Fixlog 10:05:13 ====


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed file. Save it in the same location FRST is saved. Open FRST, except that this time around click on the Fix button and wait.

The tool will produce a log, fixlog.txt. Please post it on your next reply.


----------



## kango88 (Feb 5, 2015)

Hi, as the file log is too long and big, I've zipped it and attached here. Thanks


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed file. Save it in the same location FRST is saved. Open FRST, except that this time around click on the Fix button and wait.

The tool will produce a log, fixlog.txt. Please post it on your next reply.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by user at 2015-02-21 12:30:10 Run:3
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigProxy /f
Reg: Reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f
Reg: Reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f
Reg: Reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyHttp1.1 /f
Reg: Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
Reg: Reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
Reg: Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges" /f
Reg: Reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges" /f
Reg: Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains" /f
Reg: Reg Add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
Reg: Reg Add "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f
Reg: Reg Add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges" /f
Reg: Reg Add "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges" /f
Reg: Reg Add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains" /f
End
*****************


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v AutoConfigProxy /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v MigrateProxy /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyHttp1.1 /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges" /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains" /f =========

The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog 12:30:14 ====


----------



## JSntgRvr (Jul 1, 2003)

How is it doing now?


----------



## kango88 (Feb 5, 2015)

Hi, now i'm not able connect to the internet. 
For firefox, i'm receiving this message "Unable to connect"
For IE, I'm receivng this message "DNS Lookup for "www.bing.com" failed. The system reports that no network connection is available. System.Net.Sockets.SocketException The requested name is valid, but no data of the requested type was found"
For chrome, internet is working but the search engines issues still persist


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed folder. Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, *Regfix.reg* . Once extracted, open the folder and double click on the *Regfix.reg* file and select *Yes* when prompted to merge it into the registry.

Restart and test. Let me know the outcome.


----------



## JSntgRvr (Jul 1, 2003)

Download and run the Software Removal Tool from *here*. It will check if there is a program is conflict with Chrome, and reset your settings to default.


----------



## kango88 (Feb 5, 2015)

The internet is working now but the search engines corrupted issues still persist even afte runnning the software removal tool and reseting to defaukt settings


----------



## JSntgRvr (Jul 1, 2003)

I am going to reset the host file and remove the temp files. In addition we will be scanning for rookits.

Download the enclosed file. Save it in the same location FRST is saved. Open FRST, except that this time around click on the Fix button and wait.

The tool will produce a log, fixlog.txt. Please post it on your next reply.

Please download *GMER* from one of the following locations and save it to your desktop:


Main Mirror which will download a randomly named file
Zipped Mirror - Unzip the file to its own folder such as *C:\gmer *
Disconnect from the Internet and close all running programs
Temporarily disable any real-time active protection
It is *very important* you do not use your computer while *GMER* is running
Double-click on the *randomly named* *GMER*







icon
*GMER* will open to the *Rootkit/Malware* tab and perform an automatic quick scan
If you receive a warning about rootkit activity and are asked to fully scan your system click *NO*
Please *check* in the *Quick scan* box
Please *uncheck* the following:

*IAT/EAT*
*Show All* *<<< Important*








Click *Scan*
If you see a rootkit warning window click *OK*
When the scan is finished, *Save* the results to your desktop as *gmer.log*
Click *Copy* then paste the results in your reply
Exit *GMER* and be sure to *re-enable* your Antivirus, Firewall and any other security programs you had disabled

*Note*:


If you encounter any problems, try running *GMER* in Safe Mode
If *GMER* crashes or keeps resulting in a Blue Screen of Death, *uncheck* Devices on the right side before scanning


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by user at 2015-02-23 10:04:28 Run:4
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\Users\user\AppData\Local\Temp
Host:
EmptyTemp:
End
*****************

"C:\Users\user\AppData\Local\Temp" directory move:

C:\Users\user\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\user\AppData\Local\Temp\adwcleaner.db => Moved successfully.
C:\Users\user\AppData\Local\Temp\b6796d4cf162e4ef8d4eadc92229797c.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\c47d91365e4b4cb30e3f374977196d59.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\chrome_installer.log => Moved successfully.
C:\Users\user\AppData\Local\Temp\clipboardcache => Moved successfully.
C:\Users\user\AppData\Local\Temp\CVR4626.tmp.cvr => Moved successfully.
C:\Users\user\AppData\Local\Temp\CVR5A80.tmp.cvr => Moved successfully.
C:\Users\user\AppData\Local\Temp\CVR84E8.tmp.cvr => Moved successfully.
C:\Users\user\AppData\Local\Temp\CVRA10F.tmp.cvr => Moved successfully.
C:\Users\user\AppData\Local\Temp\CVRC3AB.tmp.cvr => Moved successfully.
C:\Users\user\AppData\Local\Temp\CVRC534.tmp.cvr => Moved successfully.
C:\Users\user\AppData\Local\Temp\CVRCED4.tmp.cvr => Moved successfully.
C:\Users\user\AppData\Local\Temp\CVRD098.tmp.cvr => Moved successfully.
C:\Users\user\AppData\Local\Temp\CVRE32D.tmp.cvr => Moved successfully.
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3mdcpb.dll => Moved successfully.
Could not move "C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3mdcpb.lck" => Scheduled to move on reboot.
C:\Users\user\AppData\Local\Temp\etilqs_1L4nesvwaDP0799 => Moved successfully.
C:\Users\user\AppData\Local\Temp\etilqs_9tb3rhP0FudpC1L => Moved successfully.
C:\Users\user\AppData\Local\Temp\etilqs_FHzwIPhKmrM7mQC => Moved successfully.
C:\Users\user\AppData\Local\Temp\etilqs_GYMXe4fTdNbIUB0 => Moved successfully.
C:\Users\user\AppData\Local\Temp\etilqs_OrDQf5Jk20jSCM6 => Moved successfully.
C:\Users\user\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\user\AppData\Local\Temp\JRT.txt => Moved successfully.
C:\Users\user\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\user\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmp4ehjyq => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmp583ce0 => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmp58jnkb => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmp5b5j8y => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmp8krpnl => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmp8qhqma => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmp8s8bnk => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmp9zmy8i => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpad4biw => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpaicvwz => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpazgkgp => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpbbghv3 => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpbsqrek => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpcq0gcp => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpehtgws => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpepzshx => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmperf6ei => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpfbhq0r => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpgvscho => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmphd7afn => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmphy1qns => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpjdtqtw => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpktf_rd => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmplo3bwp => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpmcthhf => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpmv7ktz => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpob7pqe => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmppf1i6g => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmppytgm0 => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpruokgi => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmprvhpmz => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpso4fiy => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpthdr2q => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmptivo4m => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpvbnnnd => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpvdtten => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpvrz5y0 => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpvskjtj => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpvxltjb => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpwfj6l7 => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpwh9hc4 => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpxo8q6p => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpyvjafq => Moved successfully.
C:\Users\user\AppData\Local\Temp\tmpzbup6l => Moved successfully.
C:\Users\user\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF0EDAE8C42482EA0F.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF1104D081785E521D.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF128B560F00C9FE85.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF17426ED128D24741.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF1FE754CD55E63C1C.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF21DD6CB36767E9E0.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF2C6A6F5EF87B07B0.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF35284D59D2F7A911.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF384ED573A6F821DC.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF3BE510A2122E94D8.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF3D5B2225EF899322.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF427F4323B57A4D78.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF42FE740196454C1D.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF43C27993FC21E04D.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF4A5295E51637FF88.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF5D0971CBB64AF8A4.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF62AB88E6B43D82E7.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF62C37D62B232F2F7.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF67D2315927AF379E.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF6B2763EEDC5CFB06.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF6FDF1109CEA1D4E4.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF8BBD0B60E404F0CE.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF93502CD50643AE88.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF972818C008ACC5C8.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DF9E12D3F59B7C92D8.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFA35EAD3ED2D003FB.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFA5368A7843F629E3.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFA806F0AED1065792.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFB99C74D805F942D3.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFBB9913B4D8F0F4A4.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFBEE5EC8EBC08A338.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFC00CA4C3CF05F1D2.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFC9C74BF9A8FF4FBC.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFD037ECD6178E2BEA.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFE38282A1B5ABF64E.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFE43D0A7196CD4376.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFE6A34ADF888E529F.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFF57A157A147AA116.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFF76AEFBC40550D83.TMP => Moved successfully.
Could not move "C:\Users\user\AppData\Local\Temp\~DFFBC90C3745EADF12.TMP" => Scheduled to move on reboot.
C:\Users\user\AppData\Local\Temp\~DFFC018501859B7545.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\~DFFE1F62BAF42F41B4.TMP => Moved successfully.
C:\Users\user\AppData\Local\Temp\outlook logging\accountsonemotioncomsg-Incoming-02_13_2015-11_56_57_977.log => Moved successfully.
C:\Users\user\AppData\Local\Temp\outlook logging\accountsonemotioncomsg-Outgoing-02_13_2015-11_57_00_097.log => Moved successfully.
C:\Users\user\AppData\Local\Temp\outlook logging\firstrun.log => Moved successfully.
C:\Users\user\AppData\Local\Temp\outlook logging\gladwinonemotioncomsg-Incoming-02_05_2015-22_32_52_253.log => Moved successfully.
C:\Users\user\AppData\Local\Temp\outlook logging\gladwinonemotioncomsg-Outgoing-02_05_2015-22_32_54_715.log => Moved successfully.
C:\Users\user\AppData\Local\Temp\outlook logging\sayhelloonemotioncomsg-Incoming-02_13_2015-18_06_06_600.log => Moved successfully.
C:\Users\user\AppData\Local\Temp\outlook logging\sayhelloonemotioncomsg-Outgoing-02_13_2015-18_06_08_742.log => Moved successfully.
C:\Users\user\AppData\Local\Temp\nsn786B.tmp\DropboxNSISTools.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\nsn786B.tmp\UAC.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml => Moved successfully.
C:\Users\user\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\appinit64_null.reg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\appinit_null.reg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\ask.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\askCLSID.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\askregkey_x64.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\askregkey_x86.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\askregvalue_x64.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\askregvalue_x86.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\askservices.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\badAPPINIT.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\badFOLDERS.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\badFOLDERScom.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\badFOLDERSstart.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\badLNK.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\badvalues.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\BHO_clsid.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\BHO_name.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\browsermngr_keys.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\browsermngr_values.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\CHOICE.DAT => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\chrome.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\CHRregkey_x64.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\CHRregkey_x86.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\CHR_extensions.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\CHR_open_x64.reg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\CHR_open_x86.reg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\clean_shortcut.vbs => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\currentmd5.txt => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\CUT.DAT => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\datamngr_del.reg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\defaultscope.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\delfolders.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\ev_clear.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FFbrowsermngr.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FFextensions.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FFpluginREG.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FFplugins.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FFprefs.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FFregkey_x64.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FFregkey_x86.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FFwhtlist.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FFXML.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FFXPI.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FF_open_x64.reg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\FF_open_x86.reg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\firefox.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\get.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\GREP.DAT => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\IEwhtlst.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\iexplore.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\IE_open_x64.reg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\IE_open_x86.reg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\IFEO.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\libiconv2.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\libintl3.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\medfos.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\misc.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\mws.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\newmd5.txt => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\NIRCMD.DAT => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\pcre3.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\prelim.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\regex2.dll => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\runvalues.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\runvalues_x64.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\runvalues_x86.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\searchlnk.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\SED.DAT => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\sednewline.txt => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\services.dat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\serviceseventlog.cfg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\SHORTCUT.DAT => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\surfvox.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\TDL4.bat => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\WGET.DAT => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\winlogon.reg => Moved successfully.
C:\Users\user\AppData\Local\Temp\jrt\temp\null.txt => Moved successfully.
Could not move "C:\Users\user\AppData\Local\Temp" directory. => Scheduled to move on reboot.

Host: => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 840.5 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-23 10:05:54)<=

C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3mdcpb.lck => Is moved successfully.
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\user\AppData\Local\Temp\~DFFBC90C3745EADF12.TMP => Is moved successfully.
C:\Users\user\AppData\Local\Temp => Moved successfully.

==== End of Fixlog 10:05:54 ====


----------



## kango88 (Feb 5, 2015)

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-02-23 10:36:40
Windows 6.1.7601 Service Pack 1 x64 
Running: rg5fdb05.exe

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6c4008aff89b 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6c4008aff89b (not active ControlSet)

---- EOF - GMER 2.1 ----


----------



## kango88 (Feb 5, 2015)

Not sure why but the scan is only limited to the following functions as seen in the image below as the rest cannot be checked


----------



## JSntgRvr (Jul 1, 2003)

I am consulting with the developer. Will reply soon.


----------



## JSntgRvr (Jul 1, 2003)

While we wait, do the issues persist?

Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

Double click the aswMBR.exe to run it










Click the "Scan" button to start scan

If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.










*On completion of the scan click save log*, save it to your desktop and post in your next reply. *Do not Fix anything.*










The tool will also produce a copy of the mbrdump labeled MBR.dat. Please upload that file *here.*


----------



## kango88 (Feb 5, 2015)

The problem still exist


----------



## kango88 (Feb 5, 2015)

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-02-24 09:42:06
-----------------------------
09:42:06.317 OS Version: Windows x64 6.1.7601 Service Pack 1
09:42:06.317 Number of processors: 4 586 0x4501
09:42:06.318 ComputerName: USER-PC UserName: user
09:42:06.576 Initialize success
09:42:07.193 VM: initialized successfully
09:42:07.193 VM: Intel CPU supported 
09:42:20.234 VM: supported disk I/O ataport.SYS
09:43:04.061 AVAST engine download error: 0
09:44:14.491 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:44:14.493 Disk 0 Vendor: APPLE_SSD_SM0256F UXM2JA1Q Size: 239372MB BusType: 11
09:44:14.500 VM: Disk 0 MBR read successfully
09:44:14.502 Disk 0 MBR scan
09:44:14.504 Disk 0 Windows 7 default MBR code
09:44:14.507 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
09:44:14.509 Disk 0 Partition 2 00 AF HFS / HFS+ 119343 MB offset 409640
09:44:14.512 Disk 0 Partition 3 00 AB Darwin boot 619 MB offset 244824552
09:44:14.515 Disk 0 Partition 4 80 (A) 07 HPFS/NTFS NTFS 119208 MB offset 246095872
09:44:14.518 Disk 0 default boot code
09:44:14.527 Disk 0 scanning C:\Windows\system32\drivers
09:44:16.180 Service scanning
09:44:19.986 Modules scanning
09:44:19.990 Disk 0 trace - called modules:
09:44:19.994 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
09:44:19.998 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800800c060]
09:44:20.002 3 CLASSPNP.SYS[fffff8800196243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007cb0680]
09:44:20.006 Disk 0 statistics 109176/0/26 @ 72.45 MB/s
09:44:20.011 Scan finished successfully
09:46:13.476 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
09:46:13.514 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"


----------



## kango88 (Feb 5, 2015)

Uplaoded the MBR.dat file


----------



## JSntgRvr (Jul 1, 2003)

Use *OPEN DNS* and see if the issue persists after a restart. You can undo these changes by reversing your actions


----------



## kango88 (Feb 5, 2015)

Hi, the problem still exist. Is the problem from this comp the same as the other computer you helped me solved?


----------



## JSntgRvr (Jul 1, 2003)

Very difficult to say at this point. I am attempting to locate the source of the issue.

Please download MiniToolBox and run it.

Select all boxes:

Click *Go* and post the result.


----------



## kango88 (Feb 5, 2015)

MiniToolBox by Farbar Version: 30-11-2014
Ran by user (administrator) on 25-02-2015 at 21:53:03
Running from "C:\Users\user\Downloads\Programs"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15474 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Broadcom 802.11ac Network Adapter = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : user-PC
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Broadcom 802.11ac Network Adapter
Physical Address. . . . . . . . . : 6C-40-08-AF-F8-9A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9191:67c:4a86:3527%13(Preferred) 
IPv4 Address. . . . . . . . . . . : 192.168.1.14(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 25, 2015 9:48:02 PM
Lease Expires . . . . . . . . . . : Thursday, February 26, 2015 1:48:01 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 292306952
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-0E-47-67-6C-40-08-AF-F8-9A
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 6C-40-08-AF-F8-9B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{87B61F43-5860-47CC-A300-0B0A4B12CE14}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:3829:1fa8:3f57:fef1(Preferred) 
Link-local IPv6 Address . . . . . : fe80::3829:1fa8:3f57:fef1%14(Preferred) 
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com
Addresses: 2404:6800:4003:c00::66
220.255.5.251
220.255.5.217
220.255.5.237
220.255.5.236
220.255.5.222
220.255.5.212
220.255.5.247
220.255.5.226
220.255.5.241
220.255.5.246
220.255.5.232
220.255.5.221
220.255.5.231
220.255.5.242
220.255.5.227
220.255.5.216

Pinging google.com [220.255.6.242] with 32 bytes of data:
Reply from 220.255.6.242: bytes=32 time=29ms TTL=59
Reply from 220.255.6.242: bytes=32 time=6ms TTL=59

Ping statistics for 220.255.6.242:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 6ms, Maximum = 29ms, Average = 17ms
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
206.190.36.45

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=237ms TTL=44
Reply from 98.138.253.109: bytes=32 time=221ms TTL=46

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 221ms, Maximum = 237ms, Average = 229ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...6c 40 08 af f8 9a ......Broadcom 802.11ac Network Adapter
12...6c 40 08 af f8 9b ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.14 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.14 281
192.168.1.14 255.255.255.255 On-link 192.168.1.14 281
192.168.1.255 255.255.255.255 On-link 192.168.1.14 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.14 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.14 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:9d38:6abd:3829:1fa8:3f57:fef1/128
On-link
13 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::3829:1fa8:3f57:fef1/128
On-link
13 281 fe80::9191:67c:4a86:3527/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/25/2015 09:48:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 10:45:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 10:34:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 09:40:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 10:44:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 10:43:12 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 35.0.1.5500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b28

Start Time: 01d04f11f12c76b3

Termination Time: 29

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: b3382912-bb05-11e4-b9cf-6c4008aff89b

Error: (02/23/2015 10:43:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1588
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/23/2015 10:15:03 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 35.0.1.5500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 94c

Start Time: 01d04f0e6aea18fb

Termination Time: 16

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: c5b7a768-bb01-11e4-b9cf-6c4008aff89b

Error: (02/23/2015 10:14:10 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 35.0.1.5500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16fc

Start Time: 01d04f0d73dccbde

Termination Time: 15

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 94198767-bb01-11e4-b9cf-6c4008aff89b

Error: (02/23/2015 10:05:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (02/25/2015 09:54:19 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/25/2015 09:52:04 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/25/2015 09:48:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/25/2015 09:48:07 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (02/25/2015 09:48:01 PM) (Source: Service Control Manager) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053

Error: (02/25/2015 09:48:01 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (02/25/2015 10:51:14 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/25/2015 10:50:59 AM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (02/25/2015 10:45:17 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/25/2015 10:45:15 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Microsoft Office Sessions:
=========================
Error: (02/25/2015 09:48:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 10:45:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 10:34:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 09:40:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 10:44:25 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2015 10:43:12 AM) (Source: Application Hang)(User: )
Description: firefox.exe35.0.1.5500b2801d04f11f12c76b329C:\Program Files (x86)\Mozilla Firefox\firefox.exeb3382912-bb05-11e4-b9cf-6c4008aff89b

Error: (02/23/2015 10:43:12 AM) (Source: Application Error)(User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425158801d04f11fd1b41e2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb4dd2c57-bb05-11e4-b9cf-6c4008aff89b

Error: (02/23/2015 10:15:03 AM) (Source: Application Hang)(User: )
Description: firefox.exe35.0.1.550094c01d04f0e6aea18fb16C:\Program Files (x86)\Mozilla Firefox\firefox.exec5b7a768-bb01-11e4-b9cf-6c4008aff89b

Error: (02/23/2015 10:14:10 AM) (Source: Application Hang)(User: )
Description: firefox.exe35.0.1.550016fc01d04f0d73dccbde15C:\Program Files (x86)\Mozilla Firefox\firefox.exe94198767-bb01-11e4-b9cf-6c4008aff89b

Error: (02/23/2015 10:05:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

=========================== Installed Programs ============================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 16.0.0.245 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Refresh Manager (x32 Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Boot Camp Services (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.1.5640 - Apple Inc.)
Chrysanth Cheque Writer [Free] (HKLM-x32\...\627237A3-ACD1-4EC8-B382-2061531CE8E5_is1) (Version: 9.8 - Chrysanth Software Sdn. Bhd.)
Definition Update for Microsoft Office 2013 (KB2920752) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DD8CA28C-FAA8-4BB7-B13B-979FF2E3C44B}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Interst Architect (HKLM-x32\...\Interst Architect1.0.0.1) (Version: 1.0.0.1 - InnAnTech Industries Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.7.0205.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.002.08.02.1014 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SMSCaster E-Marketer GSM Enterprise v3.6 (HKLM-x32\...\SMSCaster E-Marketer GSM Enterprise_is1) (Version: v3.6 (build 1071) - SDJ Software Limited)
Update for Microsoft Access 2013 (KB2910930) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{ED7FE277-965E-4812-8E2F-16D3D49AD03B}) (Version: - Microsoft)
Update for Microsoft Access 2013 (KB2910930) 64-Bit Edition (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUS_{ED7FE277-965E-4812-8E2F-16D3D49AD03B}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2920744) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3E5BE283-3216-4578-94BF-3FC62AC7F64F}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2920744) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3E5BE283-3216-4578-94BF-3FC62AC7F64F}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2920744) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{3E5BE283-3216-4578-94BF-3FC62AC7F64F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{25DEA344-FF6F-41BD-B88F-5242BB8E80E1}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827223) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A976D761-90AF-42FE-8FEA-898498F38FDB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827223) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{A976D761-90AF-42FE-8FEA-898498F38FDB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2147FFF7-71C4-4306-AFE2-1AA7A6025BB1}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880977) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3FF26B00-AC61-487F-B03B-5D83415C5408}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EADBF225-163E-406B-B11A-26ECCCAB5A0E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889846) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{94303C15-A3C4-4A5A-9763-B63726F9DDEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D7FAA622-6BCF-4EDF-8C34-A48E1838D57B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D7FAA622-6BCF-4EDF-8C34-A48E1838D57B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2899522) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A4E88D96-814F-4183-8DB2-BA3EC2B7E434}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2910921) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B4D575C6-32FA-403E-B84F-F67BCA3E94CE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2910921) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{B4D575C6-32FA-403E-B84F-F67BCA3E94CE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2910921) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B4D575C6-32FA-403E-B84F-F67BCA3E94CE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920735) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{31BC612F-D234-47E7-A9BA-6EEE1F86B42F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920740) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{04740595-CBB6-43F2-8C73-736600D41ADD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920740) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{73100196-0C9D-4465-9DF7-8B437AC380EA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920740) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{E0C1DB0B-BAD1-49FE-A20F-2F39969EE1EF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920742) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A86306A9-993A-4B17-A3E2-ED9E6ADA2285}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920745) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2228A0A3-3737-4E2B-8ED6-7713D5E76D27}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920745) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2228A0A3-3737-4E2B-8ED6-7713D5E76D27}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920769) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C906EC6B-8610-487F-8528-658FE2575C86}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920798) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E54A479E-936E-4FC0-942D-23E1605FCA34}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920798) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E54A479E-936E-4FC0-942D-23E1605FCA34}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2920798) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E54A479E-936E-4FC0-942D-23E1605FCA34}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2956102) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{89A83BFE-CB3A-4482-947B-C9D5B12968E2}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2920746) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{98F3EBD3-07A0-4239-85BB-7DB8A1185CA6}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2920739) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{260C3274-6E83-4EDA-9D35-AD7BA782269D}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2920739) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{260C3274-6E83-4EDA-9D35-AD7BA782269D}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2920739) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{260C3274-6E83-4EDA-9D35-AD7BA782269D}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2956087) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{04375E3E-AED6-4994-BC46-FAB2254322B1}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2956087) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{04375E3E-AED6-4994-BC46-FAB2254322B1}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2956149) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B6D56E2E-AC7F-49AA-BD95-6577A7DA55E3}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2956149) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{B6D56E2E-AC7F-49AA-BD95-6577A7DA55E3}) (Version: - Microsoft)
Update for Microsoft Project 2013 (KB2956091) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{337AA80D-C94C-43B7-A64B-355B3E26F2B8}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F24DFA32-C8EE-4AFB-89AB-07EE7A52E414}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F24DFA32-C8EE-4AFB-89AB-07EE7A52E414}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2956085) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F2AC488A-A8D5-44BC-8546-CE0A75961E32}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2956085) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F2AC488A-A8D5-44BC-8546-CE0A75961E32}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2956085) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F2AC488A-A8D5-44BC-8546-CE0A75961E32}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2956085) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F2AC488A-A8D5-44BC-8546-CE0A75961E32}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Apple Inc. (AppleCamera) Image (11/21/2013 5.0.22.0) (HKLM\...\1FCF3C93707C46D648F0B00E216A55E96DEB5A17) (Version: 11/21/2013 5.0.22.0 - Apple Inc.)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0) (HKLM\...\ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA) (Version: 01/10/2014 5.0.8.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0) (HKLM\...\277F15E06E6EEB458048F41BCB8FB843B3241E95) (Version: 09/04/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1) (HKLM\...\D323E2C0C5E4948B07EE346CF62161281B0A8578) (Version: 07/22/2013 1.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple System Device (05/20/2013 5.0.2.0) (HKLM\...\1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC) (Version: 05/20/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows Driver Package - Broadcom (b57nd60a) Net (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows Driver Package - Broadcom (B57ports) Net (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (12/13/2013 6.30.223.215) (HKLM\...\A5E73046BA905B7B0235AB40FA98A4E3AB96E00E) (Version: 12/13/2013 6.30.223.215 - Broadcom)
Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (02/19/2013 6.6001.1.40) (HKLM\...\969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7) (Version: 02/19/2013 6.6001.1.40 - Cirrus Logic, Inc.)
Windows Driver Package - Cirrus Logic, Inc. (CirrusLFD) MEDIA (10/03/2013 6.6001.3.13) (HKLM\...\9EBC96DD99F2C854D540FBF6A16A557BADDBC228) (Version: 10/03/2013 6.6001.3.13 - Cirrus Logic, Inc.)
Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 8100.69 MB
Available physical RAM: 6048.86 MB
Total Pagefile: 16199.57 MB
Available Pagefile: 13958.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3990.44 MB

========================= Partitions: =====================================

1 Drive c: (BOOTCAMP) (Fixed) (Total:116.41 GB) (Free:68.87 GB) NTFS
2 Drive d: (Macintosh HD) (Fixed) (Total:116.55 GB) (Free:83.35 GB) HFS

========================= Users: ========================================

User accounts for \\USER-PC

Administrator Guest user

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

18-02-2015 01:17:04 End of disinfection
19-02-2015 14:20:50 Windows Update
23-02-2015 02:16:28 Windows Update

**** End of log ****


----------



## JSntgRvr (Jul 1, 2003)

The event log suggest that the BIOS needs upgrading.



> You should check with your computer manufacturer for an upgraded BIOS


The DNS resolver as well as Firefox and IE Proxy settings were reset.

Does that make a difference?


----------



## kango88 (Feb 5, 2015)

I've updated all i can update on both windows and mac OS for this comp but the problem still exist


----------



## JSntgRvr (Jul 1, 2003)

Please download *Farbar Service Scanner* and run it on the computer with the issue.
Select all boxes
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## JSntgRvr (Jul 1, 2003)

GMER developer has replied. He has indicated that the issued experienced with GMER is that something may be blocking it.

You will need to disable Panda and Microsoft Essentials realtime protection while running GMER.

Panda Internet Security Suite

Please navigate to the system tray on the bottom right hand corner and look for a sign that looks like a Pandabear head.
Right click it-> select "Close automatic protection.".
A message will pop up and warn you about disabling the protection. Chose "Yes."
The above sign in the systemtray will now disapear.
You successfully disabled the Panda Internet Security Guard.

Microsoft Essentials

Find the Security Essentials icon in your System Tray (usually it's represented by a little green house with a flag on top). Right-click it and choose Open.
Click the Settings tab.
Click Real-time protection.
Uncheck the box next to Turn on real-time protection (recommended).
Click the Save changes button.


----------



## kango88 (Feb 5, 2015)

Farbar Service Scanner Version: 17-01-2015
Ran by user (administrator) on 26-02-2015 at 09:05:48
Running from "C:\Users\user\Downloads\Programs"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Policy: 
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****


----------



## kango88 (Feb 5, 2015)

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-02-26 09:15:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 APPLE_SSD_SM0256F rev.UXM2JA1Q 233.76GB
Running: g5hq7uwx.exe; Driver: C:\Users\user\AppData\Local\Temp\pwldapoc.sys

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076031401 2 bytes JMP 7639b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076031419 2 bytes JMP 7639b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076031431 2 bytes JMP 76418ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007603144a 2 bytes CALL 763748ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000760314dd 2 bytes JMP 764187a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000760314f5 2 bytes JMP 76418978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007603150d 2 bytes JMP 76418698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076031525 2 bytes JMP 76418a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007603153d 2 bytes JMP 7638fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076031555 2 bytes JMP 763968ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007603156d 2 bytes JMP 76418f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076031585 2 bytes JMP 76418ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007603159d 2 bytes JMP 7641865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000760315b5 2 bytes JMP 7638fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000760315cd 2 bytes JMP 7639b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20  00000000760316b2 2 bytes JMP 76418e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\InstallShield\isupdate.exe[2144] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000760316bd 2 bytes JMP 764185f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076031401 2 bytes JMP 7639b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076031419 2 bytes JMP 7639b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076031431 2 bytes JMP 76418ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007603144a 2 bytes CALL 763748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000760314dd 2 bytes JMP 764187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000760314f5 2 bytes JMP 76418978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007603150d 2 bytes JMP 76418698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076031525 2 bytes JMP 76418a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007603153d 2 bytes JMP 7638fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076031555 2 bytes JMP 763968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007603156d 2 bytes JMP 76418f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076031585 2 bytes JMP 76418ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007603159d 2 bytes JMP 7641865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000760315b5 2 bytes JMP 7638fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000760315cd 2 bytes JMP 7639b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000760316b2 2 bytes JMP 76418e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Internet Download Manager\IDMan.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000760316bd 2 bytes JMP 764185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076031401 2 bytes JMP 7639b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076031419 2 bytes JMP 7639b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076031431 2 bytes JMP 76418ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007603144a 2 bytes CALL 763748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000760314dd 2 bytes JMP 764187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000760314f5 2 bytes JMP 76418978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007603150d 2 bytes JMP 76418698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076031525 2 bytes JMP 76418a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007603153d 2 bytes JMP 7638fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076031555 2 bytes JMP 763968ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007603156d 2 bytes JMP 76418f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076031585 2 bytes JMP 76418ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007603159d 2 bytes JMP 7641865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000760315b5 2 bytes JMP 7638fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000760315cd 2 bytes JMP 7639b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000760316b2 2 bytes JMP 76418e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe[4848] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31  00000000760316bd 2 bytes JMP 764185f1 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Library C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2348](2014-12-11 10:11:14) 000000006fbc0000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2348](2014-12-11 10:11:14) 000000006e940000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2348](2014-12-11 10:11:14) 000000006a1c0000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2348](2014-12-11 10:11:14) 000000006ff00000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2348](2014-12-11 10:11:14) 000000006efc0000
Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2348](2014-12-11 10:11:14) 000000006ed40000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 0000000066a80000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000066770000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848](2015-02-10 21:00:30) 00000000666b0000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000066230000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 0000000004100000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000
Library c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzc3fia.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848](2015-02-26 01:02:40) 00000000039d0000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000065f00000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000064f10000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000064cf0000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000064a90000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000066f10000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848](2015-02-10 21:00:30) 0000000066fc0000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000064a60000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000064a20000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000649d0000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848](2015-02-10 21:00:28) 0000000063cf0000
Library C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe [4848](2015-02-10 21:00:28) 0000000064990000

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6c4008aff89b 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6c4008aff89b (not active ControlSet)

---- EOF - GMER 2.1 ----


----------



## kango88 (Feb 5, 2015)

Went into blue screen after the scan and below is the crash log after restarting in safe mode

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 109
BCP1: A3A039D89DAC4506
BCP2: B3B7465EF02A8098
BCP3: FFFFF88002F855C0
BCP4: 0000000000000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\022615-4836-01.dmp
C:\Users\user\AppData\Local\Temp\WER-7597-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt


----------



## JSntgRvr (Jul 1, 2003)

I don't see an issue that may contribute to the problem. Lets try re-installing the browsers. Start with Firefox. Uninstall the browser, then download and install the latest. Give it a test drive and let me know the outcome.

In addition, lets reset the HOSTS file and remove FRST quarantine:

Download the enclosed file. Save it in the same location FRST is saved. Open FRST and click on the Fix button. Post the report, *Fixlog.txt*

Run the *F-Secure Online Scanner*, and let me know the outcome.


----------



## kango88 (Feb 5, 2015)

Reinstall firefox and problem still around


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by user at 2015-02-26 20:59:43 Run:5
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Hosts:
DeleteQuarantine:
End
*****************

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"C:\FRST\Quarantine" => Removed successfully.

==== End of Fixlog 20:59:43 ====


----------



## kango88 (Feb 5, 2015)

Attached is the screenshot of the scan result


----------



## kango88 (Feb 5, 2015)

Problem still exist after restart of comp


----------



## JSntgRvr (Jul 1, 2003)

It is only the Search engine? as the connection seems fine.

Open an administrator Command Prompt. (Click on the Start button, type CMD on the search line, Right click on the command that shoulld be shown o top of the Start Menu and select Run as an administrator). The prompt should end on C:\Windows\System32.

At the prompt type SFC /ScanNow and press Enter.

Let me know the outcome.


----------



## kango88 (Feb 5, 2015)

Yup. Only the search engines facing issues.

Did the scan and the scan did not find any integrity violation


----------



## JSntgRvr (Jul 1, 2003)

On FRST, I don't see any SearchScopes under Internet Explorer

Download the enclosed file. Save it in the same location FRST is saved. Open FRST, except that this time around click on the Fix button and wait.

The tool will produce a log, *fixlog.txt*. Please post it on your next reply.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by user at 2015-02-27 10:29:56 Run:6
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Reg: Reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes" /s
Reg: Reg Query "HKEY_USERS\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Internet Explorer\SearchScopes" /s
Reg: Reg Query "HKEY_LOCAL_MACHINE\test\Microsoft\Internet Explorer\SearchScopes" /s
End
*****************

========= Reg query "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes" /s =========

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope REG_SZ {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
DefaultPackCorrection REG_DWORD 0x1
UpgradeTime REG_BINARY C4709459854BD001
TopResult REG_DWORD 0x1
ShowSearchSuggestionsGlobal REG_DWORD 0x1
ShowSearchSuggestionsInAddressGlobal REG_DWORD 0x1
KnownProvidersUpgradeTime REG_BINARY 9DDAB858854BD001
Version REG_DWORD 0x4

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Codepage REG_DWORD 0xfde9
DisplayName REG_SZ Bing
FaviconURL REG_SZ http://www.bing.com/favicon.ico
ShowSearchSuggestions REG_DWORD 0x1
ShowTopResult REG_DWORD 0x1
TopResultURL REG_SZ http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IETR02
URL REG_SZ http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SuggestionsURL REG_SZ http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}
NTURL REG_SZ http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR
NTTopResultURL REG_SZ http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR
NTSuggestionsURL REG_SZ http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS
NTLogoURL REG_SZ http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}
NTLogoPath REG_SZ C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\
FaviconURLFallback REG_SZ http://www.bing.com/favicon.ico
TopResultURLFallback REG_SZ http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IETR02
SuggestionsURLFallback REG_SZ http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}

========= End of Reg: =========

========= Reg Query "HKEY_USERS\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Internet Explorer\SearchScopes" /s =========

HKEY_USERS\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope REG_SZ {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
DefaultPackCorrection REG_DWORD 0x1
UpgradeTime REG_BINARY C4709459854BD001
TopResult REG_DWORD 0x1
ShowSearchSuggestionsGlobal REG_DWORD 0x1
ShowSearchSuggestionsInAddressGlobal REG_DWORD 0x1
KnownProvidersUpgradeTime REG_BINARY 9DDAB858854BD001
Version REG_DWORD 0x4

HKEY_USERS\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Codepage REG_DWORD 0xfde9
DisplayName REG_SZ Bing
FaviconURL REG_SZ http://www.bing.com/favicon.ico
ShowSearchSuggestions REG_DWORD 0x1
ShowTopResult REG_DWORD 0x1
TopResultURL REG_SZ http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IETR02
URL REG_SZ http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SuggestionsURL REG_SZ http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}
NTURL REG_SZ http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR
NTTopResultURL REG_SZ http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR
NTSuggestionsURL  REG_SZ http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS
NTLogoURL REG_SZ http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}
NTLogoPath REG_SZ C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\
FaviconURLFallback REG_SZ http://www.bing.com/favicon.ico
TopResultURLFallback REG_SZ http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IETR02
SuggestionsURLFallback REG_SZ http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}

========= End of Reg: =========

========= Reg Query "HKEY_LOCAL_MACHINE\test\Microsoft\Internet Explorer\SearchScopes" /s =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

==== End of Fixlog 10:29:56 ====


----------



## kango88 (Feb 5, 2015)

Still not fix. Just want to take the time to thank you for your patience with me all these while


----------



## JSntgRvr (Jul 1, 2003)

Seems that you only have Bing as the search engine. Can you change your settings to Yahoo or Google?


----------



## kango88 (Feb 5, 2015)

How do i change the setting? For which browser?

I cannot search with yahoo and bing for all my browsers while my Google is looking weird


----------



## JSntgRvr (Jul 1, 2003)

> I cannot search with yahoo and bing for all my browsers while my Google is looking weird


Send me a screen shot and let me know how it should look.


----------



## JSntgRvr (Jul 1, 2003)

Here are instructions on how to manage your search engines:

In Chrome -> https://support.google.com/chrome/answer/95426?hl=en

Firefox -> http://www.searchenginejournal.com/change-your-default-search-engine-in-firefox-google-chrome-ie/

Internet Explorer -> http://windows.microsoft.com/en-us/internet-explorer/products/ie-9/tips/search-providers


----------



## kango88 (Feb 5, 2015)

Screenshot


----------



## JSntgRvr (Jul 1, 2003)

Which browser has that?


----------



## kango88 (Feb 5, 2015)

Google. For yahoo and bing, i cannot even search


----------



## kango88 (Feb 5, 2015)

is the same issue as my other comp before you help me to fix it


----------



## JSntgRvr (Jul 1, 2003)

Re-scan with FRST and post its reports.


----------



## kango88 (Feb 5, 2015)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by user (administrator) on USER-PC on 27-02-2015 12:09:25
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-02-07] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-02] (Intel Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2015-01-25] (Tonec Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-18] (Google Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990352-8160-11e4-8edf-6c4008aff89a} - E:\AutoRun.exe
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990377-8160-11e4-8edf-6c4008aff89b} - E:\AutoRun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{87B61F43-5860-47CC-A300-0B0A4B12CE14}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: LastPass - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: FireShot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-25]
FF Extension: EPUBReader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-18]
FF Extension: Easy App Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: MEGA EXTENSION - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Save My Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Media Stealer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Reader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-02-18]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2015-02-05]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV="
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Downloads) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkhjekibcfjngomhbbifihellcaebcn [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (Download Manager (video and mp3)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapnjmgdanmelbcmjdjljogelnlfepcj [2015-02-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Honey) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-02-27]
CHR Extension: (RankRecon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdckfonfkdoeiobllnejjieicmjodh [2015-02-05]
CHR Extension: (OneTab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-02-05]
CHR Extension: (Webpage Screenshot) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-02-05]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (SEO I.Q.) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadlnlnlpkpchfljjcpkodcljofniggm [2015-02-05]
CHR Extension: (Tabs Backup & Restore) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2015-02-05]
CHR Extension: (FB Pixel Helper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-02-05]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-05]
CHR Extension: (Share As Image Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhphfbdfbkokcfajipbmkcakmmepeb [2015-02-05]
CHR Extension: (SEO & Website Analysis) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2015-02-05]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-02-08]
CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-06]
CHR Extension: (Hangouts) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-02-07] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-14] (Panda Security, S.L.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [598528 2012-05-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppleCamera; C:\Windows\System32\DRIVERS\AppleCamera.sys [1793664 2013-12-05] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2013-09-07] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [39424 2013-09-07] (Apple Inc.)
R3 AppleSDR; C:\Windows\System32\DRIVERS\AppleSDR.sys [12800 2013-09-04] (Apple Inc.)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFD.sys [56720 2013-10-18] (Cirrus Logic Inc.)
R3 CirrusUFD; C:\Windows\System32\DRIVERS\CSUFD.sys [11928 2013-10-18] (Cirrus Logic Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-17] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-14] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-14] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-14] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 10:26 - 2014-03-25 21:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-02-26 21:01 - 2015-02-26 21:01 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-26 20:55 - 2015-02-26 20:55 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-26 20:55 - 2015-02-26 20:55 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-26 20:55 - 2015-02-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 20:54 - 2015-02-26 20:54 - 00243424 _____ () C:\Users\user\Downloads\Firefox Setup Stub 36.0.exe
2015-02-26 09:17 - 2015-02-26 09:17 - 580847600 _____ () C:\Windows\MEMORY.DMP
2015-02-26 09:17 - 2015-02-26 09:17 - 00279408 _____ () C:\Windows\Minidump\022615-4836-01.dmp
2015-02-26 09:17 - 2015-02-26 09:17 - 00000000 ____D () C:\Windows\Minidump
2015-02-26 09:15 - 2015-02-26 09:15 - 00025387 _____ () C:\Users\user\Desktop\gmer1.log
2015-02-26 09:09 - 2015-02-26 09:09 - 00380416 _____ () C:\Users\user\Desktop\g5hq7uwx.exe
2015-02-25 23:26 - 2015-01-09 07:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 23:26 - 2015-01-09 07:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 09:57 - 2015-02-24 09:57 - 23441742 _____ () C:\Users\user\Desktop\New 2015 ODFX Presentation.pptx
2015-02-24 09:46 - 2015-02-24 09:46 - 00002022 _____ () C:\Users\user\Desktop\aswMBR.txt
2015-02-24 09:46 - 2015-02-24 09:46 - 00000512 _____ () C:\Users\user\Desktop\MBR.dat
2015-02-24 09:41 - 2015-02-24 09:41 - 05200384 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2015-02-23 10:36 - 2015-02-23 10:36 - 00000406 _____ () C:\Users\user\Desktop\gmer.log
2015-02-23 10:22 - 2015-02-23 10:22 - 00056496 _____ (GMER) C:\pwldapoc.sys
2015-02-23 10:22 - 2015-02-23 10:22 - 00000000 ____D () C:\GMER
2015-02-20 10:12 - 2015-02-20 10:13 - 00001232 _____ () C:\Users\user\Desktop\Advice.txt
2015-02-20 10:05 - 2015-02-23 10:43 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-02-20 00:11 - 2015-02-20 00:11 - 00002480 _____ () C:\Users\user\Desktop\RKreport_SCN_02202015_001009.log
2015-02-20 00:01 - 2015-02-20 00:01 - 00003752 _____ () C:\Users\user\Desktop\RKreport_SCN_02202015_000103.log
2015-02-19 22:48 - 2015-02-23 10:28 - 00000000 ____D () C:\Users\user\Desktop\Fb Viral Blitz Formula
2015-02-19 22:20 - 2015-01-09 11:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-19 22:20 - 2015-01-09 11:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-19 22:20 - 2015-01-09 11:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-19 22:20 - 2015-01-09 10:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-19 22:12 - 2015-02-19 22:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\FireShot
2015-02-19 21:42 - 2015-02-20 00:06 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-19 21:42 - 2015-02-19 21:42 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-19 21:34 - 2015-02-27 12:09 - 00000000 ____D () C:\FRST
2015-02-18 22:12 - 2015-02-18 22:12 - 00000000 ____D () C:\Users\user\Desktop\Old Firefox Data
2015-02-18 22:08 - 2015-02-18 22:08 - 00000218 _____ () C:\Users\user\Desktop\Boot Camp About keyboards and key assignment for Microsoft Windows - Apple Support.URL
2015-02-18 22:07 - 2015-02-18 22:07 - 00000235 _____ () C:\Users\user\Desktop\The best of Oliver Emberton.URL
2015-02-18 22:07 - 2015-02-18 22:07 - 00000213 _____ () C:\Users\user\Desktop\Pricing Plans Call Loop.URL
2015-02-18 09:17 - 2015-02-18 09:17 - 00000709 _____ () C:\DelFix.txt
2015-02-18 09:17 - 2015-02-18 09:17 - 00000000 ____D () C:\Windows\ERUNT
2015-02-14 00:03 - 2015-02-14 00:03 - 00086565 _____ () C:\Users\user\Desktop\GWT links.rar
2015-02-14 00:01 - 2015-02-14 00:01 - 00276097 _____ () C:\Users\user\Desktop\GWT links (latest links).csv
2015-02-14 00:00 - 2015-02-14 00:00 - 00245662 _____ () C:\Users\user\Desktop\GWT links (sample).csv
2015-02-13 17:58 - 2015-02-27 12:09 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 17:58 - 2015-02-26 21:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 17:58 - 2015-02-21 12:04 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-13 17:58 - 2015-02-13 17:58 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-13 17:58 - 2015-02-13 17:58 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-13 17:58 - 2015-02-13 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-13 17:03 - 2015-02-13 23:42 - 00000406 _____ () C:\Users\user\Desktop\Article instructions.txt
2015-02-13 16:01 - 2015-02-13 16:01 - 00000053 _____ () C:\Users\user\Downloads\google732d6e0197cef43d.html
2015-02-13 15:53 - 2015-02-13 16:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2015-02-13 15:51 - 2015-02-13 15:51 - 00001078 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-02-13 15:29 - 2015-02-13 15:53 - 00000114 _____ () C:\Users\user\Desktop\Article Writing Service.txt
2015-02-13 11:11 - 2015-01-23 12:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 12:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 11:11 - 2015-01-23 11:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 11:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 23:45 - 2015-01-14 13:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 23:45 - 2015-01-14 13:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 23:45 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 23:45 - 2015-01-12 11:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 11:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 23:45 - 2015-01-12 10:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 10:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 23:45 - 2015-01-12 10:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 23:45 - 2015-01-12 10:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 10:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 23:45 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 23:45 - 2015-01-12 10:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 23:45 - 2015-01-12 10:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 10:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 09:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 23:45 - 2015-01-12 09:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 23:45 - 2015-01-12 09:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 23:45 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 09:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 23:45 - 2015-01-12 09:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 09:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 23:45 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 23:45 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 23:45 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 23:45 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 23:45 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 23:41 - 2015-01-14 14:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 14:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 23:41 - 2015-01-14 14:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 23:41 - 2015-01-14 14:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 23:40 - 2015-01-15 16:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 23:40 - 2015-01-15 16:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 23:40 - 2015-01-15 16:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 23:40 - 2015-01-15 16:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 23:40 - 2015-01-15 16:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 23:40 - 2015-01-15 16:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 23:40 - 2015-01-15 16:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 23:40 - 2015-01-15 16:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 23:40 - 2015-01-15 15:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 23:40 - 2015-01-15 15:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 23:40 - 2015-01-15 15:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 23:40 - 2015-01-15 15:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 23:40 - 2015-01-15 12:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 23:40 - 2015-01-13 11:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 23:40 - 2015-01-13 10:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 23:40 - 2014-12-12 13:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 23:40 - 2014-12-12 13:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 23:40 - 2014-07-07 10:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 23:40 - 2014-07-07 10:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 23:39 - 2015-01-09 10:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 23:38 - 2014-12-08 11:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 23:38 - 2014-12-08 10:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 23:38 - 2014-11-26 11:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 23:38 - 2014-11-26 11:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 23:58 - 2015-02-10 23:58 - 00000085 _____ () C:\Windows\wininit.ini
2015-02-06 12:46 - 2015-02-06 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-06 10:40 - 2015-02-17 23:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 10:39 - 2015-02-06 12:45 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 10:39 - 2015-02-06 10:39 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 10:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 09:45 - 2015-01-10 10:46 - 00000000 ____D () C:\Users\user\Desktop\LongTailPro
2015-02-06 09:44 - 2015-02-06 09:43 - 03265362 _____ () C:\Users\user\Desktop\Long Tail Pro Platinum 2.4.42 Updated.rar
2015-02-06 09:14 - 2015-02-06 09:15 - 35738846 _____ () C:\Users\user\Desktop\OMG Directors Cut Feb1.rar
2015-02-06 09:05 - 2015-02-06 09:05 - 00000088 _____ () C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2015-02-05 22:32 - 2015-02-05 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia
2015-02-05 22:31 - 2015-02-26 20:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 22:31 - 2015-02-05 22:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 22:31 - 2015-02-05 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 22:31 - 2015-02-05 22:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-05 19:15 - 2015-02-05 19:17 - 00000000 ____D () C:\Program Files (x86)\InterestArchitect
2015-02-05 19:15 - 2015-02-05 19:15 - 00002053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002041 _____ () C:\Users\Public\Desktop\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\Windows\Interst Architect
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interst Architect
2015-02-05 19:14 - 2015-02-05 19:14 - 00042150 _____ () C:\Users\user\Downloads\Interest Architect Patch.zip
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Panda Security
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-05 18:02 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150205-180212.backup
2015-02-05 17:58 - 2015-02-05 18:08 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-05 17:58 - 2015-02-05 17:58 - 01630952 _____ () C:\Users\user\Downloads\PANDAFREEAV.exe
2015-02-05 17:41 - 2015-02-05 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-05 17:40 - 2015-02-10 23:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-05 17:40 - 2015-02-10 23:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-05 17:38 - 2015-02-05 17:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
2015-02-05 17:28 - 2015-02-05 17:29 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-05 15:22 - 2015-02-05 15:22 - 00000215 _____ () C:\Users\user\Desktop\New Text Document.txt
2015-02-05 10:27 - 2015-02-05 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-12 00:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-05 10:25 - 2015-02-12 00:25 - 00002125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList
2015-02-05 10:01 - 2014-12-19 11:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-05 10:01 - 2014-12-19 09:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-05 10:01 - 2014-12-06 12:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-05 09:42 - 2015-02-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-05 09:39 - 2015-02-27 10:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache
2015-02-05 09:39 - 2015-02-25 21:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM
2015-02-05 09:39 - 2015-02-23 10:28 - 00000000 ____D () C:\Users\user\Downloads\Video
2015-02-05 09:39 - 2015-02-22 11:46 - 00000000 ____D () C:\Users\user\Downloads\Compressed
2015-02-05 09:39 - 2015-02-05 09:42 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00001021 _____ () C:\Users\user\Desktop\Internet Download Manager.lnk
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\IDM
2015-02-05 09:35 - 2015-02-05 09:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-05 09:31 - 2015-02-05 09:32 - 01977432 _____ () C:\Users\user\Downloads\winrar-x64-501.exe
2015-02-05 09:11 - 2015-02-05 09:59 - 00000468 _____ () C:\Windows\Tasks\InstallShield Update Task.job
2015-02-05 09:11 - 2015-02-05 09:11 - 00003202 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-05 09:09 - 2015-02-05 09:09 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-02-05 09:08 - 2015-02-17 22:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-05 09:07 - 2015-02-17 22:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 __RHD () C:\MSOCache
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-05 09:06 - 2014-12-12 01:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-27 12:09 - 2014-12-16 14:40 - 00000000 ___RD () C:\Users\user\Dropbox
2015-02-27 12:09 - 2014-12-16 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2015-02-27 12:08 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 12:08 - 2009-07-14 12:51 - 00038743 _____ () C:\Windows\setupact.log
2015-02-27 10:32 - 2014-12-01 23:30 - 01502365 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 10:32 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-27 10:32 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 10:32 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 20:56 - 2010-11-21 11:47 - 00020226 _____ () C:\Windows\PFRO.log
2015-02-20 00:03 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 14:57 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-13 17:58 - 2014-12-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-13 11:13 - 2014-12-16 14:40 - 00001021 _____ () C:\Users\user\Desktop\Dropbox.lnk
2015-02-13 11:13 - 2014-12-16 14:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 00:33 - 2009-07-14 12:45 - 00477768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 00:30 - 2014-12-01 23:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 00:26 - 2009-07-14 10:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-12 00:23 - 2014-12-26 14:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 00:21 - 2014-12-26 14:44 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 18:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-02-06 09:45 - 2015-01-06 15:53 - 00000256 _____ () C:\Users\user\AppData\Roaming\RO39-2M3Q
2015-02-05 22:31 - 2014-12-29 17:18 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-02-05 18:08 - 2014-12-11 18:12 - 00111992 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-05 10:28 - 2014-12-26 14:53 - 00774004 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-05 09:50 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-05 09:08 - 2010-11-21 15:16 - 00000000 ____D () C:\Windows\ShellNew

==================== Files in the root of some directories =======

2015-01-06 15:53 - 2015-01-06 15:53 - 0000088 _____ () C:\Users\user\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2015-02-06 09:05 - 2015-02-06 09:05 - 0000088 _____ () C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2015-01-06 15:53 - 2015-02-06 09:45 - 0000256 _____ () C:\Users\user\AppData\Roaming\RO39-2M3Q

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzzohwt.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-07 18:51

==================== End Of Log ============================


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed file. Save it next to FRST. Open FRST and click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post it on a reply.

Test the computer.

Run FRST and post its report.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by user at 2015-02-28 11:48:58 Run:7
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
C:\Users\user\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
C:\Users\user\AppData\Roaming\RO39-2M3Q
Reg: Reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\user\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key => Moved successfully.
C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key => Moved successfully.
C:\Users\user\AppData\Roaming\RO39-2M3Q => Moved successfully.

========= Reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
DefaultConnectionSettings REG_BINARY 460000001400000009000000000000000000000000000000040000000000000030B01153661ED0010000000000000000000000000200000002000000C0A801110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D3890D7280007AAD5C24A2B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SavedLegacySettings REG_BINARY 460000002500000009000000000000000000000000000000040000000000000030B01153661ED0010000000000000000000000000200000002000000C0A801110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D3890D7280007AAD5C24A2B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

========= End of Reg: =========

==== End of Fixlog 11:48:58 ====


----------



## JSntgRvr (Jul 1, 2003)

Any improvement?


----------



## kango88 (Feb 5, 2015)

The problem was solved before i restarted. Upon restart, it came back again


----------



## JSntgRvr (Jul 1, 2003)

Lets remove some of those values.

Download the enclosed file. Save it next to FRST. Open FRST and click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post it on a reply.

Test the computer.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-01 21:42:51 Run:8
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
C:\Users\user\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
C:\Users\user\AppData\Roaming\RO39-2M3Q
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f
Reg: Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f
cmd: bitsadmin /util /setieproxy localsystem NO_PROXY RESET
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"C:\Users\user\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key" => File/Directory not found.
"C:\Users\user\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key" => File/Directory not found.
"C:\Users\user\AppData\Roaming\RO39-2M3Q" => File/Directory not found.

========= Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f =========

The operation completed successfully.

========= End of Reg: =========

========= bitsadmin /util /setieproxy localsystem NO_PROXY RESET =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

There's a policy in effect that disables the storage of proxy settings per user.There's a policy in effect that disables the storage of proxy settings per user.Internet proxy settings for account localsystem set to NO_PROXY.
(connection = default)

========= End of CMD: =========

==== End of Fixlog 21:42:51 ====


----------



## kango88 (Feb 5, 2015)

The same scenario happened. Issue solved temporarily b4 restarting of comp


----------



## JSntgRvr (Jul 1, 2003)

There must be an entry in the registry that sets the Proxy, and that is what is causing the issue.

Lets recheck those settings again.

Download the enclosed file. Save it next to FRST. Open FRST and click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post it on a reply.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-01 22:35:25 Run:9
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Reg: reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
End
*****************


========= reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========




========= End of Reg: =========


==== End of Fixlog 22:35:25 ====


----------



## kango88 (Feb 5, 2015)

is not working even before i restart


----------



## JSntgRvr (Jul 1, 2003)

I am just checking the settings. No fix yet.

Download the enclosed file. Save it next to FRST. Open FRST and click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post it on a reply.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-01 23:24:22 Run:10
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies"
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies"
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies"
Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings"
Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"
End
*****************

========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
WinHttpSettings REG_BINARY 1800000000000000010000000000000000000000
DefaultConnectionSettings REG_BINARY 46000000540000000300000028000000687474703D3132372E302E302E313A383038303B68747470733D3132372E302E302E313A383038300B0000003C2D6C6F6F706261636B3E00000000000000000000000000000000000000000000000000000000000000000200000002000000C0A8010E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D386ABD287F3CBCD5C24A2B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SavedLegacySettings REG_BINARY 46000000450100000300000028000000687474703D3132372E302E302E313A383038303B68747470733D3132372E302E302E313A383038300B0000003C2D6C6F6F706261636B3E00000000000000000000000000000000000000000000000000000000000000000200000002000000C0A8010E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D386ABD287F3CBCD5C24A2B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

========= End of Reg: =========

========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies" =========

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies
(Default) REG_SZ 1http=127.0.0.1:8080;https=127.0.0.1:8080

========= End of Reg: =========

========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies" =========

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies
(Default) REG_SZ 1http=127.0.0.1:8080;https=127.0.0.1:8080

========= End of Reg: =========

========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" =========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies
(Default) REG_SZ 1http=127.0.0.1:8080;https=127.0.0.1:8080

========= End of Reg: =========

========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
EnablePunycode REG_DWORD 0x1
CodeBaseSearchPath REG_SZ CODEBASE
WarnOnIntranet REG_DWORD 0x1
MinorVersion REG_SZ 0
ActiveXCache REG_SZ C:\Windows\Downloaded Program Files
ProxyOverride REG_SZ <-loopback>
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x1
ProxyServer REG_SZ http=127.0.0.1:8080;https=127.0.0.1:8080

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

========= End of Reg: =========

========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
EnablePunycode REG_DWORD 0x1
CodeBaseSearchPath REG_SZ CODEBASE
WarnOnIntranet REG_DWORD 0x1
MinorVersion REG_SZ 0
ActiveXCache REG_SZ C:\Windows\Downloaded Program Files
ProxyOverride REG_SZ <-loopback>
ProxyHttp1.1 REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x1
ProxyServer REG_SZ http=127.0.0.1:8080;https=127.0.0.1:8080

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

========= End of Reg: =========

==== End of Fixlog 23:24:22 ====


----------



## kango88 (Feb 5, 2015)

Still having problem even before restarting


----------



## JSntgRvr (Jul 1, 2003)

Lets try this fix.

Download the enclosed file. Save it next to FRST. Open FRST and click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post it on a reply.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-01 23:57:05 Run:11
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\Controlset002\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0x0 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0x0 /f
End
*****************


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\Controlset002\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0x0 /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0x0 /f =========

The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog 23:57:06 ====


----------



## kango88 (Feb 5, 2015)

still same issue


----------



## JSntgRvr (Jul 1, 2003)

Let me know if it returns.


----------



## kango88 (Feb 5, 2015)

Yup, The problem still around


----------



## JSntgRvr (Jul 1, 2003)

Use the fixlist on post 146 and post its results.


----------



## JSntgRvr (Jul 1, 2003)

Open IE, go to Tools\Internet Options\Connections\LAN Settings. Take a screenshot of that window and post it is a reply.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-02 00:18:44 Run:12
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies"
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies"
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies"
Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings"
Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"
End
*****************


========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
WinHttpSettings REG_BINARY 1800000000000000010000000000000000000000
SavedLegacySettings REG_BINARY 4600000003000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
DefaultConnectionSettings REG_BINARY 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000



========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies" =========




========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies" =========




========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" =========




========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" =========


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
EnablePunycode REG_DWORD 0x1
CodeBaseSearchPath REG_SZ CODEBASE
WarnOnIntranet REG_DWORD 0x1
MinorVersion REG_SZ 0
ActiveXCache REG_SZ C:\Windows\Downloaded Program Files
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones


========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
EnablePunycode REG_DWORD 0x1
CodeBaseSearchPath REG_SZ CODEBASE
WarnOnIntranet REG_DWORD 0x1
MinorVersion REG_SZ 0
ActiveXCache REG_SZ C:\Windows\Downloaded Program Files
ProxyHttp1.1 REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones


========= End of Reg: =========


==== End of Fixlog 00:18:44 ====


----------



## kango88 (Feb 5, 2015)

The problem was solved until i restart. Upon restart, it came back


----------



## kango88 (Feb 5, 2015)

Screenshot of IE settings


----------



## JSntgRvr (Jul 1, 2003)

Clear that checkmark under proxy server and click OK.

Test the computer.


----------



## kango88 (Feb 5, 2015)

I cannot. Everytime i clear the checkmark, it came back again after i restart IE


----------



## JSntgRvr (Jul 1, 2003)

There must be a restriction.

Please download *SystemLook* from one of the links below and save it to your Desktop.

*32 bit Download Mirror #1
32 bit Download Mirror #2*

For 64bit systems, Please download *SystemLook* from the link below and save it to your Desktop.

*64 bit Download Mirror*


Double-click *SystemLook.exe* (or SystemLook_x64.exe) to run the application.
Copy the content of the following quote box into the main textfield:


> :regfind
> ProxySettingsPerUser



Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## kango88 (Feb 5, 2015)

SystemLook 30.07.11 by jpshortstuff
Log created at 00:43 on 02/03/2015 by user
Administrator - Elevation successful

========== regfind ==========

Searching for "ProxySettingsPerUser "
No data found.

-= EOF =-


----------



## JSntgRvr (Jul 1, 2003)

That Yellow band is a flag that a restriction exists. lets check othe areas of the registry.

Download the enclosed file. Save it next to FRST. Open FRST and click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post it on a reply.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-02 10:45:48 Run:13
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Reg: Reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
Reg: Reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
End
*****************


========= Reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" =========


HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
ProxySettingsPerUser REG_DWORD 0x0

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache


========= End of Reg: =========


========= Reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" =========


HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
ProxySettingsPerUser REG_DWORD 0x0

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache


========= End of Reg: =========


==== End of Fixlog 10:45:48 ====


----------



## kango88 (Feb 5, 2015)

Problem not solved even before restart


----------



## kango88 (Feb 5, 2015)

can i just add that my other computer you helped solved is currently facing the same issue that i cannot uncheck the lan settings with the messages below. I cannot use both IE and chrome while firefox is not affected.

The proxy server isn't responding


Check your proxy settings *127.0.0.1:8080*.
Go to Tools > Internet Options > Connections. If you are on a LAN, click "LAN settings".
Make sure your firewall settings aren't blocking your web access.
Ask your system administrator for help.


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed file. Save it next to FRST. Open FRST and click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post it on a reply.

Attempt to remove that checkmark prom the proxy server, click OK out of the properties windows. Restart and test.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-02 23:17:58 Run:14
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
Reg: Reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\explorer"
Reg: Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 0x1 /f
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

========= Reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\explorer" =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 0x1 /f =========

The operation completed successfully.

========= End of Reg: =========

==== End of Fixlog 23:17:59 ====


----------



## kango88 (Feb 5, 2015)

Once i restart, the checkmark came back


----------



## JSntgRvr (Jul 1, 2003)

Was the Yellow bar still present? Process the enclosed fixlist.


----------



## kango88 (Feb 5, 2015)

by yellow bar you mean the highlighted sections stating "some settings are managed by system administrator" right?


----------



## JSntgRvr (Jul 1, 2003)

Yes.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-02 23:33:02 Run:15
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
Reg: Reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
Reg: Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 0x1 /f
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

========= Reg query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" =========

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
ProxySettingsPerUser REG_DWORD 0x0

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

========= End of Reg: =========

========= Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 0x1 /f =========

The operation completed successfully.

========= End of Reg: =========

==== End of Fixlog 23:33:03 ====


----------



## kango88 (Feb 5, 2015)

It is gone after applying the latest fix but let me restart first and update you


----------



## kango88 (Feb 5, 2015)

yellow bar back again upon restart


----------



## JSntgRvr (Jul 1, 2003)

Process the enclosed file and post the fixlog it willl produced. This is only a query, not a fix.

Do you have *Spybot S&D* installed?

Something is writing those settings back. Spybot and other security programs are known to do this.


----------



## kango88 (Feb 5, 2015)

I removed spybot quite a while back


----------



## JSntgRvr (Jul 1, 2003)

There was a remnant running at boot. Lets see what the report brings.


----------



## kango88 (Feb 5, 2015)

Attached the fixlog as is too big to be posted


----------



## JSntgRvr (Jul 1, 2003)

Download the enclosed folder. Save and extract its contents to the desktop. It is a folder containing registry entries. Once extracted, click on the Regfix.reg file, and select Yes when prompted to merge it into the registry.

Restart the computer and test.


----------



## kango88 (Feb 5, 2015)

Still the same. cannot uncheck


----------



## JSntgRvr (Jul 1, 2003)

That cookie is quite hard.

Please process the enclosed fixlist and post the new fixlog it will produce.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-03 01:24:08 Run:17
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
reg: Reg Query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings"
reg: Reg Query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
reg: Reg Query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"
reg: Reg Query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings"
reg: Reg Query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies"
reg: Reg Query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies"
reg: Reg Query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
End

*****************

========= Reg Query "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" =========

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
ProxySettingsPerUser REG_DWORD 0x0

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

========= End of Reg: =========

========= Reg Query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========

========= End of Reg: =========

========= Reg Query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
EnablePunycode REG_DWORD 0x1
CodeBaseSearchPath REG_SZ CODEBASE;<http://codecs.microsoft.com/isapi/ocget.dll>
WarnOnIntranet REG_DWORD 0x1
MinorVersion REG_SZ 0
ActiveXCache REG_SZ C:\WINDOWS\Downloaded Program Files
ProxyHttp1.1 REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x1
UrlEncoding REG_SZ 0x00000000
ProxyServer REG_SZ http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyOverride REG_SZ <-loopback>

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

========= End of Reg: =========

========= Reg Query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
EnablePunycode REG_DWORD 0x1
CodeBaseSearchPath REG_SZ CODEBASE
WarnOnIntranet REG_DWORD 0x1
MinorVersion REG_SZ 0
ActiveXCache REG_SZ C:\Windows\Downloaded Program Files
MigrateProxy REG_DWORD 0x1
ProxyEnable REG_DWORD 0x1
ProxyServer REG_SZ http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyOverride REG_SZ <-loopback>

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

========= End of Reg: =========

========= Reg Query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies" =========

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies
(Default) REG_SZ 1http=127.0.0.1:8080;https=127.0.0.1:8080

========= End of Reg: =========

========= Reg Query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies" =========

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies
(Default) REG_SZ 1http=127.0.0.1:8080;https=127.0.0.1:8080

========= End of Reg: =========

========= Reg Query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
WinHttpSettings REG_BINARY 1800000000000000010000000000000000000000
DefaultConnectionSettings REG_BINARY 460000000C0000000300000028000000687474703D3132372E302E302E313A383038303B68747470733D3132372E302E302E313A383038300B0000003C2D6C6F6F706261636B3E00000000000000000000000000000000000000000000000000000000000000000200000002000000C0A801090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D3890D720050891D5C24A2B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SavedLegacySettings REG_BINARY 46000000290000000300000028000000687474703D3132372E302E302E313A383038303B68747470733D3132372E302E302E313A383038300B0000003C2D6C6F6F706261636B3E00000000000000000000000000000000000000000000000000000000000000000200000002000000C0A801090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001700000000000000200100009D3890D720050891D5C24A2B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

========= End of Reg: =========

==== End of Fixlog 01:24:09 ====


----------



## kango88 (Feb 5, 2015)

Still cannot uncheck after restart


----------



## JSntgRvr (Jul 1, 2003)

Everything is re-written. I want to rescan the computer. Let me go back to see what applications we have ran.


----------



## JSntgRvr (Jul 1, 2003)

Download *RogueKiller* (by tigzy) on the desktop

Scroll down on the window and select the 64bit application from the local server.

Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan. Once finished, click on Report (*No not delete anything*)
Please post the contents of the RKreport.txt in your next Reply.


----------



## kango88 (Feb 5, 2015)

RogueKiller V10.5.0.0 (x64) [Mar 2 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits

version
Started in : Normal mode
User : user [Administrator]
Mode : Scan -- Date : 03/03/2015 10:28:32

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] ouc.exe(2708) -- C:\ProgramData\Mobile

Partner\OnlineUpdate\ouc.exe[7] -> Killed [TermProc]
[Proc.Injected] PSANHost.exe(2724) -- C:\Program Files

(x86)\Panda Security\Panda Security Protection\PSANHost.exe[7]

-> Killed [TermThr]

¤¤¤ Registry : 5 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System

\CurrentControlSet\Services\PSKMAD (System32\DRIVERS

\PSKMAD.sys) -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 ->

Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 ->

Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Internet Settings | ProxyServer :

http=127.0.0.1:8080;https=127.0.0.1:8080 -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft

\Windows\CurrentVersion\Internet Settings | ProxyServer :

http=127.0.0.1:8080;https=127.0.0.1:8080 -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] GoogleUpdateTaskMachineUA.job -- C:\Program

Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource

scheduler) -> Found
[Suspicious.Path] \\GoogleUpdateTaskMachineUA -- C:\Program

Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource

scheduler) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: APPLE SSD SM0256F ATA Device +++++
--- User ---
[MBR] 0060b91082a8c6cfd1c1a191f53d8160
[BSP] 7354eba38a3d1dfbad0f38f8808e7fc5 : Windows Vista/7/8 MBR

Code
Partition table:
0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB
1 - Customer | Offset (sectors): 409640 | Size: 119343 MB
2 - Recovery HD | Offset (sectors): 244824552 | Size: 619 MB
3 - BOOTCAMP | Offset (sectors): 246095872 | Size: 119208 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: APPLE SD Card Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_02202015_000245.log -

RKreport_DEL_02202015_001350.log -

RKreport_SCN_02192015_214845.log -

RKreport_SCN_02202015_000103.log
RKreport_SCN_02202015_001009.log


----------



## JSntgRvr (Jul 1, 2003)

Only what we have determined that needs to be fixed is what was detected. Everything else are legit entries.

Lets activate the Hidden Administrator.

Bring the computer to an Administrator Command prompt (click on start, type CMD, at the top of the start menu, right click the CMD command and select run as an Administrator). At the prompt type the following and press Enter:

*net user administrator /active:yes*
*Exit*

Restart the computer and logon into the *Administrator* account. Download and extract the Regfix.reg previously posted into that account's desktop but, before clicking on the Regfix.reg, temporarily turn Off Panda. Once done, restart and logon into your regular account and test.

To turn Off the Hidden Administrator Account, type the following at an Administrator Command prompt:

*net user administrator /active:No*
*Exit*

Let me know the outcome.


----------



## kango88 (Feb 5, 2015)

what is the default password for admin account? i never set any password even for the user account


----------



## JSntgRvr (Jul 1, 2003)

Would it work if left in blank?


----------



## kango88 (Feb 5, 2015)

nope. it say "the username or password is incorrect" even if i leave it blank


----------



## JSntgRvr (Jul 1, 2003)

Press the Windows key+R. Type or copy and paste *Notepad C:\Windows\wininit.ini*. Post the contents of that file.


----------



## kango88 (Feb 5, 2015)

[rename]
NUL=C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db


----------



## JSntgRvr (Jul 1, 2003)

Do the same with the following commands:

*Notepad C:\WINDOWS\win.ini
Notepad C:\WINDOWS\PFRO.log
Notepad C:\WINDOWS\Tasks\SA.DAT
Notepad C:\Windows\setupact.log*


----------



## kango88 (Feb 5, 2015)

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMCDLLNAME32=mapi32.dll
CMC=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
3g2=MPEGVideo
3gp=MPEGVideo
3gp2=MPEGVideo
3gpp=MPEGVideo
aac=MPEGVideo
adt=MPEGVideo
adts=MPEGVideo
m2t=MPEGVideo
m2ts=MPEGVideo
m2v=MPEGVideo
m4a=MPEGVideo
m4v=MPEGVideo
mod=MPEGVideo
mov=MPEGVideo
mp4=MPEGVideo
mp4v=MPEGVideo
mts=MPEGVideo
ts=MPEGVideo
tts=MPEGVideo


----------



## kango88 (Feb 5, 2015)

11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\mxdwdrv.dll, \??\D:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\unidrvui.dll, \??\D:\Windows\system32\spool\DRIVERS\x64\3\unidrvui.dll, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\UNIDRV.DLL, \??\D:\Windows\system32\spool\DRIVERS\x64\3\UNIDRV.DLL, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\UNIRES.DLL, \??\D:\Windows\system32\spool\DRIVERS\x64\3\UNIRES.DLL, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\XPSSVCS.DLL, \??\D:\Windows\system32\spool\DRIVERS\x64\3\XPSSVCS.DLL, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\mxdwdui.dll, \??\D:\Windows\system32\spool\DRIVERS\x64\3\mxdwdui.dll, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\FXSDRV.DLL, \??\D:\Windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\FXSUI.DLL, \??\D:\Windows\system32\spool\DRIVERS\x64\3\FXSUI.DLL, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\FXSUI.DLL, \??\D:\Windows\system32\spool\DRIVERS\x64\3\FXSUI.DLL, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\FXSWZRD.DLL, \??\D:\Windows\system32\spool\DRIVERS\x64\3\FXSWZRD.DLL, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\FXSTIFF.DLL, \??\D:\Windows\system32\spool\DRIVERS\x64\3\FXSTIFF.DLL, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\FXSRES.DLL, \??\D:\Windows\system32\spool\DRIVERS\x64\3\FXSRES.DLL, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\DRIVERS\x64\3\New\FXSAPI.DLL, \??\D:\Windows\system32\spool\DRIVERS\x64\3\FXSAPI.DLL, 0xc000003a
11/20/2010 19:47:7 - PFRO Error: \??\D:\Windows\system32\spool\drivers\x64\3\Old\1\FXSWZRD.DLL, |delete operation|, 0xc000003a
11/20/2010 19:47:7 - 0 Successful PFRO operations

12/23/2014 11:59:56 - PFRO Error: \??\C:\Program Files (x86)\Google\Chrome, |delete operation|, 0xc0000101
12/23/2014 11:59:56 - 5 Successful PFRO operations

2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\mxdwdrv.dll, \??\C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\UniDrvUI.dll, \??\C:\Windows\system32\spool\DRIVERS\x64\3\UniDrvUI.dll, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\UniDrv.HLP, \??\C:\Windows\system32\spool\DRIVERS\x64\3\UniDrv.HLP, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\UNIDRV.DLL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRV.DLL, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\UNIRES.DLL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\UNIRES.DLL, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\STDNAMES.GPD, \??\C:\Windows\system32\spool\DRIVERS\x64\3\STDNAMES.GPD, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\STDDTYPE.GDL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\STDDTYPE.GDL, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\STDSCHEM.GDL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\STDSCHEM.GDL, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\STDSCHMX.GDL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\STDSCHMX.GDL, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\XPSSVCS.DLL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\XPSSVCS.DLL, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\drivers\x64\3\Old\1\STDSCHEM.GDL, |delete operation|, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\drivers\x64\3\Old\1\STDSCHMX.GDL, |delete operation|, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\drivers\x64\3\Old\1\UNIDRV.DLL, |delete operation|, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\drivers\x64\3\Old\1\UniDrv.HLP, |delete operation|, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\drivers\x64\3\Old\1\UniDrvUI.dll, |delete operation|, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\drivers\x64\3\Old\1\UNIRES.DLL, |delete operation|, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\drivers\x64\3\Old\1\XPSSVCS.DLL, |delete operation|, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\mxdwdrv.dll, \??\C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\UniDrvUI.dll, \??\C:\Windows\system32\spool\DRIVERS\x64\3\UniDrvUI.dll, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\SendToOneNote.GPD, \??\C:\Windows\system32\spool\DRIVERS\x64\3\SendToOneNote.GPD, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\UniDrv.HLP, \??\C:\Windows\system32\spool\DRIVERS\x64\3\UniDrv.HLP, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\SendToOneNote-pipelineconfig.xml, \??\C:\Windows\system32\spool\DRIVERS\x64\3\SendToOneNote-pipelineconfig.xml, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\SendToOneNote.ini, \??\C:\Windows\system32\spool\DRIVERS\x64\3\SendToOneNote.ini, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\SendToOneNoteNames.gpd, \??\C:\Windows\system32\spool\DRIVERS\x64\3\SendToOneNoteNames.gpd, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\SendToOneNoteFilter.dll, \??\C:\Windows\system32\spool\DRIVERS\x64\3\SendToOneNoteFilter.dll, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\UNIDRV.DLL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRV.DLL, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\UNIRES.DLL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\UNIRES.DLL, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\STDNAMES.GPD, \??\C:\Windows\system32\spool\DRIVERS\x64\3\STDNAMES.GPD, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\STDDTYPE.GDL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\STDDTYPE.GDL, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\STDSCHEM.GDL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\STDSCHEM.GDL, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\STDSCHMX.GDL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\STDSCHMX.GDL, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\MSXPSINC.GPD, \??\C:\Windows\system32\spool\DRIVERS\x64\3\MSXPSINC.GPD, 0xc000003a
2/5/2015 9:59:38 - PFRO Error: \??\C:\Windows\system32\spool\DRIVERS\x64\3\New\XPSSVCS.DLL, \??\C:\Windows\system32\spool\DRIVERS\x64\3\XPSSVCS.DLL, 0xc000003a
2/5/2015 9:59:38 - 9 Successful PFRO operations

2/5/2015 18:5:30 - PFRO Error: \??\C:\Program Files (x86)\Google\Chrome, |delete operation|, 0xc0000101
2/5/2015 18:5:30 - 3 Successful PFRO operations

2/6/2015 12:33:1 - PFRO Error: \??\C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll.old, |delete operation|, 0xc0000034
2/6/2015 12:33:1 - 2 Successful PFRO operations

2/10/2015 23:59:21 - PFRO Error: \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat, |delete operation|, 0xc0000034
2/10/2015 23:59:21 - PFRO Error: \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db, |delete operation|, 0xc0000034
2/10/2015 23:59:21 - PFRO Error: \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat, |delete operation|, 0xc0000034
2/10/2015 23:59:21 - PFRO Error: \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db, |delete operation|, 0xc0000034
2/10/2015 23:59:21 - PFRO Error: \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat, |delete operation|, 0xc0000034
2/10/2015 23:59:21 - PFRO Error: \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db, |delete operation|, 0xc0000034
2/10/2015 23:59:21 - PFRO Error: \??\C:\Program Files (x86)\Spybot - Search & Destroy 2, |delete operation|, 0xc0000101
2/10/2015 23:59:21 - PFRO Error: \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartmd5.dat, |delete operation|, 0xc000003a
2/10/2015 23:59:21 - PFRO Error: \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db, |delete operation|, 0xc000003a
2/10/2015 23:59:21 - 25 Successful PFRO operations

2/17/2015 14:53:15 - PFRO Error: \??\C:\Program Files (x86)\Google\Chrome, |delete operation|, 0xc0000101
2/17/2015 14:53:15 - 0 Successful PFRO operations

2/23/2015 10:5:33 - PFRO Error: \??\C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3mdcpb.lck, |delete operation|, 0xc000003a
2/23/2015 10:5:33 - PFRO Error: \??\C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt, |delete operation|, 0xc000003a
2/23/2015 10:5:33 - PFRO Error: \??\C:\Users\user\AppData\Local\Temp\~DFFBC90C3745EADF12.TMP, |delete operation|, 0xc000003a
2/23/2015 10:5:33 - 15 Successful PFRO operations

2/26/2015 20:56:40 - PFRO Error: \??\C:\Users\user\AppData\Local\Temp\~nsu.tmp, |delete operation|, 0xc0000101
2/26/2015 20:56:40 - 3 Successful PFRO operations


----------



## kango88 (Feb 5, 2015)

dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnSelectBestCompatDrv============
dispci.dll: ============END OnSelectBestCompatDrv==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0x17 and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&1FC3087&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnDestroyPrivateData============
dispci.dll: ============END OnDestroyPrivateData==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0xc and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&1FC3087&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnAllowInstall============
dispci.dll: DispCIIsDriverInstallAllowed: Driver package contains a feature score 0xfe
dispci.dll: ============END OnAllowInstall==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0x18 and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&1FC3087&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnInstallDeviceFiles============
dispci.dll: ============END OnInstallDeviceFiles==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0x15 and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&1FC3087&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x410031
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x410031
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DispCIIsDriverInstallAllowed: Driver package contains a feature score 0xfe
dispci.dll: ============BEGIN OnInstallDevice============
dispci.dll: DispCIIsDeviceCompatibleWithHighResolutionBoot: Found high resolution boot incomaptible hardware DispCIIsDeviceCompatibleWithHighResolutionBoot
dispci.dll: DispCISetServiceStartType: No change to the service start required
dispci.dll: ============END OnInstallDevice==============
dispci.dll: DisplayClassInstaller: Returning 0x00000000 for DIF 0x2 and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&1FC3087&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x410031
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnDestroyPrivateData============
dispci.dll: ============END OnDestroyPrivateData==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0xc and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&1FC3087&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
montr_ci.dll: DIF_SELECTBESTCOMPATDRV
montr_ci.dll: Returning 0xe000020e for function 0x17 and device DISPLAY\DEFAULT_MONITOR\5&2DCF5EAB&0&12345678&06&05.
montr_ci.dll: DIF_DESTROYPRIVATEDATA
montr_ci.dll: Returning 0xe000020e for function 0xc and device DISPLAY\DEFAULT_MONITOR\5&2DCF5EAB&0&12345678&06&05.
montr_ci.dll: DIF_ALLOW_INSTALL
montr_ci.dll: Returning 0xe000020e for function 0x18 and device DISPLAY\DEFAULT_MONITOR\5&2DCF5EAB&0&12345678&06&05.
montr_ci.dll: DIF_INSTALLDEVICEFILES
montr_ci.dll: Retrieving driver details....
montr_ci.dll: Returning 0xe000020e for function 0x15 and device DISPLAY\DEFAULT_MONITOR\5&2DCF5EAB&0&12345678&06&05.
montr_ci.dll: DIF_REGISTER_COINSTALLERS
montr_ci.dll: Returning 0xe000020e for function 0x22 and device DISPLAY\DEFAULT_MONITOR\5&2DCF5EAB&0&12345678&06&05.
montr_ci.dll: DIF_INSTALLINTERFACES
montr_ci.dll: Returning 0xe000020e for function 0x20 and device DISPLAY\DEFAULT_MONITOR\5&2DCF5EAB&0&12345678&06&05.
montr_ci.dll: DIF_INSTALLDEVICE
montr_ci.dll: ============BEGIN OnInstallMonitorDevice============
montr_ci.dll: Retrieving driver details....
montr_ci.dll: ============END OnInstallMonitorDevice============
montr_ci.dll: Returning 0xe000020e for function 0x2 and device DISPLAY\DEFAULT_MONITOR\5&2DCF5EAB&0&12345678&06&05.
montr_ci.dll: DIF_NEWDEVICEWIZARD_FINISHINSTALL
montr_ci.dll: Returning 0xe000020e for function 0x1e and device DISPLAY\DEFAULT_MONITOR\5&2DCF5EAB&0&12345678&06&05.
montr_ci.dll: DIF_DESTROYPRIVATEDATA
montr_ci.dll: Returning 0xe000020e for function 0xc and device DISPLAY\DEFAULT_MONITOR\5&2DCF5EAB&0&12345678&06&05.
Input Install: Not a PS2 device.
Input Install: Not a PS2 device.
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0xe30001
dispci.dll: ============END DisplayClassInstaller==============
montr_ci.dll: MonitorClassInstaller: Unrecognized DIF request
montr_ci.dll: Returning 0xe000020e for function 0x6.
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0xc
dispci.dll: ============END DisplayClassInstaller==============
montr_ci.dll: DIF_DESTROYPRIVATEDATA
montr_ci.dll: Returning 0xe000020e for function 0xc.
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnSelectBestCompatDrv============
dispci.dll: ============END OnSelectBestCompatDrv==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0x17 and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&2E5A831D&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnDestroyPrivateData============
dispci.dll: ============END OnDestroyPrivateData==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0xc and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&2E5A831D&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnAllowInstall============
dispci.dll: DispCIIsDriverInstallAllowed: Driver package contains a feature score 0xfe
dispci.dll: ============END OnAllowInstall==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0x18 and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&2E5A831D&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnInstallDeviceFiles============
dispci.dll: ============END OnInstallDeviceFiles==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0x15 and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&2E5A831D&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x410015
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x410015
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DispCIIsDriverInstallAllowed: Driver package contains a feature score 0xfe
dispci.dll: ============BEGIN OnInstallDevice============
dispci.dll: DispCIIsDeviceCompatibleWithHighResolutionBoot: Found high resolution boot incomaptible hardware DispCIIsDeviceCompatibleWithHighResolutionBoot
dispci.dll: DispCISetServiceStartType: No change to the service start required
dispci.dll: ============END OnInstallDevice==============
dispci.dll: DisplayClassInstaller: Returning 0x00000000 for DIF 0x2 and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&2E5A831D&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x410015
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnDestroyPrivateData============
dispci.dll: ============END OnDestroyPrivateData==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0xc and device PCI\VEN_1002&DEV_515E&SUBSYS_01E61028&REV_02\4&2E5A831D&0&28F0
dispci.dll: ============END DisplayClassInstaller==============
montr_ci.dll: DIF_SELECTBESTCOMPATDRV
montr_ci.dll: Returning 0xe000020e for function 0x17 and device DISPLAY\DEFAULT_MONITOR\5&2FAB8E39&0&12345678&06&05.
montr_ci.dll: DIF_DESTROYPRIVATEDATA
montr_ci.dll: Returning 0xe000020e for function 0xc and device DISPLAY\DEFAULT_MONITOR\5&2FAB8E39&0&12345678&06&05.
montr_ci.dll: DIF_ALLOW_INSTALL
montr_ci.dll: Returning 0xe000020e for function 0x18 and device DISPLAY\DEFAULT_MONITOR\5&2FAB8E39&0&12345678&06&05.
montr_ci.dll: DIF_INSTALLDEVICEFILES
montr_ci.dll: Retrieving driver details....
montr_ci.dll: Returning 0xe000020e for function 0x15 and device DISPLAY\DEFAULT_MONITOR\5&2FAB8E39&0&12345678&06&05.
montr_ci.dll: DIF_REGISTER_COINSTALLERS
montr_ci.dll: Returning 0xe000020e for function 0x22 and device DISPLAY\DEFAULT_MONITOR\5&2FAB8E39&0&12345678&06&05.
montr_ci.dll: DIF_INSTALLINTERFACES
montr_ci.dll: Returning 0xe000020e for function 0x20 and device DISPLAY\DEFAULT_MONITOR\5&2FAB8E39&0&12345678&06&05.
montr_ci.dll: DIF_INSTALLDEVICE
montr_ci.dll: ============BEGIN OnInstallMonitorDevice============
montr_ci.dll: Retrieving driver details....
montr_ci.dll: ============END OnInstallMonitorDevice============
montr_ci.dll: Returning 0xe000020e for function 0x2 and device DISPLAY\DEFAULT_MONITOR\5&2FAB8E39&0&12345678&06&05.
montr_ci.dll: DIF_NEWDEVICEWIZARD_FINISHINSTALL
montr_ci.dll: Returning 0xe000020e for function 0x1e and device DISPLAY\DEFAULT_MONITOR\5&2FAB8E39&0&12345678&06&05.
montr_ci.dll: DIF_DESTROYPRIVATEDATA
montr_ci.dll: Returning 0xe000020e for function 0xc and device DISPLAY\DEFAULT_MONITOR\5&2FAB8E39&0&12345678&06&05.
Input Install: Not a PS2 device.
Input Install: Not a PS2 device.
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0xa
dispci.dll: ============END DisplayClassInstaller==============
montr_ci.dll: MonitorClassInstaller: Unrecognized DIF request
montr_ci.dll: Returning 0xe000020e for function 0x6.
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0xc
dispci.dll: ============END DisplayClassInstaller==============
montr_ci.dll: DIF_DESTROYPRIVATEDATA
montr_ci.dll: Returning 0xe000020e for function 0xc.
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
2014-12-01 07:28:23, Info CBS Starting TrustedInstaller initialization.
2014-12-01 07:28:23, Info CBS Loaded Servicing Stack v6.1.7601.17514 with Core: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\cbscore.dll
2014-12-01 07:28:23, Info CSI [email protected]/12/1:15:28:23.740 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fefa9de94d @0x7fefada9839 @0x7fefad734d3 @0xff6ae97c @0xff6ad799 @0xff6adb2f)
2014-12-01 07:28:23, Info CSI [email protected]/12/1:15:28:23.755 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fefa9de94d @0x7fefadf6806 @0x7fefadc2a9c @0x7fefad735a9 @0xff6ae97c @0xff6ad799)
2014-12-01 07:28:23, Info CBS SQM: Initializing online with Windows opt-in: False
2014-12-01 07:28:23, Info CBS SQM: Cleaning up report files older than 10 days.
2014-12-01 07:28:23, Info CBS SQM: Requesting upload of all unsent reports.
2014-12-01 07:28:23, Info CBS SQM: Failed to start upload with file pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2014-12-01 07:28:23, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-12-01 07:28:23, Info CBS SQM: Failed to start upload with file pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6 [HRESULT = 0x80004005 - E_FAIL]
2014-12-01 07:28:23, Info CBS SQM: Failed to start always sample upload. [HRESULT = 0x80004005 - E_FAIL]
2014-12-01 07:28:23, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2014-12-01 07:28:23, Info CSI [email protected]/12/1:15:28:23.786 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fefa9de94d @0x7fefa628728 @0x7fefa628856 @0xff6ae474 @0xff6ad7de @0xff6adb2f)
2014-12-01 07:28:23, Info CBS Ending TrustedInstaller initialization.
2014-12-01 07:28:23, Info CBS Starting the TrustedInstaller main loop.
2014-12-01 07:28:23, Info CBS TrustedInstaller service starts successfully.
2014-12-01 07:28:23, Info CBS Setup in progress, aborting startup processing checks.
2014-12-01 07:28:23, Info CBS Startup processing thread terminated normally
WdfCoInstaller: [12/01/2014 07:28.53.224] DIF_INSTALLDEVICE: Pre-Processing

WdfCoInstaller: [12/01/2014 07:28.53.239] ReadComponents: WdfSection for Driver Service iusb3hcs using KMDF lib version Major 0x1, minor 0x9

WdfCoInstaller: [12/01/2014 07:28.56.032] DIF_INSTALLDEVICE: Post-Processing

[12/01/2014 07:29.01.102] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]

[12/01/2014 07:29.01.117] WudfCoInstaller: Configuring UMDF Service WpdFs.

[12/01/2014 07:29.01.117] WudfCoInstaller: ImpersonationLevel set to 2

[12/01/2014 07:29.01.117] WudfCoInstaller: Using "Win7" service configuration

[12/01/2014 07:29.01.616] WudfCoInstaller: Service WudfSvc started successfully.

[12/01/2014 07:29.01.616] WudfCoInstaller: Final status: error(0) The operation completed successfully.

[12/01/2014 07:29.02.178] WudfCoInstaller: Created marker file C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf.

[12/01/2014 07:29.02.381] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]

[12/01/2014 07:29.02.396] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.

[12/01/2014 07:29.02.396] WudfCoInstaller: Configuring UMDF Service WpdFs.

[12/01/2014 07:29.02.396] WudfCoInstaller: ImpersonationLevel set to 2

[12/01/2014 07:29.02.396] WudfCoInstaller: Using "Win7" service configuration

[12/01/2014 07:29.02.786] WudfCoInstaller: Service WudfSvc is already running.

[12/01/2014 07:29.02.786] WudfCoInstaller: Final status: error(0) The operation completed successfully.

[12/01/2014 07:29.03.364] WudfCoInstaller: Created marker file C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf.

dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnSelectBestCompatDrv============
dispci.dll: ============END OnSelectBestCompatDrv==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0x17 and device PCI\VEN_8086&DEV_0A2E&SUBSYS_011A106B&REV_09\3&11583659&0&10
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnDestroyPrivateData============
dispci.dll: ============END OnDestroyPrivateData==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0xc and device PCI\VEN_8086&DEV_0A2E&SUBSYS_011A106B&REV_09\3&11583659&0&10
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnAllowInstall============
dispci.dll: DispCIIsDriverInstallAllowed: Driver package contains a feature score 0xe6
dispci.dll: ============END OnAllowInstall==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0x18 and device PCI\VEN_8086&DEV_0A2E&SUBSYS_011A106B&REV_09\3&11583659&0&10
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnInstallDeviceFiles============
dispci.dll: ============END OnInstallDeviceFiles==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0x15 and device PCI\VEN_8086&DEV_0A2E&SUBSYS_011A106B&REV_09\3&11583659&0&10
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x1c40017
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x1c40017
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DispCIIsDriverInstallAllowed: Driver package contains a feature score 0xe6
dispci.dll: ============BEGIN OnInstallDevice============
dispci.dll: DispCISetServiceStartType: No change to the service start required
dispci.dll: ============END OnInstallDevice==============
dispci.dll: DisplayClassInstaller: Returning 0x00000000 for DIF 0x2 and device PCI\VEN_8086&DEV_0A2E&SUBSYS_011A106B&REV_09\3&11583659&0&10
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x1b20017
dispci.dll: ============END DisplayClassInstaller==============
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: ============BEGIN OnDestroyPrivateData============
dispci.dll: ============END OnDestroyPrivateData==============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0xc and device PCI\VEN_8086&DEV_0A2E&SUBSYS_011A106B&REV_09\3&11583659&0&10
dispci.dll: ============END DisplayClassInstaller==============
AudMig: Applying saved Audio settings
AudMig: No migration information found, skipping migration 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: Applying saved Audio settings
AudMig: No migration information found, skipping migration 0x2
AudMig: Applying saved Audio settings
AudMig: No migration information found, skipping migration 0x2
AudMig: Applying saved Audio settings
AudMig: No migration information found, skipping migration 0x2
AudMig: Applying saved Audio settings
AudMig: No migration information found, skipping migration 0x2
AudMig: Applying saved Audio settings
AudMig: No migration information found, skipping migration 0x2
AudMig: Applying saved Audio settings
AudMig: No migration information found, skipping migration 0x2
montr_ci.dll: DIF_SELECTBESTCOMPATDRV
montr_ci.dll: Returning 0xe000020e for function 0x17 and device DISPLAY\APPA018\4&2D729D32&0&UID68092928.
montr_ci.dll: DIF_DESTROYPRIVATEDATA
montr_ci.dll: Returning 0xe000020e for function 0xc and device DISPLAY\APPA018\4&2D729D32&0&UID68092928.
montr_ci.dll: DIF_ALLOW_INSTALL
montr_ci.dll: Returning 0xe000020e for function 0x18 and device DISPLAY\APPA018\4&2D729D32&0&UID68092928.
montr_ci.dll: DIF_INSTALLDEVICEFILES
montr_ci.dll: Retrieving driver details....
montr_ci.dll: Returning 0xe000020e for function 0x15 and device DISPLAY\APPA018\4&2D729D32&0&UID68092928.
montr_ci.dll: DIF_REGISTER_COINSTALLERS
montr_ci.dll: Returning 0xe000020e for function 0x22 and device DISPLAY\APPA018\4&2D729D32&0&UID68092928.
montr_ci.dll: DIF_INSTALLINTERFACES
montr_ci.dll: Returning 0xe000020e for function 0x20 and device DISPLAY\APPA018\4&2D729D32&0&UID68092928.
montr_ci.dll: DIF_INSTALLDEVICE
montr_ci.dll: ============BEGIN OnInstallMonitorDevice============
montr_ci.dll: Retrieving driver details....
montr_ci.dll: ============END OnInstallMonitorDevice============
montr_ci.dll: Returning 0xe000020e for function 0x2 and device DISPLAY\APPA018\4&2D729D32&0&UID68092928.
montr_ci.dll: DIF_NEWDEVICEWIZARD_FINISHINSTALL
montr_ci.dll: Returning 0xe000020e for function 0x1e and device DISPLAY\APPA018\4&2D729D32&0&UID68092928.
montr_ci.dll: DIF_DESTROYPRIVATEDATA
montr_ci.dll: Returning 0xe000020e for function 0xc and device DISPLAY\APPA018\4&2D729D32&0&UID68092928.
WdfCoInstaller: [12/01/2014 07:30.00.709] DIF_INSTALLDEVICE: Pre-Processing

WdfCoInstaller: [12/01/2014 07:30.00.709] ReadComponents: WdfSection for Driver Service AppleBtBc using KMDF lib version Major 0x1, minor 0x5

BthMig: Applying saved Bluetooth settingsBthMig: System in setup 0BthMig: No migration information found, skipping migrationWdfCoInstaller: [12/01/2014 07:30.02.191] DIF_INSTALLDEVICE: Post-Processing

Input Install: Not a PS2 device.
Input Install: Not a PS2 device.
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Unrecognized DIF request 0x1d0035
dispci.dll: ============END DisplayClassInstaller==============
montr_ci.dll: MonitorClassInstaller: Unrecognized DIF request
montr_ci.dll: Returning 0xe000020e for function 0x6.
dispci.dll: ============BEGIN DisplayClassInstaller============
dispci.dll: DisplayClassInstaller: Returning 0xe000020e for DIF 0xc
dispci.dll: ============END DisplayClassInstaller==============
montr_ci.dll: DIF_DESTROYPRIVATEDATA
montr_ci.dll: Returning 0xe000020e for function 0xc.
2014-12-01 07:31:26, Info CBS Trusted Installer signaled for shutdown, going to exit.
2014-12-01 07:31:26, Info CBS Ending the TrustedInstaller main loop.
2014-12-01 07:31:26, Info CBS Starting TrustedInstaller finalization.
2014-12-01 07:31:26, Info CBS Failed to unload the COMPONENTS hive. [HRESULT = 0x80070057 - E_INVALIDARG]
2014-12-01 07:31:26, Info CBS Ending TrustedInstaller finalization.
AudMig: Applying saved Audio settings
AudMig: No migration information found, skipping migration 0x2
AudMig: No audio endpoint migration settings found 0x2
[12/01/2014 07:32.07.298] WudfCoInstaller: ReadWdfSection: Checking WdfSection [SensorsAlsDriver_Install.Wdf]

[12/01/2014 07:32.07.313] WudfCoInstaller: Configuring UMDF Service SensorsAlsDriver.

[12/01/2014 07:32.07.313] WudfCoInstaller: ImpersonationLevel set to 2

[12/01/2014 07:32.07.313] WudfCoInstaller: Using "Win7" service configuration

[12/01/2014 07:32.07.828] WudfCoInstaller: Service WudfSvc started successfully.

[12/01/2014 07:32.07.828] WudfCoInstaller: Final status: error(0) The operation completed successfully.

[12/01/2014 07:32.08.936] WudfCoInstaller: Created marker file C:\Windows\system32\drivers\Msft_User_SensorsAlsDriver_01_09_00.Wdf.

WdfCoInstaller: [12/01/2014 07:53.25.881] DIF_INSTALLDEVICE: Pre-Processing

WdfCoInstaller: [12/01/2014 07:53.25.897] ReadComponents: WdfSection for Driver Service KeyMagic using KMDF lib version Major 0x1, minor 0x5

WdfCoInstaller: [12/01/2014 07:53.28.487] DIF_INSTALLDEVICE: Post-Processing

WdfCoInstaller: [12/01/2014 07:54.21.948] DIF_INSTALLDEVICE: Pre-Processing

WdfCoInstaller: [12/01/2014 07:54.21.948] ReadComponents: WdfSection for Driver Service CirrusLFD using KMDF lib version Major 1, minor 11

WdfCoInstaller: [12/01/2014 07:54.21.948] ReadComponents: WdfSection for Driver Service CirrusUFD using KMDF lib version Major 1, minor 11

WdfCoInstaller: [12/01/2014 07:54.21.964] DIF_INSTALLDEVICE: Coinstaller version: 1.11.0

WdfCoInstaller: [12/01/2014 07:54.21.964] DIF_INSTALLDEVICE: KMDF in-memory version: 1.9.7600

WdfCoInstaller: [12/01/2014 07:54.21.964] DIF_INSTALLDEVICE: KMDF on-disk version: 1.9.7600

WdfCoInstaller: [12/01/2014 07:54.21.964] Service Wdf01000 is running

WdfCoInstaller: [12/01/2014 07:54.21.964] DIF_INSTALLDEVICE: Reboot is required, because the in-memory KMDF version is older than KmdfLibraryVersion for service CirrusLFD.

WdfCoInstaller: [12/01/2014 07:54.21.979] DIF_INSTALLDEVICE: Reboot is required, because the in-memory KMDF version is older than KmdfLibraryVersion for service CirrusUFD.

WdfCoInstaller: [12/01/2014 07:54.21.979] DIF_INSTALLDEVICE: Update is required, because the on-disk KMDF version is older than the coinstaller

WdfCoInstaller: [12/01/2014 07:54.21.995] Invoking "C:\Windows\system32\wusa.exe "C:\Windows\Temp\WdfTemp\Kmdf-1.11-Win-6.1.msu" /quiet /norestart".

WdfCoInstaller: [12/01/2014 07:54.31.027] The package was installed successfully: error(3010) The requested operation is successful. Changes will not be effective until the system is rebooted.
.

WdfCoInstaller: [12/01/2014 07:54.31.043] InstallComponents: KMDF installed successfully

WdfCoInstaller: [12/01/2014 07:54.31.043] InstallComponents: Reboot needed by windows update

AudMig: Applying saved Audio settings
AudMig: No migration information found, skipping migration 0x2
WdfCoInstaller: [12/01/2014 07:54.32.665] DIF_INSTALLDEVICE: Post-Processing

WdfCoInstaller: [12/01/2014 07:54.37.236] DIF_INSTALLDEVICE: Pre-Processing

WdfCoInstaller: [12/01/2014 07:54.37.236] ReadComponents: WdfSection for Driver Service applemtm using KMDF lib version Major 0x1, minor 0x5

WdfCoInstaller: [12/01/2014 07:54.39.763] DIF_INSTALLDEVICE: Post-Processing

WdfCoInstaller: [12/01/2014 07:54.40.980] DIF_INSTALLDEVICE: Pre-Processing

WdfCoInstaller: [12/01/2014 07:54.40.980] ReadComponents: WdfSection for Driver Service applemtp using KMDF lib version Major 0x1, minor 0x5

WdfCoInstaller: [12/01/2014 07:54.43.554] DIF_INSTALLDEVICE: Post-Processing

Input Install: Not a PS2 device.
WdfCoInstaller: [12/01/2014 07:55.32.210] DIF_INSTALLDEVICE: Pre-Processing

WdfCoInstaller: [12/01/2014 07:55.32.226] ReadComponents: WdfSection for Driver Service MEIx64 using KMDF lib version Major 1, minor 11

WdfCoInstaller: [12/01/2014 07:55.32.226] DIF_INSTALLDEVICE: Coinstaller version: 1.11.0

WdfCoInstaller: [12/01/2014 07:55.32.226] DIF_INSTALLDEVICE: KMDF in-memory version: 1.9.7600

WdfCoInstaller: [12/01/2014 07:55.32.226] DIF_INSTALLDEVICE: KMDF on-disk version: 1.9.7600

WdfCoInstaller: [12/01/2014 07:55.32.242] Service Wdf01000 is running

WdfCoInstaller: [12/01/2014 07:55.32.242] DIF_INSTALLDEVICE: Reboot is required, because the in-memory KMDF version is older than KmdfLibraryVersion for service MEIx64.

WdfCoInstaller: [12/01/2014 07:55.32.242] DIF_INSTALLDEVICE: Update is required, because the on-disk KMDF version is older than the coinstaller

WdfCoInstaller: [12/01/2014 07:55.32.242] Invoking "C:\Windows\system32\wusa.exe "C:\Windows\Temp\WdfTemp\Kmdf-1.11-Win-6.1.msu" /quiet /norestart".

WdfCoInstaller: [12/01/2014 07:55.32.788] The package was already installed in the system

WdfCoInstaller: [12/01/2014 07:55.32.803] InstallComponents: KMDF installed successfully

WdfCoInstaller: [12/01/2014 07:55.32.803] InstallComponents: Reboot needed by windows update

WdfCoInstaller: [12/01/2014 07:55.33.287] DIF_INSTALLDEVICE: Post-Processing

WdfCoInstaller: [12/01/2014 07:55.53.520] DIF_INSTALLDEVICE: Pre-Processing

WdfCoInstaller: [12/01/2014 07:55.53.536] ReadComponents: WdfSection for Driver Service iusb3hcs using KMDF lib version Major 0x1, minor 0x9

WdfCoInstaller: [12/01/2014 07:55.55.096] DIF_INSTALLDEVICE: Post-Processing

AudMig: Applying saved Audio settings
AudMig: No migration information found, skipping migration 0x2
WdfCoInstaller: [12/01/2014 07:56.56.388] DIF_INSTALLDEVICE: Pre-Processing

WdfCoInstaller: [12/01/2014 07:56.56.404] ReadComponents: WdfSection for Driver Service AppleSDR using KMDF lib version Major 0x1, minor 0x5

WdfCoInstaller: [12/01/2014 07:57.07.745] DIF_INSTALLDEVICE: Post-Processing

AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
[12/11/2014 10:09.45.546] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]

[12/11/2014 10:09.45.546] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.

[12/11/2014 10:09.45.546] WudfCoInstaller: Configuring UMDF Service WpdFs.

[12/11/2014 10:09.45.546] WudfCoInstaller: ImpersonationLevel set to 2

[12/11/2014 10:09.45.562] WudfCoInstaller: Using "Win7" service configuration

[12/11/2014 10:09.45.936] WudfCoInstaller: Service WudfSvc is already running.

[12/11/2014 10:09.45.936] WudfCoInstaller: Final status: error(0) The operation completed successfully.

[12/11/2014 10:09.46.389] WudfCoInstaller: Created marker file C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf.

WdfCoInstaller: [12/11/2014 02:10.30.630] DIF_INSTALLDEVICE: Pre-Processing

WdfCoInstaller: [12/11/2014 02:10.30.630] ReadComponents: WdfSection for Driver Service huawei_enumerator using KMDF lib version Major 0x1, minor 0x7

WdfCoInstaller: [12/11/2014 02:10.30.630] DIF_INSTALLDEVICE: Coinstaller version: 1.7.6001

WdfCoInstaller: [12/11/2014 02:10.30.645] DIF_INSTALLDEVICE: KMDF in-memory version: 1.11.0

WdfCoInstaller: [12/11/2014 02:10.30.645] DIF_INSTALLDEVICE: KMDF on-disk version: 1.11.0

WdfCoInstaller: [12/11/2014 02:10.30.645] Service Wdf01000 is running

WdfCoInstaller: [12/11/2014 02:10.30.645] DIF_INSTALLDEVICE: On-disk KMDF version is newer than or same as the version of the coinstaller. Update is not required

WdfCoInstaller: [12/11/2014 02:10.30.739] DIF_INSTALLDEVICE: Post-Processing

[12/11/2014 02:12.18.684] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]

[12/11/2014 02:12.18.699] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.

[12/11/2014 02:12.18.699] WudfCoInstaller: Configuring UMDF Service WpdFs.

[12/11/2014 02:12.18.699] WudfCoInstaller: ImpersonationLevel set to 2

[12/11/2014 02:12.18.699] WudfCoInstaller: Using "Win7" service configuration

[12/11/2014 02:12.19.089] WudfCoInstaller: Service WudfSvc is already running.

[12/11/2014 02:12.19.089] WudfCoInstaller: Final status: error(0) The operation completed successfully.

[12/11/2014 02:12.19.614] WudfCoInstaller: Created marker file C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf.

[12/11/2014 02:16.34.530] WudfCoInstaller: ReadWdfSection: Checking WdfSection [Basic_Install.Wdf]

[12/11/2014 02:16.34.536] WudfCoInstaller: UMDF Service WpdFs is already installed - removing existing settings in preparation for setting new ones.

[12/11/2014 02:16.34.539] WudfCoInstaller: Configuring UMDF Service WpdFs.

[12/11/2014 02:16.34.543] WudfCoInstaller: ImpersonationLevel set to 2

[12/11/2014 02:16.34.546] WudfCoInstaller: Using "Win7" service configuration

[12/11/2014 02:16.34.930] WudfCoInstaller: Service WudfSvc is already running.

[12/11/2014 02:16.34.933] WudfCoInstaller: Final status: error(0) The operation completed successfully.

[12/11/2014 02:16.35.371] WudfCoInstaller: Created marker file C:\Windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf.

AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
Input Install: Not a PS2 device.
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
WdfCoInstaller: [12/26/2014 15:48.08.963] DIF_INSTALLDEVICE: Pre-Processing

WdfCoInstaller: [12/26/2014 15:48.08.979] ReadComponents: WdfSection for Driver Service MEIx64 using KMDF lib version Major 1, minor 11

WdfCoInstaller: [12/26/2014 15:48.08.979] DIF_INSTALLDEVICE: Coinstaller version: 1.11.0

WdfCoInstaller: [12/26/2014 15:48.08.979] DIF_INSTALLDEVICE: KMDF in-memory version: 1.11.0

WdfCoInstaller: [12/26/2014 15:48.08.995] DIF_INSTALLDEVICE: KMDF on-disk version: 1.11.0

WdfCoInstaller: [12/26/2014 15:48.08.995] Service Wdf01000 is running

WdfCoInstaller: [12/26/2014 15:48.08.995] DIF_INSTALLDEVICE: Update is not required. The on-disk KMDF version is newer than or same as the version of the coinstaller

WdfCoInstaller: [12/26/2014 15:48.09.182] DIF_INSTALLDEVICE: Post-Processing

AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
Input Install: Not a PS2 device.
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2
AudMig: No audio endpoint migration settings found 0x2


----------



## JSntgRvr (Jul 1, 2003)

Re-scan with FRST and put a checkmark on Addition.txt. Post both reports.


----------



## kango88 (Feb 5, 2015)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by user (administrator) on USER-PC on 03-03-2015 23:24:12
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-02-07] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-02] (Intel Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2015-01-25] (Tonec Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-18] (Google Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990352-8160-11e4-8edf-6c4008aff89a} - E:\AutoRun.exe
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990377-8160-11e4-8edf-6c4008aff89b} - E:\AutoRun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{87B61F43-5860-47CC-A300-0B0A4B12CE14}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: LastPass - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: FireShot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-25]
FF Extension: EPUBReader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-18]
FF Extension: Easy App Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: MEGA EXTENSION - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Save My Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Media Stealer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Reader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-02-18]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2015-02-05]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPF84B958F-6C5F-431F-B5D3-7D8E0D53175F&SSPV="
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Downloads) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkhjekibcfjngomhbbifihellcaebcn [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (Download Manager (video and mp3)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapnjmgdanmelbcmjdjljogelnlfepcj [2015-02-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-05]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Honey) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-02-27]
CHR Extension: (RankRecon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chjdckfonfkdoeiobllnejjieicmjodh [2015-02-05]
CHR Extension: (OneTab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-02-05]
CHR Extension: (Webpage Screenshot) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2015-02-05]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (SEO I.Q.) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadlnlnlpkpchfljjcpkodcljofniggm [2015-02-05]
CHR Extension: (Tabs Backup & Restore) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dehocbglhkaogiljpihicakmlockmlgd [2015-02-05]
CHR Extension: (FB Pixel Helper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2015-02-05]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-05]
CHR Extension: (Share As Image Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhphfbdfbkokcfajipbmkcakmmepeb [2015-02-05]
CHR Extension: (SEO & Website Analysis) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2015-02-05]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-02-08]
CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-06]
CHR Extension: (Hangouts) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-02-07] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-14] (Panda Security, S.L.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [598528 2012-05-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppleCamera; C:\Windows\System32\DRIVERS\AppleCamera.sys [1793664 2013-12-05] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2013-09-07] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [39424 2013-09-07] (Apple Inc.)
R3 AppleSDR; C:\Windows\System32\DRIVERS\AppleSDR.sys [12800 2013-09-04] (Apple Inc.)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFD.sys [56720 2013-10-18] (Cirrus Logic Inc.)
R3 CirrusUFD; C:\Windows\System32\DRIVERS\CSUFD.sys [11928 2013-10-18] (Cirrus Logic Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-17] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-14] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-14] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-14] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 22:46 - 2014-03-25 21:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-03 10:41 - 2015-03-03 10:41 - 00002828 _____ () C:\Users\user\Desktop\RKreport_SCN_03032015_102832.log
2015-03-03 10:23 - 2015-03-03 10:23 - 00000856 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-03-03 10:23 - 2015-03-03 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-03-03 10:23 - 2015-03-03 10:23 - 00000000 ____D () C:\Program Files\RogueKiller
2015-03-03 01:10 - 2015-03-03 01:10 - 00000560 _____ () C:\Users\user\Desktop\Regfix_2.zip
2015-03-03 01:10 - 2015-03-02 12:53 - 00001210 _____ () C:\Users\user\Desktop\Regfix.reg
2015-03-02 00:45 - 2015-03-02 00:45 - 00000442 _____ () C:\Users\user\Desktop\SystemLook.txt
2015-02-26 21:01 - 2015-02-26 21:01 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-26 20:55 - 2015-02-26 20:55 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-26 20:55 - 2015-02-26 20:55 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-26 20:55 - 2015-02-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 20:54 - 2015-02-26 20:54 - 00243424 _____ () C:\Users\user\Downloads\Firefox Setup Stub 36.0.exe
2015-02-26 09:17 - 2015-02-26 09:17 - 580847600 _____ () C:\Windows\MEMORY.DMP
2015-02-26 09:17 - 2015-02-26 09:17 - 00279408 _____ () C:\Windows\Minidump\022615-4836-01.dmp
2015-02-26 09:17 - 2015-02-26 09:17 - 00000000 ____D () C:\Windows\Minidump
2015-02-26 09:15 - 2015-02-26 09:15 - 00025387 _____ () C:\Users\user\Desktop\gmer1.log
2015-02-26 09:09 - 2015-02-26 09:09 - 00380416 _____ () C:\Users\user\Desktop\g5hq7uwx.exe
2015-02-25 23:26 - 2015-01-09 07:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 23:26 - 2015-01-09 07:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 09:57 - 2015-02-24 09:57 - 23441742 _____ () C:\Users\user\Desktop\New 2015 ODFX Presentation.pptx
2015-02-24 09:46 - 2015-02-24 09:46 - 00002022 _____ () C:\Users\user\Desktop\aswMBR.txt
2015-02-24 09:46 - 2015-02-24 09:46 - 00000512 _____ () C:\Users\user\Desktop\MBR.dat
2015-02-24 09:41 - 2015-02-24 09:41 - 05200384 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2015-02-23 10:36 - 2015-02-23 10:36 - 00000406 _____ () C:\Users\user\Desktop\gmer.log
2015-02-23 10:22 - 2015-02-23 10:22 - 00056496 _____ (GMER) C:\pwldapoc.sys
2015-02-23 10:22 - 2015-02-23 10:22 - 00000000 ____D () C:\GMER
2015-02-20 10:12 - 2015-02-20 10:13 - 00001232 _____ () C:\Users\user\Desktop\Advice.txt
2015-02-20 10:05 - 2015-03-03 01:24 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-02-20 00:11 - 2015-02-20 00:11 - 00002480 _____ () C:\Users\user\Desktop\RKreport_SCN_02202015_001009.log
2015-02-20 00:01 - 2015-02-20 00:01 - 00003752 _____ () C:\Users\user\Desktop\RKreport_SCN_02202015_000103.log
2015-02-19 22:48 - 2015-02-23 10:28 - 00000000 ____D () C:\Users\user\Desktop\Fb Viral Blitz Formula
2015-02-19 22:20 - 2015-01-09 11:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-19 22:20 - 2015-01-09 11:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-19 22:20 - 2015-01-09 11:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-19 22:20 - 2015-01-09 10:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-19 22:12 - 2015-02-19 22:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\FireShot
2015-02-19 21:42 - 2015-03-03 10:26 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-19 21:42 - 2015-02-19 21:42 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-19 21:34 - 2015-03-03 23:24 - 00000000 ____D () C:\FRST
2015-02-18 22:12 - 2015-02-18 22:12 - 00000000 ____D () C:\Users\user\Desktop\Old Firefox Data
2015-02-18 22:08 - 2015-02-18 22:08 - 00000218 _____ () C:\Users\user\Desktop\Boot Camp About keyboards and key assignment for Microsoft Windows - Apple Support.URL
2015-02-18 22:07 - 2015-02-18 22:07 - 00000235 _____ () C:\Users\user\Desktop\The best of Oliver Emberton.URL
2015-02-18 22:07 - 2015-02-18 22:07 - 00000213 _____ () C:\Users\user\Desktop\Pricing Plans Call Loop.URL
2015-02-18 09:17 - 2015-02-18 09:17 - 00000709 _____ () C:\DelFix.txt
2015-02-18 09:17 - 2015-02-18 09:17 - 00000000 ____D () C:\Windows\ERUNT
2015-02-14 00:03 - 2015-02-14 00:03 - 00086565 _____ () C:\Users\user\Desktop\GWT links.rar
2015-02-14 00:01 - 2015-02-14 00:01 - 00276097 _____ () C:\Users\user\Desktop\GWT links (latest links).csv
2015-02-14 00:00 - 2015-02-14 00:00 - 00245662 _____ () C:\Users\user\Desktop\GWT links (sample).csv
2015-02-13 17:58 - 2015-03-03 23:23 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 17:58 - 2015-03-03 00:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 17:58 - 2015-02-21 12:04 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-13 17:58 - 2015-02-13 17:58 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-13 17:58 - 2015-02-13 17:58 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-13 17:58 - 2015-02-13 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-13 17:03 - 2015-02-13 23:42 - 00000406 _____ () C:\Users\user\Desktop\Article instructions.txt
2015-02-13 16:01 - 2015-02-13 16:01 - 00000053 _____ () C:\Users\user\Downloads\google732d6e0197cef43d.html
2015-02-13 15:53 - 2015-02-13 16:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2015-02-13 15:51 - 2015-02-13 15:51 - 00001078 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-02-13 15:29 - 2015-02-13 15:53 - 00000114 _____ () C:\Users\user\Desktop\Article Writing Service.txt
2015-02-13 11:11 - 2015-01-23 12:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 12:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 11:11 - 2015-01-23 11:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 11:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 23:45 - 2015-01-14 13:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 23:45 - 2015-01-14 13:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 23:45 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 23:45 - 2015-01-12 11:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 11:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 23:45 - 2015-01-12 10:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 10:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 23:45 - 2015-01-12 10:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 23:45 - 2015-01-12 10:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 10:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 23:45 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 23:45 - 2015-01-12 10:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 23:45 - 2015-01-12 10:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 10:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 09:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 23:45 - 2015-01-12 09:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 23:45 - 2015-01-12 09:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 23:45 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 09:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 23:45 - 2015-01-12 09:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 09:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 23:45 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 23:45 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 23:45 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 23:45 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 23:45 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 23:41 - 2015-01-14 14:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 14:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 23:41 - 2015-01-14 14:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 23:41 - 2015-01-14 14:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 23:40 - 2015-01-15 16:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 23:40 - 2015-01-15 16:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 23:40 - 2015-01-15 16:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 23:40 - 2015-01-15 16:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 23:40 - 2015-01-15 16:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 23:40 - 2015-01-15 16:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 23:40 - 2015-01-15 16:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 23:40 - 2015-01-15 16:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 23:40 - 2015-01-15 15:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 23:40 - 2015-01-15 15:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 23:40 - 2015-01-15 15:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 23:40 - 2015-01-15 15:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 23:40 - 2015-01-15 12:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 23:40 - 2015-01-13 11:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 23:40 - 2015-01-13 10:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 23:40 - 2014-12-12 13:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 23:40 - 2014-12-12 13:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 23:40 - 2014-07-07 10:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 23:40 - 2014-07-07 10:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 23:39 - 2015-01-09 10:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 23:38 - 2014-12-08 11:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 23:38 - 2014-12-08 10:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 23:38 - 2014-11-26 11:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 23:38 - 2014-11-26 11:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 23:58 - 2015-02-10 23:58 - 00000085 _____ () C:\Windows\wininit.ini
2015-02-06 12:46 - 2015-02-06 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-06 10:40 - 2015-02-17 23:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 10:39 - 2015-02-06 12:45 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 10:39 - 2015-02-06 10:39 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 10:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 09:45 - 2015-01-10 10:46 - 00000000 ____D () C:\Users\user\Desktop\LongTailPro
2015-02-06 09:44 - 2015-02-06 09:43 - 03265362 _____ () C:\Users\user\Desktop\Long Tail Pro Platinum 2.4.42 Updated.rar
2015-02-06 09:14 - 2015-02-06 09:15 - 35738846 _____ () C:\Users\user\Desktop\OMG Directors Cut Feb1.rar
2015-02-05 22:32 - 2015-02-05 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia
2015-02-05 22:31 - 2015-03-02 23:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 22:31 - 2015-02-05 22:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 22:31 - 2015-02-05 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 22:31 - 2015-02-05 22:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-05 19:15 - 2015-02-05 19:17 - 00000000 ____D () C:\Program Files (x86)\InterestArchitect
2015-02-05 19:15 - 2015-02-05 19:15 - 00002053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002041 _____ () C:\Users\Public\Desktop\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\Windows\Interst Architect
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interst Architect
2015-02-05 19:14 - 2015-02-05 19:14 - 00042150 _____ () C:\Users\user\Downloads\Interest Architect Patch.zip
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Panda Security
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-05 18:02 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150205-180212.backup
2015-02-05 17:58 - 2015-02-05 18:08 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-05 17:58 - 2015-02-05 17:58 - 01630952 _____ () C:\Users\user\Downloads\PANDAFREEAV.exe
2015-02-05 17:41 - 2015-02-05 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-05 17:40 - 2015-02-10 23:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-05 17:40 - 2015-02-10 23:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-05 17:38 - 2015-02-05 17:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
2015-02-05 17:28 - 2015-02-05 17:29 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-05 15:22 - 2015-02-05 15:22 - 00000215 _____ () C:\Users\user\Desktop\New Text Document.txt
2015-02-05 10:27 - 2015-02-05 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-12 00:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-05 10:25 - 2015-02-12 00:25 - 00002125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList
2015-02-05 10:01 - 2014-12-19 11:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-05 10:01 - 2014-12-19 09:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-05 10:01 - 2014-12-06 12:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-05 09:42 - 2015-02-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-05 09:39 - 2015-03-03 22:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache
2015-02-05 09:39 - 2015-03-02 00:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM
2015-02-05 09:39 - 2015-02-23 10:28 - 00000000 ____D () C:\Users\user\Downloads\Video
2015-02-05 09:39 - 2015-02-22 11:46 - 00000000 ____D () C:\Users\user\Downloads\Compressed
2015-02-05 09:39 - 2015-02-05 09:42 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00001021 _____ () C:\Users\user\Desktop\Internet Download Manager.lnk
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\IDM
2015-02-05 09:35 - 2015-02-05 09:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-05 09:31 - 2015-02-05 09:32 - 01977432 _____ () C:\Users\user\Downloads\winrar-x64-501.exe
2015-02-05 09:11 - 2015-02-28 12:00 - 00000468 _____ () C:\Windows\Tasks\InstallShield Update Task.job
2015-02-05 09:11 - 2015-02-05 09:11 - 00003202 _____ () C:\Windows\System32\Tasks\InstallShield Update Task
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-05 09:09 - 2015-02-05 09:09 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-02-05 09:08 - 2015-02-17 22:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-05 09:07 - 2015-02-17 22:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 __RHD () C:\MSOCache
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-05 09:06 - 2014-12-12 01:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 23:23 - 2014-12-16 14:40 - 00000000 ___RD () C:\Users\user\Dropbox
2015-03-03 23:23 - 2014-12-16 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2015-03-03 23:23 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-03 23:23 - 2009-07-14 12:51 - 00040031 _____ () C:\Windows\setupact.log
2015-03-03 22:50 - 2014-12-01 23:30 - 01742507 _____ () C:\Windows\WindowsUpdate.log
2015-03-03 22:50 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 22:50 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 10:23 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-26 20:56 - 2010-11-21 11:47 - 00020226 _____ () C:\Windows\PFRO.log
2015-02-20 00:03 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 14:57 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-13 17:58 - 2014-12-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-13 11:13 - 2014-12-16 14:40 - 00001021 _____ () C:\Users\user\Desktop\Dropbox.lnk
2015-02-13 11:13 - 2014-12-16 14:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 00:33 - 2009-07-14 12:45 - 00477768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 00:30 - 2014-12-01 23:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 00:26 - 2009-07-14 10:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-12 00:23 - 2014-12-26 14:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 00:21 - 2014-12-26 14:44 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 18:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-02-05 22:31 - 2014-12-29 17:18 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-02-05 18:08 - 2014-12-11 18:12 - 00111992 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-05 10:28 - 2014-12-26 14:53 - 00774004 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-05 09:50 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-05 09:08 - 2010-11-21 15:16 - 00000000 ____D () C:\Windows\ShellNew

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmk3nyh.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-07 18:51

==================== End Of Log ============================


----------



## kango88 (Feb 5, 2015)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by user at 2015-03-03 23:24:35
Running from C:\Users\user\Downloads\Programs
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Boot Camp Services (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.1.5640 - Apple Inc.)
Chrysanth Cheque Writer [Free] (HKLM-x32\...\627237A3-ACD1-4EC8-B382-2061531CE8E5_is1) (Version: 9.8 - Chrysanth Software Sdn. Bhd.)
Dropbox (HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Interst Architect (HKLM-x32\...\Interst Architect1.0.0.1) (Version: 1.0.0.1 - InnAnTech Industries Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.002.08.02.1014 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SMSCaster E-Marketer GSM Enterprise v3.6 (HKLM-x32\...\SMSCaster E-Marketer GSM Enterprise_is1) (Version: v3.6 (build 1071) - SDJ Software Limited)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Apple Inc. (AppleCamera) Image (11/21/2013 5.0.22.0) (HKLM\...\1FCF3C93707C46D648F0B00E216A55E96DEB5A17) (Version: 11/21/2013 5.0.22.0 - Apple Inc.)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0) (HKLM\...\ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA) (Version: 01/10/2014 5.0.8.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0) (HKLM\...\277F15E06E6EEB458048F41BCB8FB843B3241E95) (Version: 09/04/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1) (HKLM\...\D323E2C0C5E4948B07EE346CF62161281B0A8578) (Version: 07/22/2013 1.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple System Device (05/20/2013 5.0.2.0) (HKLM\...\1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC) (Version: 05/20/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows Driver Package - Broadcom (b57nd60a) Net (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows Driver Package - Broadcom (B57ports) Net (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net (12/13/2013 6.30.223.215) (HKLM\...\A5E73046BA905B7B0235AB40FA98A4E3AB96E00E) (Version: 12/13/2013 6.30.223.215 - Broadcom)
Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (02/19/2013 6.6001.1.40) (HKLM\...\969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7) (Version: 02/19/2013 6.6001.1.40 - Cirrus Logic, Inc.)
Windows Driver Package - Cirrus Logic, Inc. (CirrusLFD) MEDIA (10/03/2013 6.6001.3.13) (HKLM\...\9EBC96DD99F2C854D540FBF6A16A557BADDBC228) (Version: 10/03/2013 6.6001.3.13 - Cirrus Logic, Inc.)
Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows Driver Package - Intel System (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2059749266-3525964498-4138522283-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

18-02-2015 09:17:04 End of disinfection
19-02-2015 22:20:50 Windows Update
23-02-2015 10:16:28 Windows Update
25-02-2015 23:26:26 Windows Update
26-02-2015 21:07:22 F-Secure malware removal
01-03-2015 23:33:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2015-02-26 20:59 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00224C3E-5C4C-4B38-BA29-1CA7A4DEF9E3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {0D0A3FC9-90F6-445D-8928-9CD45CBCB592} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C9B52B7-755C-46E9-9A8D-1E6FE7A3D371} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {937004F1-A33E-4B22-952E-8A61E5B32E6E} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
Task: {B9E7E609-E093-4DCF-9E62-9FC05D6E6070} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BDD07F24-3E3E-4DE9-9DBA-25CCFCE278E7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D13F9FB6-0E65-4239-9921-6D789666F819} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {DF4160AB-8548-4341-972C-8C4932C487D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {F635D639-52F6-4812-8BD6-9232493EE6C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {F659F77E-C946-4B34-B66E-58A3A225A817} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\InstallShield Update Task.job => Wscript.exeM//nologo //E:jscript //B C:\Program Files (x86)\InstallShield\isupdate.ini

==================== Loaded Modules (whitelisted) ==============

2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-10 08:04 - 2014-10-03 17:36 - 00457616 _____ () C:\Windows\System32\igfxTray.exe
2014-02-07 04:36 - 2014-02-07 04:36 - 00226112 _____ () C:\Windows\system32\AppleOSSMgr.exe
2014-12-11 18:11 - 2011-12-23 18:03 - 00655712 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-12-11 18:11 - 2009-01-10 18:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-12-11 18:11 - 2009-06-23 02:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-12-11 18:11 - 2010-05-10 10:51 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-12-11 18:11 - 2010-02-10 22:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-12-11 18:11 - 2011-12-23 15:52 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-12-11 18:11 - 2010-02-10 22:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2013-04-13 01:23 - 2013-04-13 01:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00750080 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-03 23:23 - 2015-03-03 23:23 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmk3nyh.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00047616 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00865280 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00200704 _____ () C:\Users\user\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-21 12:04 - 2015-02-18 06:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-21 12:04 - 2015-02-18 06:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-21 12:04 - 2015-02-18 06:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\user\Downloads\DNC.csv:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-2059749266-3525964498-4138522283-500 - Administrator - Enabled)
Guest (S-1-5-21-2059749266-3525964498-4138522283-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2059749266-3525964498-4138522283-1002 - Limited - Enabled)
user (S-1-5-21-2059749266-3525964498-4138522283-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2015 11:23:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 10:46:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 10:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 10:03:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 11:31:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 11:26:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 11:23:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 10:26:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSANHost.exe, version: 4.0.0.782, time stamp: 0x543c156d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00053e3e
Faulting process id: 0xaa4
Faulting application start time: 0xPSANHost.exe0
Faulting application path: PSANHost.exe1
Faulting module path: PSANHost.exe2
Report Id: PSANHost.exe3

Error: (03/03/2015 10:18:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 01:25:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (03/03/2015 11:23:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (03/03/2015 11:23:32 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (03/03/2015 11:23:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053

Error: (03/03/2015 11:23:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (03/03/2015 10:46:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (03/03/2015 10:46:18 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (03/03/2015 10:46:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error: 
%%1053

Error: (03/03/2015 10:46:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (03/03/2015 10:40:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (03/03/2015 10:40:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Microsoft Office Sessions:
=========================
Error: (03/03/2015 11:23:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 10:46:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 10:40:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 10:03:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 11:31:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 11:26:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 11:23:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 10:26:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSANHost.exe4.0.0.782543c156dntdll.dll6.1.7601.18247521ea8e7c000000500053e3eaa401d055586267c9a6C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exeC:\Windows\SysWOW64\ntdll.dllb23952e9-c14c-11e4-97f2-6c4008aff89b

Error: (03/03/2015 10:18:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2015 01:25:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4278U CPU @ 2.60GHz
Percentage of memory in use: 20%
Total physical RAM: 8100.69 MB
Available physical RAM: 6401.95 MB
Total Pagefile: 16199.57 MB
Available Pagefile: 14317.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (BOOTCAMP) (Fixed) (Total:116.41 GB) (Free:66.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Macintosh HD) (Fixed) (Total:116.55 GB) (Free:83.15 GB) HFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233.8 GB) (Disk ID: B153E265)

Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=116.5 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=116.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## JSntgRvr (Jul 1, 2003)

You must remove one of the antivirus. It is either Panda or Microsoft Security Essentials. A s a general rule, only one antivirus must be active. That goes also to Firewalls.

Please download the latest version of TDSSKiller from *here* and save it to your *Desktop*.

Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters.*










Then click on *Change parameters* in TDSSKiller.

Another window will appear.

Check all boxes, except *Loaded Modules* then click OK.

Click the *Start Scan* button.

The scan should take no longer than 2 minutes.

If a *suspicious object* is detected, the default action will be *Skip*, click on *Continue*.

If *malicious objects* are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure *Cure* (default) is selected, then click *Continue* > *Reboot now to finish the cleaning process.*
*Note*: If *Cure* is not available, please choose *Skip* instead, do not choose *Delete* unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.


----------



## kango88 (Feb 5, 2015)

Attached is the file as too long to be posted here


----------



## kango88 (Feb 5, 2015)

uninstalled panda antivirus


----------



## JSntgRvr (Jul 1, 2003)

I will suspend all tasks in the background and apply the fix.

Download the enclosed file. Save it next to FRST. Open FRST and click on the Fix button and wait. The computer will restart.

The tool will produce a log, fixlog.txt, in the location FRST is saved. Please post it on a reply.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-04 11:03:23 Run:18
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
Task: {00224C3E-5C4C-4B38-BA29-1CA7A4DEF9E3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {0D0A3FC9-90F6-445D-8928-9CD45CBCB592} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6C9B52B7-755C-46E9-9A8D-1E6FE7A3D371} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {937004F1-A33E-4B22-952E-8A61E5B32E6E} - System32\Tasks\InstallShield Update Task => Wscript.exe //nologo //E:jscript //B "C:\Program Files (x86)\InstallShield\isupdate.ini"
Task: {B9E7E609-E093-4DCF-9E62-9FC05D6E6070} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BDD07F24-3E3E-4DE9-9DBA-25CCFCE278E7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D13F9FB6-0E65-4239-9921-6D789666F819} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {DF4160AB-8548-4341-972C-8C4932C487D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {F635D639-52F6-4812-8BD6-9232493EE6C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-13] (Google Inc.)
Task: {F659F77E-C946-4B34-B66E-58A3A225A817} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\InstallShield Update Task.job => Wscript.exeM//nologo //E:jscript //B C:\Program Files (x86)\InstallShield\isupdate.ini
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
Reg: Reg Add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "ProxySettingsPerUser" /t REG_DWORD /d 1 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
reboot:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00224C3E-5C4C-4B38-BA29-1CA7A4DEF9E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00224C3E-5C4C-4B38-BA29-1CA7A4DEF9E3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0D0A3FC9-90F6-445D-8928-9CD45CBCB592}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D0A3FC9-90F6-445D-8928-9CD45CBCB592}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C9B52B7-755C-46E9-9A8D-1E6FE7A3D371}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C9B52B7-755C-46E9-9A8D-1E6FE7A3D371}" => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{937004F1-A33E-4B22-952E-8A61E5B32E6E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{937004F1-A33E-4B22-952E-8A61E5B32E6E}" => Key deleted successfully.
C:\Windows\System32\Tasks\InstallShield Update Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\InstallShield Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9E7E609-E093-4DCF-9E62-9FC05D6E6070}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9E7E609-E093-4DCF-9E62-9FC05D6E6070}" => Key deleted successfully.
C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BDD07F24-3E3E-4DE9-9DBA-25CCFCE278E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDD07F24-3E3E-4DE9-9DBA-25CCFCE278E7}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D13F9FB6-0E65-4239-9921-6D789666F819}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D13F9FB6-0E65-4239-9921-6D789666F819}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF4160AB-8548-4341-972C-8C4932C487D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF4160AB-8548-4341-972C-8C4932C487D5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F635D639-52F6-4812-8BD6-9232493EE6C7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F635D639-52F6-4812-8BD6-9232493EE6C7}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F659F77E-C946-4B34-B66E-58A3A225A817}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F659F77E-C946-4B34-B66E-58A3A225A817}" => Key deleted successfully.
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\InstallShield Update Task.job => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

========= Reg Add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v "ProxySettingsPerUser" /t REG_DWORD /d 1 /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "SavedLegacySettings" /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

The operation completed successfully.

========= End of Reg: =========

The system needed a reboot.

==== End of Fixlog 11:03:24 ====


----------



## kango88 (Feb 5, 2015)

still not fixed


----------



## JSntgRvr (Jul 1, 2003)

I want to check the folders containing the applications, and see If I recognize these.

Download the enclosed file. Save it next to FRST. Open FRST and click on the Fix button and wait.

The tool will produce a log, fixlog.txt, in the location FRST is saved. Please post it on a reply.


----------



## JSntgRvr (Jul 1, 2003)

Got to get some ZZZZZZZ. Will see ya later.


----------



## kango88 (Feb 5, 2015)

Attached is the fixlog as is too large to post directly


----------



## kango88 (Feb 5, 2015)

No worries. Thanks for your help


----------



## JSntgRvr (Jul 1, 2003)

Lets change the process a little, running the fix as an administrator:

Please download the attached files and save it in the same directory as *FRST*.

Start *FRST* with Administrator privileges. (Right click on FRST and select "Run as administrator".
Press the *Fix* button.
When finished, a log file (*Fixlog.txt*) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

Test and let me know the outcome.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-05 10:02:27 Run:20
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Unlock: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Unlock: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies"
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Unlock: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings"
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Unlock: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings"
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
End




*****************

Unlock: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" => Error: No automatic fix found for this entry.

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========

The operation completed successfully.



========= End of Reg: =========

Unlock: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" => Error: No automatic fix found for this entry.

========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

The operation completed successfully.



========= End of Reg: =========

Unlock: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" => Error: No automatic fix found for this entry.

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.



========= End of Reg: =========

Unlock: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" => Error: No automatic fix found for this entry.

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog 10:02:28 ====


----------



## kango88 (Feb 5, 2015)

no change


----------



## JSntgRvr (Jul 1, 2003)

Start *FRST* with Administrator privileges. (Right click on FRST and select "Run as administrator".
Press the *Scan* button.
When finished, a log file (*FRST.txt*) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.


----------



## kango88 (Feb 5, 2015)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by user (administrator) on USER-PC on 05-03-2015 10:50:15
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-02-07] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-02] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2015-01-25] (Tonec Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-18] (Google Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990352-8160-11e4-8edf-6c4008aff89a} - E:\AutoRun.exe
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990377-8160-11e4-8edf-6c4008aff89b} - E:\AutoRun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{87B61F43-5860-47CC-A300-0B0A4B12CE14}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: LastPass - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: FireShot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-25]
FF Extension: EPUBReader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-18]
FF Extension: Easy App Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: MEGA EXTENSION - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Media Stealer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Reader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-02-18]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2015-02-05]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-02-07] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [598528 2012-05-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppleCamera; C:\Windows\System32\DRIVERS\AppleCamera.sys [1793664 2013-12-05] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2013-09-07] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [39424 2013-09-07] (Apple Inc.)
R3 AppleSDR; C:\Windows\System32\DRIVERS\AppleSDR.sys [12800 2013-09-04] (Apple Inc.)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFD.sys [56720 2013-10-18] (Cirrus Logic Inc.)
R3 CirrusUFD; C:\Windows\System32\DRIVERS\CSUFD.sys [11928 2013-10-18] (Cirrus Logic Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 10:07 - 2015-03-05 10:07 - 06211510 _____ () C:\Users\user\Downloads\idman623build3(1).exe
2015-03-05 10:05 - 2015-03-05 10:05 - 06211510 _____ () C:\Users\user\Downloads\idman623build3.exe
2015-03-04 23:14 - 2015-03-04 23:20 - 00000000 ____D () C:\Users\user\Desktop\indicatorsdoublecheck
2015-03-04 23:14 - 2015-03-04 23:14 - 00033680 _____ () C:\Users\user\Desktop\indicatorsdoublecheck.zip
2015-03-04 23:04 - 2015-03-04 23:05 - 00000017 _____ () C:\Users\user\Desktop\New Text Document (2).txt
2015-03-04 22:58 - 2015-03-04 22:58 - 00002050 _____ () C:\Users\Public\Desktop\NZ Financial MT4 Terminal.lnk
2015-03-04 22:58 - 2015-03-04 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NZ Financial MT4 Terminal
2015-03-04 22:58 - 2015-03-04 22:58 - 00000000 ____D () C:\Program Files (x86)\NZ Financial MT4 Terminal
2015-03-04 22:52 - 2015-03-04 22:52 - 04441216 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2015-03-04 22:52 - 2015-03-04 22:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\MetaQuotes
2015-03-04 22:52 - 2015-03-04 22:52 - 00000000 ____D () C:\ProgramData\MetaQuotes
2015-03-04 00:45 - 2015-03-04 00:45 - 00091000 _____ () C:\Users\user\Desktop\TDSSKiller.3.0.0.44log.zip
2015-03-03 10:41 - 2015-03-03 10:41 - 00002828 _____ () C:\Users\user\Desktop\RKreport_SCN_03032015_102832.log
2015-03-03 10:23 - 2015-03-03 10:23 - 00000856 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-03-03 10:23 - 2015-03-03 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-03-03 10:23 - 2015-03-03 10:23 - 00000000 ____D () C:\Program Files\RogueKiller
2015-03-02 00:45 - 2015-03-02 00:45 - 00000442 _____ () C:\Users\user\Desktop\SystemLook.txt
2015-02-26 21:01 - 2015-02-26 21:01 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-26 20:55 - 2015-02-26 20:55 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-26 20:55 - 2015-02-26 20:55 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-26 20:55 - 2015-02-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 20:54 - 2015-02-26 20:54 - 00243424 _____ () C:\Users\user\Downloads\Firefox Setup Stub 36.0.exe
2015-02-26 09:17 - 2015-02-26 09:17 - 580847600 _____ () C:\Windows\MEMORY.DMP
2015-02-26 09:17 - 2015-02-26 09:17 - 00279408 _____ () C:\Windows\Minidump\022615-4836-01.dmp
2015-02-26 09:17 - 2015-02-26 09:17 - 00000000 ____D () C:\Windows\Minidump
2015-02-26 09:15 - 2015-02-26 09:15 - 00025387 _____ () C:\Users\user\Desktop\gmer1.log
2015-02-26 09:09 - 2015-02-26 09:09 - 00380416 _____ () C:\Users\user\Desktop\g5hq7uwx.exe
2015-02-25 23:26 - 2015-01-09 07:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 23:26 - 2015-01-09 07:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 09:57 - 2015-02-24 09:57 - 23441742 _____ () C:\Users\user\Desktop\New 2015 ODFX Presentation.pptx
2015-02-24 09:46 - 2015-02-24 09:46 - 00002022 _____ () C:\Users\user\Desktop\aswMBR.txt
2015-02-24 09:46 - 2015-02-24 09:46 - 00000512 _____ () C:\Users\user\Desktop\MBR.dat
2015-02-24 09:41 - 2015-02-24 09:41 - 05200384 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2015-02-23 10:36 - 2015-02-23 10:36 - 00000406 _____ () C:\Users\user\Desktop\gmer.log
2015-02-23 10:22 - 2015-02-23 10:22 - 00056496 _____ (GMER) C:\pwldapoc.sys
2015-02-23 10:22 - 2015-02-23 10:22 - 00000000 ____D () C:\GMER
2015-02-20 10:12 - 2015-02-20 10:13 - 00001232 _____ () C:\Users\user\Desktop\Advice.txt
2015-02-20 10:05 - 2015-03-03 01:24 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-02-20 00:11 - 2015-02-20 00:11 - 00002480 _____ () C:\Users\user\Desktop\RKreport_SCN_02202015_001009.log
2015-02-20 00:01 - 2015-02-20 00:01 - 00003752 _____ () C:\Users\user\Desktop\RKreport_SCN_02202015_000103.log
2015-02-19 22:48 - 2015-02-23 10:28 - 00000000 ____D () C:\Users\user\Desktop\Fb Viral Blitz Formula
2015-02-19 22:20 - 2015-01-09 11:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-19 22:20 - 2015-01-09 11:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-19 22:20 - 2015-01-09 11:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-19 22:20 - 2015-01-09 10:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-19 22:12 - 2015-02-19 22:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\FireShot
2015-02-19 21:42 - 2015-03-03 10:26 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-19 21:42 - 2015-02-19 21:42 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-19 21:34 - 2015-03-05 10:50 - 00000000 ____D () C:\FRST
2015-02-18 22:12 - 2015-02-18 22:12 - 00000000 ____D () C:\Users\user\Desktop\Old Firefox Data
2015-02-18 22:08 - 2015-02-18 22:08 - 00000218 _____ () C:\Users\user\Desktop\Boot Camp About keyboards and key assignment for Microsoft Windows - Apple Support.URL
2015-02-18 22:07 - 2015-02-18 22:07 - 00000235 _____ () C:\Users\user\Desktop\The best of Oliver Emberton.URL
2015-02-18 22:07 - 2015-02-18 22:07 - 00000213 _____ () C:\Users\user\Desktop\Pricing Plans Call Loop.URL
2015-02-18 09:17 - 2015-02-18 09:17 - 00000709 _____ () C:\DelFix.txt
2015-02-18 09:17 - 2015-02-18 09:17 - 00000000 ____D () C:\Windows\ERUNT
2015-02-13 17:58 - 2015-02-21 12:04 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-13 17:58 - 2015-02-13 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-13 17:03 - 2015-02-13 23:42 - 00000406 _____ () C:\Users\user\Desktop\Article instructions.txt
2015-02-13 16:01 - 2015-02-13 16:01 - 00000053 _____ () C:\Users\user\Downloads\google732d6e0197cef43d.html
2015-02-13 15:53 - 2015-02-13 16:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2015-02-13 15:51 - 2015-02-13 15:51 - 00001078 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-02-13 15:29 - 2015-02-13 15:53 - 00000114 _____ () C:\Users\user\Desktop\Article Writing Service.txt
2015-02-13 11:11 - 2015-01-23 12:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 12:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 11:11 - 2015-01-23 11:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 11:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 23:45 - 2015-01-14 13:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 23:45 - 2015-01-14 13:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 23:45 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 23:45 - 2015-01-12 11:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 11:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 23:45 - 2015-01-12 10:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 10:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 23:45 - 2015-01-12 10:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 23:45 - 2015-01-12 10:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 10:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 23:45 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 23:45 - 2015-01-12 10:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 23:45 - 2015-01-12 10:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 10:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 09:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 23:45 - 2015-01-12 09:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 23:45 - 2015-01-12 09:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 23:45 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 09:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 23:45 - 2015-01-12 09:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 09:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 23:45 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 23:45 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 23:45 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 23:45 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 23:45 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 23:41 - 2015-01-14 14:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 14:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 23:41 - 2015-01-14 14:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 23:41 - 2015-01-14 14:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 23:40 - 2015-01-15 16:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 23:40 - 2015-01-15 16:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 23:40 - 2015-01-15 16:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 23:40 - 2015-01-15 16:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 23:40 - 2015-01-15 16:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 23:40 - 2015-01-15 16:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 23:40 - 2015-01-15 16:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 23:40 - 2015-01-15 16:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 23:40 - 2015-01-15 15:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 23:40 - 2015-01-15 15:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 23:40 - 2015-01-15 15:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 23:40 - 2015-01-15 15:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 23:40 - 2015-01-15 12:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 23:40 - 2015-01-13 11:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 23:40 - 2015-01-13 10:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 23:40 - 2014-12-12 13:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 23:40 - 2014-12-12 13:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 23:40 - 2014-07-07 10:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 23:40 - 2014-07-07 10:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 23:39 - 2015-01-09 10:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 23:38 - 2014-12-08 11:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 23:38 - 2014-12-08 10:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 23:38 - 2014-11-26 11:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 23:38 - 2014-11-26 11:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 23:58 - 2015-02-10 23:58 - 00000085 _____ () C:\Windows\wininit.ini
2015-02-06 12:46 - 2015-02-06 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-06 10:40 - 2015-02-17 23:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 10:39 - 2015-02-06 12:45 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 10:39 - 2015-02-06 10:39 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 10:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 09:45 - 2015-01-10 10:46 - 00000000 ____D () C:\Users\user\Desktop\LongTailPro
2015-02-06 09:44 - 2015-02-06 09:43 - 03265362 _____ () C:\Users\user\Desktop\Long Tail Pro Platinum 2.4.42 Updated.rar
2015-02-06 09:14 - 2015-02-06 09:15 - 35738846 _____ () C:\Users\user\Desktop\OMG Directors Cut Feb1.rar
2015-02-05 22:32 - 2015-02-05 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia
2015-02-05 22:31 - 2015-02-05 22:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 22:31 - 2015-02-05 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-05 19:15 - 2015-02-05 19:17 - 00000000 ____D () C:\Program Files (x86)\InterestArchitect
2015-02-05 19:15 - 2015-02-05 19:15 - 00002053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002041 _____ () C:\Users\Public\Desktop\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\Windows\Interst Architect
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interst Architect
2015-02-05 19:14 - 2015-02-05 19:14 - 00042150 _____ () C:\Users\user\Downloads\Interest Architect Patch.zip
2015-02-05 18:08 - 2015-03-04 00:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-05 18:08 - 2015-02-05 18:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Panda Security
2015-02-05 18:02 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150205-180212.backup
2015-02-05 17:58 - 2015-03-04 00:39 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-05 17:58 - 2015-02-05 17:58 - 01630952 _____ () C:\Users\user\Downloads\PANDAFREEAV.exe
2015-02-05 17:41 - 2015-02-05 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-05 17:40 - 2015-02-10 23:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-05 17:40 - 2015-02-10 23:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-05 17:38 - 2015-02-05 17:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
2015-02-05 17:28 - 2015-02-05 17:29 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-05 15:22 - 2015-02-05 15:22 - 00000215 _____ () C:\Users\user\Desktop\New Text Document.txt
2015-02-05 10:27 - 2015-02-05 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-12 00:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-05 10:25 - 2015-02-12 00:25 - 00002125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList
2015-02-05 10:01 - 2014-12-19 11:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-05 10:01 - 2014-12-19 09:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-05 10:01 - 2014-12-06 12:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-05 09:42 - 2015-02-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-05 09:39 - 2015-03-05 10:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache
2015-02-05 09:39 - 2015-03-02 00:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM
2015-02-05 09:39 - 2015-02-23 10:28 - 00000000 ____D () C:\Users\user\Downloads\Video
2015-02-05 09:39 - 2015-02-22 11:46 - 00000000 ____D () C:\Users\user\Downloads\Compressed
2015-02-05 09:39 - 2015-02-05 09:42 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00001021 _____ () C:\Users\user\Desktop\Internet Download Manager.lnk
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\IDM
2015-02-05 09:35 - 2015-02-05 09:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-05 09:31 - 2015-02-05 09:32 - 01977432 _____ () C:\Users\user\Downloads\winrar-x64-501.exe
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-05 09:09 - 2015-03-04 17:12 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-02-05 09:08 - 2015-02-17 22:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-05 09:07 - 2015-02-17 22:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 __RHD () C:\MSOCache
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-05 09:06 - 2014-12-12 01:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 10:49 - 2014-12-16 14:40 - 00000000 ___RD () C:\Users\user\Dropbox
2015-03-05 10:49 - 2014-12-16 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2015-03-05 10:48 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 10:48 - 2009-07-14 12:51 - 00040535 _____ () C:\Windows\setupact.log
2015-03-05 10:19 - 2014-12-01 23:30 - 01829623 _____ () C:\Windows\WindowsUpdate.log
2015-03-05 10:06 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-05 10:06 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-05 10:04 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-04 11:03 - 2014-12-01 23:53 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-03-04 00:40 - 2014-12-11 18:12 - 00111520 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 00:40 - 2009-07-14 12:45 - 00433064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-04 00:39 - 2010-11-21 11:47 - 00021014 _____ () C:\Windows\PFRO.log
2015-03-03 21:17 - 2010-11-21 11:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-20 00:03 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 14:57 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-13 17:58 - 2014-12-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-13 11:13 - 2014-12-16 14:40 - 00001021 _____ () C:\Users\user\Desktop\Dropbox.lnk
2015-02-13 11:13 - 2014-12-16 14:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 00:30 - 2014-12-01 23:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 00:26 - 2009-07-14 10:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-12 00:23 - 2014-12-26 14:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 00:21 - 2014-12-26 14:44 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 18:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-02-05 22:31 - 2014-12-29 17:18 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-02-05 10:28 - 2014-12-26 14:53 - 00774004 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-05 09:50 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-05 09:08 - 2010-11-21 15:16 - 00000000 ____D () C:\Windows\ShellNew

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpamlozg.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-04 00:08

==================== End Of Log ============================


----------



## JSntgRvr (Jul 1, 2003)

Lets try this:

Please download the attached files and save it in the same directory as *FRST*.

Start *FRST* with Administrator privileges. (Right click on FRST and select "Run as administrator".
Press the *Fix* button.
When finished, a log file (*Fixlog.txt*) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

Test and let me know the outcome.

If the problem persist, how long do you have this problem?


----------



## kango88 (Feb 5, 2015)

Hi, i cannot even go into the internet with my browsers now.
IE is showing proxy server is refusing connections
Chrome is showing unable to connect to proxy server
Firefox is showing the proxy server us refusing connections


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-05 11:36:44 Run:21
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
DisableService: Mobile Partner. RunOuc
DisableService: isupdate.exe
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
EmptyTemp:
Reboot:
End




*****************

Processes closed successfully.
Mobile Partner. RunOuc service was disabled
isupdate.exe service was disabled

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => Removed 291.9 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 11:36:50 ====


----------



## kango88 (Feb 5, 2015)

I'm using the first comp you help me fixed previously to post this report.
In addition, my first comp is also facing the same IE and Chrome proxy issue and go to the internet. Only my firefox on my first comp is working


----------



## JSntgRvr (Jul 1, 2003)

Open an administrator command prompt. At the prompt type the following and press Enter:

*SC config "Mobile Partner. RunOuc" Start= auto
SC config isupdate.exe Start= auto*

Start the computer and let me know the outcome.


----------



## JSntgRvr (Jul 1, 2003)

How long are you having this issue?


----------



## kango88 (Feb 5, 2015)

you mean for the computer you solved earlier but having this issue now or the current computer you solving?


----------



## kango88 (Feb 5, 2015)

after restarting the current comp (windows running on mac), was able to connect back to the internet but the old search engine issues with bing and yahoo being blocked and having a corrupted google still exist.

Can i use the above cmd prompt for the first computer you fixed but having the proxy issues now?


----------



## kango88 (Feb 5, 2015)

Hi, can you help me take a quick look at the previous comp you helped fixed but currently have some issues with accessing the internet with IE and Chrome with the proxy connection issue?

I've attached the latest FRST Scan for you here. Thanks


----------



## JSntgRvr (Jul 1, 2003)

On the Windows 8 computer, lets try this:

Please download the attached file and save it in the same directory as *FRST*.

Start *FRST* with Administrator privileges. (Right click on FRST and select "Run as administrator".
Press the *Fix* button.
When finished, a log file (*Fixlog.txt*) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

Test before restarting and after restarting, and let me know the outcome.


----------



## JSntgRvr (Jul 1, 2003)

Re-SCan the computer with Windows 7 with FRST and post its report.


----------



## kango88 (Feb 5, 2015)

hi, i cannot see the attached *Fixlog.txt
*


----------



## kango88 (Feb 5, 2015)

For *Windows 7*

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by user (administrator) on USER-PC on 05-03-2015 21:55:50
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(InstallShield®) C:\Program Files (x86)\InstallShield\isupdate.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-02-07] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-02] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2015-01-25] (Tonec Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Run: [GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-18] (Google Inc.)
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990352-8160-11e4-8edf-6c4008aff89a} - E:\AutoRun.exe
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\MountPoints2: {c8990377-8160-11e4-8edf-6c4008aff89b} - E:\AutoRun.exe
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{87B61F43-5860-47CC-A300-0B0A4B12CE14}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: LastPass - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: FireShot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-02-25]
FF Extension: EPUBReader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-18]
FF Extension: Easy App Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: MEGA EXTENSION - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Media Stealer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\[email protected] [2015-02-18]
FF Extension: Reader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r9eqdb50.default-1424268744539\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2015-02-18]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\user\AppData\Roaming\IDM\idmmzcc5 [2015-02-05]
FF HKU\S-1-5-21-2059749266-3525964498-4138522283-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\user\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-05]
CHR Extension: (IDM Integration Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-03-05]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-02-07] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [43008 2015-01-22] (InstallShield®) [File not signed]
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [598528 2012-05-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppleCamera; C:\Windows\System32\DRIVERS\AppleCamera.sys [1793664 2013-12-05] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2013-09-07] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [39424 2013-09-07] (Apple Inc.)
R3 AppleSDR; C:\Windows\System32\DRIVERS\AppleSDR.sys [12800 2013-09-04] (Apple Inc.)
R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFD.sys [56720 2013-10-18] (Cirrus Logic Inc.)
R3 CirrusUFD; C:\Windows\System32\DRIVERS\CSUFD.sys [11928 2013-10-18] (Cirrus Logic Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2011-11-24] (CACE Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 10:07 - 2015-03-05 10:07 - 06211510 _____ () C:\Users\user\Downloads\idman623build3(1).exe
2015-03-05 10:05 - 2015-03-05 10:05 - 06211510 _____ () C:\Users\user\Downloads\idman623build3.exe
2015-03-04 23:14 - 2015-03-04 23:20 - 00000000 ____D () C:\Users\user\Desktop\indicatorsdoublecheck
2015-03-04 23:14 - 2015-03-04 23:14 - 00033680 _____ () C:\Users\user\Desktop\indicatorsdoublecheck.zip
2015-03-04 23:04 - 2015-03-04 23:05 - 00000017 _____ () C:\Users\user\Desktop\New Text Document (2).txt
2015-03-04 22:58 - 2015-03-04 22:58 - 00002050 _____ () C:\Users\Public\Desktop\NZ Financial MT4 Terminal.lnk
2015-03-04 22:58 - 2015-03-04 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NZ Financial MT4 Terminal
2015-03-04 22:58 - 2015-03-04 22:58 - 00000000 ____D () C:\Program Files (x86)\NZ Financial MT4 Terminal
2015-03-04 22:52 - 2015-03-04 22:52 - 04441216 _____ (MetaQuotes Software Corp.) C:\Windows\system32\MetaViewer64.dll
2015-03-04 22:52 - 2015-03-04 22:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\MetaQuotes
2015-03-04 22:52 - 2015-03-04 22:52 - 00000000 ____D () C:\ProgramData\MetaQuotes
2015-03-04 00:45 - 2015-03-04 00:45 - 00091000 _____ () C:\Users\user\Desktop\TDSSKiller.3.0.0.44log.zip
2015-03-03 10:41 - 2015-03-03 10:41 - 00002828 _____ () C:\Users\user\Desktop\RKreport_SCN_03032015_102832.log
2015-03-03 10:23 - 2015-03-03 10:23 - 00000856 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-03-03 10:23 - 2015-03-03 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-03-03 10:23 - 2015-03-03 10:23 - 00000000 ____D () C:\Program Files\RogueKiller
2015-03-02 00:45 - 2015-03-02 00:45 - 00000442 _____ () C:\Users\user\Desktop\SystemLook.txt
2015-02-26 21:01 - 2015-02-26 21:01 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-26 20:55 - 2015-02-26 20:55 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-26 20:55 - 2015-02-26 20:55 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-26 20:55 - 2015-02-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 20:54 - 2015-02-26 20:54 - 00243424 _____ () C:\Users\user\Downloads\Firefox Setup Stub 36.0.exe
2015-02-26 09:17 - 2015-02-26 09:17 - 580847600 _____ () C:\Windows\MEMORY.DMP
2015-02-26 09:17 - 2015-02-26 09:17 - 00279408 _____ () C:\Windows\Minidump\022615-4836-01.dmp
2015-02-26 09:17 - 2015-02-26 09:17 - 00000000 ____D () C:\Windows\Minidump
2015-02-26 09:15 - 2015-02-26 09:15 - 00025387 _____ () C:\Users\user\Desktop\gmer1.log
2015-02-26 09:09 - 2015-02-26 09:09 - 00380416 _____ () C:\Users\user\Desktop\g5hq7uwx.exe
2015-02-25 23:26 - 2015-01-09 07:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 23:26 - 2015-01-09 07:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 09:57 - 2015-02-24 09:57 - 23441742 _____ () C:\Users\user\Desktop\New 2015 ODFX Presentation.pptx
2015-02-24 09:46 - 2015-02-24 09:46 - 00002022 _____ () C:\Users\user\Desktop\aswMBR.txt
2015-02-24 09:46 - 2015-02-24 09:46 - 00000512 _____ () C:\Users\user\Desktop\MBR.dat
2015-02-24 09:41 - 2015-02-24 09:41 - 05200384 _____ (AVAST Software) C:\Users\user\Desktop\aswmbr.exe
2015-02-23 10:36 - 2015-02-23 10:36 - 00000406 _____ () C:\Users\user\Desktop\gmer.log
2015-02-23 10:22 - 2015-02-23 10:22 - 00056496 _____ (GMER) C:\pwldapoc.sys
2015-02-23 10:22 - 2015-02-23 10:22 - 00000000 ____D () C:\GMER
2015-02-20 10:12 - 2015-02-20 10:13 - 00001232 _____ () C:\Users\user\Desktop\Advice.txt
2015-02-20 10:05 - 2015-03-03 01:24 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-02-20 00:11 - 2015-02-20 00:11 - 00002480 _____ () C:\Users\user\Desktop\RKreport_SCN_02202015_001009.log
2015-02-20 00:01 - 2015-02-20 00:01 - 00003752 _____ () C:\Users\user\Desktop\RKreport_SCN_02202015_000103.log
2015-02-19 22:48 - 2015-02-23 10:28 - 00000000 ____D () C:\Users\user\Desktop\Fb Viral Blitz Formula
2015-02-19 22:20 - 2015-01-09 11:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-19 22:20 - 2015-01-09 11:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-19 22:20 - 2015-01-09 11:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-19 22:20 - 2015-01-09 10:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-19 22:12 - 2015-02-19 22:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\FireShot
2015-02-19 21:42 - 2015-03-03 10:26 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-19 21:42 - 2015-02-19 21:42 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-19 21:34 - 2015-03-05 21:55 - 00000000 ____D () C:\FRST
2015-02-18 22:12 - 2015-02-18 22:12 - 00000000 ____D () C:\Users\user\Desktop\Old Firefox Data
2015-02-18 22:08 - 2015-02-18 22:08 - 00000218 _____ () C:\Users\user\Desktop\Boot Camp About keyboards and key assignment for Microsoft Windows - Apple Support.URL
2015-02-18 22:07 - 2015-02-18 22:07 - 00000235 _____ () C:\Users\user\Desktop\The best of Oliver Emberton.URL
2015-02-18 22:07 - 2015-02-18 22:07 - 00000213 _____ () C:\Users\user\Desktop\Pricing Plans Call Loop.URL
2015-02-18 09:17 - 2015-02-18 09:17 - 00000709 _____ () C:\DelFix.txt
2015-02-18 09:17 - 2015-02-18 09:17 - 00000000 ____D () C:\Windows\ERUNT
2015-02-13 17:58 - 2015-02-21 12:04 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-13 17:58 - 2015-02-13 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-13 17:03 - 2015-02-13 23:42 - 00000406 _____ () C:\Users\user\Desktop\Article instructions.txt
2015-02-13 16:01 - 2015-02-13 16:01 - 00000053 _____ () C:\Users\user\Downloads\google732d6e0197cef43d.html
2015-02-13 15:53 - 2015-02-13 16:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2015-02-13 15:51 - 2015-02-13 15:51 - 00001078 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-02-13 15:51 - 2015-02-13 15:51 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-02-13 15:29 - 2015-02-13 15:53 - 00000114 _____ () C:\Users\user\Desktop\Article Writing Service.txt
2015-02-13 11:11 - 2015-01-23 12:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 12:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 11:11 - 2015-01-23 11:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 11:11 - 2015-01-23 11:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 23:45 - 2015-01-14 13:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 23:45 - 2015-01-14 13:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 23:45 - 2015-01-12 11:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 23:45 - 2015-01-12 11:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 11:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 23:45 - 2015-01-12 10:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 10:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 23:45 - 2015-01-12 10:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 23:45 - 2015-01-12 10:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 10:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 23:45 - 2015-01-12 10:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 23:45 - 2015-01-12 10:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 23:45 - 2015-01-12 10:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 23:45 - 2015-01-12 10:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 10:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 23:45 - 2015-01-12 10:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 23:45 - 2015-01-12 10:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 23:45 - 2015-01-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 23:45 - 2015-01-12 10:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 10:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 23:45 - 2015-01-12 10:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 23:45 - 2015-01-12 09:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 23:45 - 2015-01-12 09:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 23:45 - 2015-01-12 09:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 23:45 - 2015-01-12 09:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 23:45 - 2015-01-12 09:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 23:45 - 2015-01-12 09:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 23:45 - 2015-01-12 09:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 23:45 - 2015-01-12 09:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 23:45 - 2015-01-12 09:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 23:45 - 2015-01-12 09:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 23:45 - 2015-01-12 09:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 23:45 - 2015-01-12 09:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 23:45 - 2015-01-12 09:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 23:45 - 2015-01-12 09:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 23:45 - 2015-01-12 09:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 23:45 - 2015-01-12 09:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 23:45 - 2015-01-12 08:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 23:45 - 2015-01-12 08:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 23:42 - 2015-01-10 14:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 23:41 - 2015-01-14 14:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 14:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 23:41 - 2015-01-14 14:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 23:41 - 2015-01-14 14:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 23:41 - 2015-01-14 13:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 23:41 - 2015-01-14 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 23:41 - 2015-01-10 14:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 23:40 - 2015-01-15 16:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 23:40 - 2015-01-15 16:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 23:40 - 2015-01-15 16:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 23:40 - 2015-01-15 16:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 23:40 - 2015-01-15 16:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 23:40 - 2015-01-15 16:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 23:40 - 2015-01-15 16:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 23:40 - 2015-01-15 16:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 23:40 - 2015-01-15 16:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 23:40 - 2015-01-15 15:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 23:40 - 2015-01-15 15:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 23:40 - 2015-01-15 15:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 23:40 - 2015-01-15 15:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 23:40 - 2015-01-15 15:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 23:40 - 2015-01-15 12:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 23:40 - 2015-01-13 11:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 23:40 - 2015-01-13 10:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 23:40 - 2014-12-12 13:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 23:40 - 2014-12-12 13:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 23:40 - 2014-07-07 10:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 23:40 - 2014-07-07 10:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 23:40 - 2014-07-07 09:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 23:39 - 2015-01-09 10:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 23:38 - 2014-12-08 11:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 23:38 - 2014-12-08 10:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 23:38 - 2014-11-26 11:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 23:38 - 2014-11-26 11:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 23:58 - 2015-02-10 23:58 - 00000085 _____ () C:\Windows\wininit.ini
2015-02-06 12:46 - 2015-02-06 12:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-06 10:40 - 2015-02-17 23:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 10:39 - 2015-02-06 12:45 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 10:39 - 2015-02-06 10:39 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 10:39 - 2015-02-06 10:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 10:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 10:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 09:45 - 2015-01-10 10:46 - 00000000 ____D () C:\Users\user\Desktop\LongTailPro
2015-02-06 09:44 - 2015-02-06 09:43 - 03265362 _____ () C:\Users\user\Desktop\Long Tail Pro Platinum 2.4.42 Updated.rar
2015-02-06 09:14 - 2015-02-06 09:15 - 35738846 _____ () C:\Users\user\Desktop\OMG Directors Cut Feb1.rar
2015-02-05 22:32 - 2015-02-05 22:32 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia
2015-02-05 22:31 - 2015-02-05 22:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 22:31 - 2015-02-05 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-05 22:31 - 2015-02-05 22:31 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-05 19:15 - 2015-02-05 19:17 - 00000000 ____D () C:\Program Files (x86)\InterestArchitect
2015-02-05 19:15 - 2015-02-05 19:15 - 00002053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00002041 _____ () C:\Users\Public\Desktop\Interest Architect.lnk
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\Windows\Interst Architect
2015-02-05 19:15 - 2015-02-05 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Interst Architect
2015-02-05 19:14 - 2015-02-05 19:14 - 00042150 _____ () C:\Users\user\Downloads\Interest Architect Patch.zip
2015-02-05 18:08 - 2015-03-04 00:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-05 18:08 - 2015-03-04 00:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\Panda Security
2015-02-05 18:02 - 2009-06-11 05:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150205-180212.backup
2015-02-05 17:58 - 2015-03-04 00:39 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-05 17:58 - 2015-02-05 17:58 - 01630952 _____ () C:\Users\user\Downloads\PANDAFREEAV.exe
2015-02-05 17:41 - 2015-02-05 17:41 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-05 17:40 - 2015-02-10 23:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-05 17:40 - 2015-02-10 23:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-05 17:38 - 2015-02-05 17:39 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.4.exe
2015-02-05 17:28 - 2015-02-05 17:29 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2015-02-05 17:23 - 2015-02-05 17:23 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-05 15:22 - 2015-02-05 15:22 - 00000215 _____ () C:\Users\user\Desktop\New Text Document.txt
2015-02-05 10:27 - 2015-02-05 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-12 00:25 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-05 10:26 - 2015-02-05 10:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-05 10:25 - 2015-02-12 00:25 - 00002125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-05 10:25 - 2015-02-12 00:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList
2015-02-05 10:08 - 2015-02-05 10:08 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList
2015-02-05 10:01 - 2014-12-19 11:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-05 10:01 - 2014-12-19 09:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-05 10:01 - 2014-12-06 12:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-05 10:01 - 2014-12-06 11:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-05 09:42 - 2015-02-26 20:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-02-05 09:42 - 2015-02-05 09:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-02-05 09:39 - 2015-03-05 12:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\DMCache
2015-02-05 09:39 - 2015-03-02 00:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\IDM
2015-02-05 09:39 - 2015-02-23 10:28 - 00000000 ____D () C:\Users\user\Downloads\Video
2015-02-05 09:39 - 2015-02-22 11:46 - 00000000 ____D () C:\Users\user\Downloads\Compressed
2015-02-05 09:39 - 2015-02-05 09:42 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00001021 _____ () C:\Users\user\Desktop\Internet Download Manager.lnk
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-05 09:39 - 2015-02-05 09:39 - 00000000 ____D () C:\ProgramData\IDM
2015-02-05 09:35 - 2015-02-05 09:38 - 00000000 ____D () C:\Users\user\AppData\Roaming\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-05 09:35 - 2015-02-05 09:35 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-05 09:31 - 2015-02-05 09:32 - 01977432 _____ () C:\Users\user\Downloads\winrar-x64-501.exe
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\Program Files (x86)\InstallShield
2015-02-05 09:09 - 2015-03-04 17:12 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-02-05 09:08 - 2015-02-17 22:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-05 09:08 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-02-05 09:07 - 2015-02-17 22:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:08 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 __RHD () C:\MSOCache
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Users\user\AppData\Local\Microsoft Help
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-05 09:07 - 2015-02-05 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-02-05 09:06 - 2014-12-12 01:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-05 13:16 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-05 13:16 - 2009-07-14 12:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-05 13:15 - 2009-07-14 13:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 12:26 - 2014-12-16 14:40 - 00000000 ___RD () C:\Users\user\Dropbox
2015-03-05 12:26 - 2014-12-16 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2015-03-05 12:26 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 12:26 - 2009-07-14 12:51 - 00040703 _____ () C:\Windows\setupact.log
2015-03-05 12:25 - 2014-12-01 23:30 - 01847626 _____ () C:\Windows\WindowsUpdate.log
2015-03-05 11:37 - 2009-07-14 13:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-04 11:03 - 2014-12-01 23:53 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-03-04 00:40 - 2014-12-11 18:12 - 00111520 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 00:40 - 2009-07-14 12:45 - 00433064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-04 00:39 - 2010-11-21 11:47 - 00021014 _____ () C:\Windows\PFRO.log
2015-03-03 21:17 - 2010-11-21 11:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-20 00:03 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing
2015-02-17 14:57 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-13 17:58 - 2014-12-16 14:35 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-13 11:13 - 2014-12-16 14:40 - 00001021 _____ () C:\Users\user\Desktop\Dropbox.lnk
2015-02-13 11:13 - 2014-12-16 14:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 00:30 - 2014-12-01 23:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 00:26 - 2009-07-14 10:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-12 00:23 - 2014-12-26 14:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 00:21 - 2014-12-26 14:44 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 18:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-02-05 22:31 - 2014-12-29 17:18 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2015-02-05 10:28 - 2014-12-26 14:53 - 00774004 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-05 09:50 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-05 09:08 - 2010-11-21 15:16 - 00000000 ____D () C:\Windows\ShellNew

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3cvcgw.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-04 00:08

==================== End Of Log ============================


----------



## JSntgRvr (Jul 1, 2003)

Here is the fixlist for post # 225. Please run it on both computers, testing one at a time, and post the fixlog, identifying which computer is from.


----------



## JSntgRvr (Jul 1, 2003)

I can't see a bad entry in that log, other than the proxy setting. Lets expand our search to 120 days.

Download *OTL* to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change *Drivers* to *All*
Change *Standard Registry* to *All*
Under *File Scans*, change *File age* to *120*

Under the Custom Scan box paste this in
*%systemroot%\Tasks\*.job​*
Click the Run Scan button.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt* (first run only). These are saved in the same location as OTL.
Please post the contents of the *OTL.txt* file and attach the *Extras.Txt*, if any, in your next reply.


----------



## kango88 (Feb 5, 2015)

*For Windows 8*

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015 01
Ran by Gladwin at 2015-03-06 12:44:05 Run:6
Running from C:\Users\ASUS\Desktop\Troubleshoot Program
Loaded Profiles: Gladwin (Available profiles: Gladwin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\WINDOWS\Tasks\InstallShield Update Task.job
Disable Service: isupdate.exe
Reg: Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 1 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Hosts:
Emptytemp:
CMD: Dir /a /b C:\WINDOWS\System32\Tasks
End

*****************

C:\WINDOWS\Tasks\InstallShield Update Task.job => Moved successfully.
Disable Service: isupdate.exe => Error: No automatic fix found for this entry.

========= Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 1 /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= Dir /a /b C:\WINDOWS\System32\Tasks =========

Adobe Acrobat Update Task
Adobe Flash Player Updater
ASUS InstantOn Config
ASUS Live Update
ASUS P4G
ASUS Splendid ACMON
ASUS Splendid ColorU
ASUS Touchpad Launcher (x64)
ASUS USB Charger Plus
AsusVibeSchedule
AutoKMS
avast! Emergency Update
avastBCLRestartS-1-5-21-147487581-2992457104-1551078015-1002
CLARUS_DRIVE_MANAGER
G2MUpdateTask-S-1-5-21-147487581-2992457104-1551078015-1002
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
InstallShield Update Task
Microsoft
Microsoft Office 15 Sync Maintenance for GLADWIN-Gladwin Gladwin
Optimize Start Menu Cache Files-S-1-5-21-147487581-2992457104-1551078015-1002
Safer-Networking
User_Feed_Synchronization-{83B032BB-4465-41F1-85D8-D50061BC5D84}
WPD

========= End of CMD: =========

EmptyTemp: => Removed 1.2 GB temporary data.

The system needed a reboot.

==== End of Fixlog 12:44:56 ====


----------



## kango88 (Feb 5, 2015)

the proxy connection issue for Windows 8 is solved. Thanks. Now moving on to Windows 7 comp


----------



## kango88 (Feb 5, 2015)

*For Windows 7*

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-06 14:26:36 Run:22
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\WINDOWS\Tasks\InstallShield Update Task.job
Disable Service: isupdate.exe
Reg: Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 1 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Hosts:
Emptytemp:
CMD: Dir /a /b C:\WINDOWS\System32\Tasks
End

*****************

"C:\WINDOWS\Tasks\InstallShield Update Task.job" => File/Directory not found.
Disable Service: isupdate.exe => Error: No automatic fix found for this entry.

========= Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 1 /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.

========= End of Reg: =========

========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= Dir /a /b C:\WINDOWS\System32\Tasks =========

Apple
Microsoft
OfficeSoftwareProtectionPlatform
Safer-Networking
WPD

========= End of CMD: =========

EmptyTemp: => Removed 50.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 14:26:38 ====


----------



## kango88 (Feb 5, 2015)

Attached are the files from OTL


----------



## JSntgRvr (Jul 1, 2003)

The install Shield program is a fake.

Please download the attached file and save it in the same directory as *FRST*.

Start *FRST* with Administrator privileges. (Right click on FRST and select "Run as administrator".
Press the *Fix* button.
When finished, a log file (*Fixlog.txt*) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

Test and let me know the outcome.


----------



## kango88 (Feb 5, 2015)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by user at 2015-03-07 00:40:17 Run:23
Running from C:\Users\user\Downloads\Programs
Loaded Profiles: user (Available profiles: user)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\WINDOWS\System32\Tasks\InstallShield Update Task
C:\WINDOWS\Tasks\InstallShield Update Task.job
DisableService: isupdate.exe
Reg: Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 1 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Hosts:
Emptytemp:
CMD: Dir /a /b C:\WINDOWS\System32\Tasks
End




*****************

"C:\WINDOWS\System32\Tasks\InstallShield Update Task" => File/Directory not found.
"C:\WINDOWS\Tasks\InstallShield Update Task.job" => File/Directory not found.
isupdate.exe service was disabled

========= Reg add "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxySettingsPerUser /t REG_DWORD /d 1 /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

The operation completed successfully.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= Dir /a /b C:\WINDOWS\System32\Tasks =========

Apple
Microsoft
OfficeSoftwareProtectionPlatform
Safer-Networking
WPD

========= End of CMD: =========

EmptyTemp: => Removed 39.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 00:40:19 ====


----------



## kango88 (Feb 5, 2015)

It is solved. Thanks!!!
What do you mean by shield program is fake?


----------



## JSntgRvr (Jul 1, 2003)

> 2015-02-05 09:11 - 2015-02-05 09:11 - 00000000 ____D () C:\Program Files (x86)\InstallShield


It was installed on February 5, and it creates Tasks and/or a service to re-spawn at startup. You don't need that program. In your position I would remove the C:\Program Files (x86)\*InstallShield* folder.

Lets give it a day, and let me know if returns. Do not use System Restore as it will restore the bad entry.


----------



## kango88 (Feb 5, 2015)

I've just removed that folder. Thank! Let's wait for a day and hopefully the problem is solved.
Thanks for your help


----------



## JSntgRvr (Jul 1, 2003)

:up:


----------



## kango88 (Feb 5, 2015)

Everything is working well now. So i mark the thread as solved? can i reopen it if the issue comes back?


----------



## JSntgRvr (Jul 1, 2003)

Will be there for 5 days.


----------



## JSntgRvr (Jul 1, 2003)

We need to remove the tools we've used during cleaning your machine


Download Delfix from *here*
Ensure *Remove disinfection tools* is ticked
*Also tick:
*
Create registry backup
Purge system restore










Click *Run*

That will remove the quarantine and reset System Restore.


----------



## kango88 (Feb 5, 2015)

For Windows 8

# DelFix v10.8 - Logfile created 09/03/2015 at 15:04:26
# Updated 29/07/2014 by Xplode
# Username : Gladwin - GLADWIN
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\AdwCleaner[R1].txt
Deleted : C:\AdwCleaner[R2].txt
Deleted : C:\AdwCleaner[R3].txt
Deleted : C:\AdwCleaner[R4].txt
Deleted : C:\AdwCleaner[R5].txt
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\AdwCleaner[S2].txt
Deleted : C:\AdwCleaner[S3].txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #279 [Checkpoint by HitmanPro | 03/01/2015 16:36:08]
Deleted : RP #281 [Checkpoint by HitmanPro | 03/01/2015 16:39:05]
Deleted : RP #282 [Windows Update | 03/05/2015 02:14:23]
Deleted : RP #283 [Windows Update | 03/09/2015 03:44:26]

New restore point created !

########## - EOF - ##########


----------



## kango88 (Feb 5, 2015)

For Windows 7

# DelFix v10.8 - Logfile created 09/03/2015 at 15:05:51
# Updated 29/07/2014 by Xplode
# Username : user - USER-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\TDSSKiller.3.0.0.44_04.03.2015_00.40.25_log.txt
Deleted : C:\Users\user\Desktop\aswmbr.exe
Deleted : C:\Users\user\Desktop\aswMBR.txt
Deleted : C:\Users\user\Desktop\MBR.dat
Deleted : C:\Users\user\Desktop\RKreport_SCN_02202015_000103.log
Deleted : C:\Users\user\Desktop\RKreport_SCN_02202015_001009.log
Deleted : C:\Users\user\Desktop\RKreport_SCN_03032015_102832.log
Deleted : C:\Users\user\Desktop\SystemLook.txt
Deleted : C:\Users\user\Desktop\TDSSKiller.3.0.0.44log.zip
Deleted : C:\Users\user\Desktop\TDSSKiller.3.0.0.44_04.03.2015_00.40.25_log.txt
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #25 [End of disinfection | 02/18/2015 01:17:04]
Deleted : RP #26 [Windows Update | 02/19/2015 14:20:50]
Deleted : RP #27 [Windows Update | 02/23/2015 02:16:28]
Deleted : RP #28 [Windows Update | 02/25/2015 15:26:26]
Deleted : RP #29 [F-Secure malware removal | 02/26/2015 13:07:22]
Deleted : RP #30 [Windows Update | 03/01/2015 15:33:58]
Deleted : RP #31 [Windows Update | 03/05/2015 14:06:55]

New restore point created !

########## - EOF - ##########


----------



## kango88 (Feb 5, 2015)

Thanks for your help! Really appreciate your patience with trying to solve all my issues for both my coms. Thank you so much


----------



## JSntgRvr (Jul 1, 2003)

You are welcome.


----------

