ttanin #1 Posted April 20, 2015 This is keep popping up. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01Ran by HP at 2015-04-19 21:24:37Running from C:\Users\HP\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)AAStationInstallConditions (HKLM-x32\...\{87C343D8-00D6-4A46-924C-54E744AFA6D6}) (Version: 15.175.191.0 - Client Marketing Systems)AAUpdateConditions (HKLM-x32\...\{40E27BC4-2003-41C7-B4D3-E636B8DAF969}) (Version: 15.175.191.0 - Client Marketing Systems)Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Advisors Assistant Station Program (HKLM-x32\...\{5F428015-AF7B-4605-A26B-ACCC76BAE383}) (Version: 17.149.761.2 - Client Marketing Systems, Inc.)AdvisorsAssistantFileTransfer (HKLM-x32\...\{36FB377C-5B4B-4146-B339-00455492BA57}) (Version: 2.001.007.0 - Client Marketing Systems, Inc.)CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.54.0.1092 - Innovative Solutions)Dropbox (HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)HP Officejet 4620 series Product Improvement Study (HKLM\...\{83F51BBA-48BE-4BB6-B96A-F4AAE4C462F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.6 - Sonix)HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) HiddenI.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)Intel® Network Connections 19.5.303.0 (HKLM\...\PROSetDX) (Version: 19.5.303.0 - Intel)Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{2BF67B4B-7C5E-4045-8766-BB44838DC61A}) (Version: 10.1.2531.0 - Microsoft Corporation)Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 1.2.7 - Motorola Mobility)MotoHelper 2.1.40 Driver 5.5.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.40 - Motorola)MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) HiddenMOTOROLA MEDIA LINK (x32 Version: 1.7.0147.0 - Motorola) HiddenMotorola Mobile Drivers Installation 5.5.0 (Version: 5.5.0 - Motorola Inc.) HiddenMozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NACIS (HKLM-x32\...\{FA0F5459-81A7-4A60-8F45-7F0F24838FFA}) (Version: 19.3 - North American Company)NACIS (x32 Version: 19.3 - North American Company) HiddenNACIS (x32 Version: 19.5 - North American Company) HiddenNACIS (x32 Version: 19.6 - North American Company) HiddenNACIS (x32 Version: 19.7 - North American Company) HiddenNVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)Ohio National Product Illustrations (HKLM-x32\...\{B9BA3A18-121D-4266-8150-1B513A965A35}) (Version: 43.01.2012 - Ohio National Financial Services)OJ4620FWUpdateAlert (x32 Version: 1.00.0000 - HP) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)SQL Server System CLR Types (HKLM-x32\...\{C9FD9DF2-D92B-4321-A338-52961FECE249}) (Version: 10.1.2531.0 - Microsoft Corporation)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)TaxACT 2014 California Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 California Preparer's - 1040 Edition) (Version: 1.03 - TaxACT, Inc.)TaxACT 2014 Massachusetts Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 Massachusetts Preparer's - 1040 Edition) (Version: 1.01 - TaxACT, Inc.)TaxACT 2014 Massachusetts Preparer's - 1120S Edition (HKLM-x32\...\TaxACT 2014 Massachusetts Preparer's - 1120S Edition) (Version: 1.01 - TaxACT, Inc.)TaxACT 2014 New York Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 New York Preparer's - 1040 Edition) (Version: 1.01 - TaxACT, Inc.)TaxACT 2014 Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 Preparer's - 1040 Edition) (Version: 1.00 - TaxACT, Inc.)TaxACT 2014 Preparer's - 1120S Edition (HKLM-x32\...\TaxACT 2014 Preparer's - 1120S Edition) (Version: 1.02 - TaxACT, Inc.)TaxACT 2014 Rhode Island Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 Rhode Island Preparer's - 1040 Edition) (Version: 1.02 - TaxACT, Inc.)TaxACT 2014 South Carolina Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 South Carolina Preparer's - 1040 Edition) (Version: 1.01 - TaxACT, Inc.)Unchecky v0.3.7 (HKLM-x32\...\Unchecky) (Version: 0.3.7 - RaMMicHaeL)VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) HiddenWindows Driver Package - Toshiba (Thotkey) HIDClass (07/31/2012 8.0.0.4) (HKLM\...\70DF870FDBAA06028AE153473AC83D84CAC23714) (Version: 07/31/2012 8.0.0.4 - Toshiba)Wondershare Dr.Fone for Android(Build 4.8.1.136) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.1.136 - Wondershare Software Co.,Ltd.)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\HP\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)==================== Restore Points =========================09-04-2015 08:23:25 Windows Update10-04-2015 12:12:06 Windows Update11-04-2015 09:26:57 Windows Update14-04-2015 11:14:42 Windows Update15-04-2015 21:46:18 Windows Update19-04-2015 09:28:24 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 22:34 - 2015-04-19 17:06 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly0.0.0.0 tracking.opencandy.com.s3.amazonaws.com0.0.0.0 media.opencandy.com0.0.0.0 cdn.opencandy.com0.0.0.0 tracking.opencandy.com0.0.0.0 api.opencandy.com0.0.0.0 installer.betterinstaller.com0.0.0.0 installer.filebulldog.com0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net0.0.0.0 inno.bisrv.com0.0.0.0 nsis.bisrv.com0.0.0.0 cdn.file2desktop.com0.0.0.0 cdn.goateastcach.us0.0.0.0 cdn.guttastatdk.us0.0.0.0 cdn.inskinmedia.com0.0.0.0 cdn.insta.oibundles2.com0.0.0.0 cdn.insta.playbryte.com0.0.0.0 cdn.llogetfastcach.us0.0.0.0 cdn.montiera.com0.0.0.0 cdn.msdwnld.com0.0.0.0 cdn.mypcbackup.com0.0.0.0 cdn.ppdownload.com0.0.0.0 cdn.riceateastcach.us0.0.0.0 cdn.shyapotato.us0.0.0.0 cdn.solimba.com0.0.0.0 cdn.tuto4pc.com0.0.0.0 cdn.appround.biz0.0.0.0 cdn.bigspeedpro.com0.0.0.0 cdn.bispd.comThere are 4 more lines.==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {172EA889-C74F-4178-A991-FC1272D7D10E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {1880C33E-60F8-44C0-92FB-91AF6DE2D42D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {2B327276-1194-485D-B05D-8A6692A952FE} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()Task: {380A6148-6138-443F-AA3E-8477E082230A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {496CD934-31B6-4644-BE2F-E498265ADAE9} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {4FFE2FFC-A478-421F-90E2-673F330C717D} - System32\Tasks\Norton PC Checkup Setup => C:\Users\HP\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe <==== ATTENTIONTask: {6173720F-A840-41D0-A5DA-A5FE02BF4D3D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)Task: {698211B7-84BF-4FF2-B7BF-2300E70C03A3} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exeTask: {6F526430-5365-4DB8-8E85-55477481D66E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {885C8E50-7D5C-42F0-843C-FEE0F40B9BB5} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()Task: {892F77CF-C9A8-41B0-AAC7-A5F487EC0533} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe [2015-04-03] (Innovative Solutions)Task: {95DF4A65-770F-41D3-838F-4BBA06860E4C} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()Task: {9C5C75F5-0940-41AF-BB9E-3D18F2131D34} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-02-09] ()Task: {B281320D-2C7C-433D-BDA3-C1604974ED4A} - System32\Tasks\Driver Booster SkipUAC (HP) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exeTask: {B5E46480-D77D-4631-B35A-CE9CE6F54758} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTIONTask: {BB3265F2-FA1F-468B-9E26-F1A388493298} - System32\Tasks\G2MUpdateTask-S-1-5-21-3292518850-759306849-2421569196-1000 => C:\Users\HP\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-12] (Citrix Online, a division of Citrix Systems, Inc.)Task: {BEE62E4C-D909-4659-8D39-2CF2518AFE95} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)Task: {D50FBDEF-4CC4-4A1E-9AEE-13475263F19B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)Task: {E7D01421-C0F7-47FC-8170-46821FB6C046} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {EAFDB959-5D40-4177-986D-826E31721612} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTIONTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exeTask: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exeTask: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3292518850-759306849-2421569196-1000.job => C:\Users\HP\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe==================== Loaded Modules (whitelisted) ==============2014-10-25 12:40 - 2015-02-03 22:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2012-02-01 17:55 - 2012-02-01 17:55 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe2012-02-01 17:55 - 2012-02-01 17:55 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe2012-02-07 17:54 - 2012-02-07 17:54 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll2012-02-07 17:53 - 2012-02-07 17:53 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll2012-02-07 17:56 - 2012-02-07 17:56 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll2012-02-07 17:54 - 2012-02-07 17:54 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll2012-02-07 17:54 - 2012-02-07 17:54 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll2015-04-19 17:06 - 2015-04-19 17:06 - 00043008 _____ () c:\users\hp\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl35pei.dll2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\libGLESv2.dll2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\libEGL.dll2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll2015-03-23 09:51 - 2015-04-03 10:05 - 00008760 _____ () C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll2015-03-25 09:04 - 2015-03-25 09:04 - 01020928 _____ () C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll2015-04-15 12:34 - 2015-04-15 12:34 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) ===============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-3292518850-759306849-2421569196-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 75.75.75.75 - 75.75.76.76==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== Accounts: =============================Administrator (S-1-5-21-3292518850-759306849-2421569196-500 - Administrator - Disabled)Guest (S-1-5-21-3292518850-759306849-2421569196-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3292518850-759306849-2421569196-1002 - Limited - Enabled)HP (S-1-5-21-3292518850-759306849-2421569196-1000 - Administrator - Enabled) => C:\Users\HP==================== Faulty Device Manager Devices =============Name: Intel® Turbo Boost Technology Driver with Dynamic Power Performance Management PCH Filter DriverDescription: Intel® Turbo Boost Technology Driver with Dynamic Power Performance Management PCH Filter DriverClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService: ImpcdProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.==================== Event log errors: =========================Application errors:==================Error: (04/19/2015 05:07:09 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (04/19/2015 11:55:00 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (04/19/2015 11:54:50 AM) (Source: SideBySide) (EventID: 72) (User: )Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.Error: (04/18/2015 05:33:17 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (04/18/2015 05:26:26 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (04/18/2015 09:22:01 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (04/18/2015 09:21:50 AM) (Source: SideBySide) (EventID: 72) (User: )Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.Error: (04/18/2015 08:34:00 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: drivermax.exe, version: 7.54.0.1092, time stamp: 0x2a425e19Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485Exception code: 0x0eedfadeFault offset: 0x0000c42dFaulting process id: 0x13f4Faulting application start time: 0xdrivermax.exe0Faulting application path: drivermax.exe1Faulting module path: drivermax.exe2Report Id: drivermax.exe3Error: (04/18/2015 08:33:11 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (04/19/2015 05:07:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)Error: (04/19/2015 05:06:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)Error: (04/19/2015 05:06:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load:amdkmafdError: (04/19/2015 09:26:14 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %HP-PC60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.195.3705.0 Update Source: %HP-PC51 Update Stage: 4.7.0205.00 Source Path: 4.7.0205.01 Signature Type: %HP-PC602 Update Type: %HP-PC604 User: HP-PC\HP Current Engine Version: %HP-PC605 Previous Engine Version: %HP-PC606 Error code: %HP-PC607 Error description: %HP-PC608Error: (04/19/2015 09:26:14 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %HP-PC60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.195.3705.0 Update Source: %HP-PC51 Update Stage: 4.7.0205.00 Source Path: 4.7.0205.01 Signature Type: %HP-PC602 Update Type: %HP-PC604 User: HP-PC\HP Current Engine Version: %HP-PC605 Previous Engine Version: %HP-PC606 Error code: %HP-PC607 Error description: %HP-PC608Error: (04/19/2015 09:25:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.195.3705.0 Update Source: %NT AUTHORITY59 Update Stage: 4.7.0205.00 Source Path: 4.7.0205.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608Error: (04/18/2015 05:33:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)Error: (04/18/2015 05:32:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)Error: (04/18/2015 05:32:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load:amdkmafdError: (04/18/2015 05:26:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)Microsoft Office Sessions:=========================Error: (04/19/2015 05:07:09 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (04/19/2015 11:55:00 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exeError: (04/19/2015 11:54:50 AM) (Source: SideBySide) (EventID: 72) (User: )Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointc:\program files (x86)\client marketing systems\advisors assistant\aaoutlookaddin6\AAOutlookAddIn6.dll.Manifestc:\program files (x86)\client marketing systems\advisors assistant\aaoutlookaddin6\AAOutlookAddIn6.dll.Manifest4Error: (04/18/2015 05:33:17 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (04/18/2015 05:26:26 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (04/18/2015 09:22:01 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exeError: (04/18/2015 09:21:50 AM) (Source: SideBySide) (EventID: 72) (User: )Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointc:\program files (x86)\client marketing systems\advisors assistant\aaoutlookaddin6\AAOutlookAddIn6.dll.Manifestc:\program files (x86)\client marketing systems\advisors assistant\aaoutlookaddin6\AAOutlookAddIn6.dll.Manifest4Error: (04/18/2015 08:34:00 AM) (Source: Application Error) (EventID: 1000) (User: )Description: drivermax.exe7.54.0.10922a425e19KERNELBASE.dll6.1.7601.187985507b4850eedfade0000c42d13f401d079d3e9f2427aC:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exeC:\Windows\syswow64\KERNELBASE.dll30318217-e5c7-11e4-89b3-705ab6adabf7Error: (04/18/2015 08:33:11 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003==================== Memory info ===========================Processor: Intel® Core i7 CPU M 620 @ 2.67GHzPercentage of memory in use: 60%Total physical RAM: 3957.87 MBAvailable physical RAM: 1570.83 MBTotal Pagefile: 7913.93 MBAvailable Pagefile: 5139.23 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB==================== Drives ================================Drive c: () (Fixed) (Total:232.79 GB) (Free:183.24 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B1D33994)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)==================== End Of Log ============================ Share this post Link to post Share on other sites
ttanin #2 Posted April 20, 2015 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01Ran by HP (administrator) on HP-PC on 19-04-2015 21:23:14Running from C:\Users\HP\DownloadsLoaded Profiles: HP (Available profiles: HP)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(Dropbox, Inc.) C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\Run: [DriverMax] => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [8874536 2015-04-03] (Innovative Solutions)HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\Run: [DriverMax_RESTART] => [X]HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\MountPoints2: E - E:\MotoCastSetup.exe -aHKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\MountPoints2: {4459f31c-a015-11e4-9903-705ab6adabf7} - F:\MotoCastSetup.exe -aStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-03-25]ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-03-25]ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-01]ShortcutTarget: Dropbox.lnk -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2014-12-31]ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3292518850-759306849-2421569196-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpSearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> DefaultScope {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {DC5DFC58-803E-4B02-B128-23F1C0CAEAF8} URL = https://www.google.com/search?q={searchTerms}BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-25] (LastPass)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-25] (LastPass)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-25] (LastPass)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-25] (LastPass)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Client Marketing Systems\Advisors Assistant\skype4com.dll [2008-07-02] (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76FireFox:========FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928FF Homepage: https://www.gmail.com/FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-25] (LastPass)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-25] (LastPass)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-3292518850-759306849-2421569196-1000: @citrixonline.com/appdetectorplugin -> C:\Users\HP\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-18] (Citrix Online)FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\Extensions\artur.dubovoy@gmail.com [2015-04-18]FF Extension: LastPass - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\Extensions\support@lastpass.com [2015-03-25]FF Extension: YesScript - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\Extensions\yesscript@userstyles.org.xpi [2015-03-24]FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-04]FF Extension: Greasemonkey - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-03-30]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [161744 2015-03-11] (RaMMicHaeL)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()S3 EtmDevPch; C:\Windows\System32\DRIVERS\EtmDevPch.sys [67392 2012-10-13] (Intel Corporation)R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-15] (REALiX)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-19] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11532704 2015-01-09] (Intel Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2009-09-24] (REDC)R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()R3 ST50220; C:\Windows\System32\Drivers\ST50220.sys [51248 2008-12-02] (Sonix)S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-03-24] (SlimWare Utilities, Inc.)R3 v3DDKAdapterKmode; C:\Windows\System32\DRIVERS\v3DDKAdapterKmode.sys [130728 2013-10-23] (Grain Media, Inc.)R3 ZCLDRV; C:\Windows\System32\DRIVERS\ZclDrv64.sys [71680 2013-06-27] (TechnoScope Co., Ltd.)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-04-19 21:23 - 2015-04-19 21:23 - 00016517 _____ () C:\Users\HP\Downloads\FRST.txt2015-04-19 21:22 - 2015-04-19 21:23 - 00000000 ____D () C:\FRST2015-04-19 21:22 - 2015-04-19 21:22 - 02098176 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe2015-04-18 08:31 - 2015-04-19 17:05 - 00000224 _____ () C:\Windows\setupact.log2015-04-18 08:31 - 2015-04-18 08:31 - 00000000 _____ () C:\Windows\setuperr.log2015-04-15 07:54 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-04-15 07:54 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-04-15 07:54 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2015-04-15 07:54 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-04-15 07:54 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2015-04-15 07:54 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2015-04-15 07:54 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2015-04-15 07:54 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-04-15 07:54 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-04-15 07:54 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2015-04-15 07:54 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2015-04-15 07:54 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2015-04-15 07:54 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2015-04-15 07:54 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2015-04-15 07:54 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2015-04-15 07:54 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2015-04-15 07:54 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2015-04-15 07:54 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2015-04-15 07:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2015-04-15 07:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2015-04-15 07:54 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-04-15 07:54 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-04-15 07:54 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-04-15 07:54 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-04-15 07:54 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2015-04-15 07:54 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-04-15 07:54 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2015-04-15 07:54 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2015-04-15 07:54 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2015-04-15 07:54 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-04-15 07:54 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2015-04-15 07:54 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-04-15 07:54 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2015-04-15 07:54 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2015-04-15 07:54 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2015-04-15 07:54 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2015-04-15 07:54 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-04-15 07:54 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2015-04-15 07:54 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-04-15 07:54 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2015-04-15 07:53 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-04-15 07:53 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-04-15 07:53 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-04-15 07:53 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-04-15 07:53 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2015-04-15 07:53 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-04-15 07:53 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-04-15 07:53 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2015-04-15 07:53 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2015-04-15 07:53 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2015-04-15 07:53 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2015-04-15 07:53 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-04-15 07:53 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2015-04-15 07:53 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2015-04-15 07:53 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2015-04-15 07:53 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-04-15 07:53 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-04-15 07:53 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2015-04-15 07:53 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-04-15 07:53 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-04-15 07:53 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2015-04-15 07:53 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2015-04-15 07:53 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-04-15 07:53 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2015-04-15 07:53 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2015-04-15 07:53 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-04-15 07:53 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-04-15 07:53 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2015-04-15 07:53 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-04-15 07:53 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2015-04-15 07:53 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-04-15 07:53 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2015-04-15 07:53 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-04-15 07:53 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2015-04-15 07:53 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-04-15 07:53 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2015-04-15 07:53 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2015-04-15 07:53 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-04-15 07:53 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-04-15 07:53 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-04-15 07:53 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-04-15 07:53 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2015-04-15 07:53 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2015-04-15 07:53 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-04-15 07:53 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2015-04-15 07:53 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-04-15 07:53 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-04-15 07:53 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-04-15 07:53 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-04-15 07:53 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-04-15 07:53 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2015-04-15 07:53 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2015-04-15 07:53 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-04-15 07:53 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2015-04-15 07:53 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-04-15 07:53 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-04-15 07:53 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-04-15 07:53 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-04-15 07:53 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-04-15 07:53 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-04-15 07:53 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2015-04-15 07:53 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-04-15 07:53 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-04-15 07:53 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-04-15 07:53 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-04-15 07:53 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-04-15 07:53 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-04-15 07:53 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2015-04-15 07:53 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2015-04-15 07:53 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2015-04-15 07:53 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2015-04-15 07:53 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2015-04-15 07:53 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2015-04-15 07:53 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys2015-04-15 07:53 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll2015-04-15 07:53 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll2015-04-15 07:53 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys2015-04-12 08:39 - 2015-04-12 08:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2A657AE9.sys2015-04-11 09:26 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-04-11 09:26 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-04-11 09:26 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-04-11 09:26 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-04-11 09:26 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-04-11 09:26 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-04-11 09:26 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-04-11 09:26 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-04-11 09:26 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-04-11 09:26 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-04-11 09:26 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-04-11 09:26 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-04-11 09:26 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-04-11 09:26 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-04-11 09:26 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-04-11 09:26 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-04-10 12:12 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-04-10 12:12 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-04-10 12:12 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-04-10 12:12 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-04-10 12:12 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-04-10 12:12 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2015-04-10 12:12 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-04-10 12:12 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-04-08 10:23 - 2015-04-08 10:23 - 00000080 _____ () C:\Users\HP\AppData\Local\X-Plane Installer.prf2015-04-08 10:20 - 2015-04-08 10:20 - 00000038 _____ () C:\Users\HP\AppData\Local\x-plane_install_10.txt2015-04-08 10:20 - 2015-04-08 10:20 - 00000000 ____D () C:\Users\HP\AppData\Roaming\NVIDIA2015-04-08 08:03 - 2015-04-08 08:03 - 00002120 _____ () C:\Users\Public\Desktop\ONFS Illustrations.lnk2015-04-08 08:03 - 2015-04-08 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ohio National2015-04-06 20:53 - 2015-04-06 20:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-04-03 15:28 - 2015-04-03 15:28 - 00009934 _____ () C:\Users\HP\Documents\Book331.xlsx2015-03-30 18:32 - 2015-04-07 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2015-03-30 18:32 - 2015-03-30 18:32 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-03-30 18:32 - 2015-03-30 18:32 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-03-30 17:48 - 2015-03-30 18:35 - 00000000 ____D () C:\Program Files (x86)\Google2015-03-30 17:47 - 2015-03-30 18:35 - 00000000 ____D () C:\Users\HP\AppData\Local\Google2015-03-30 17:47 - 2015-03-30 17:47 - 00000000 ____D () C:\Users\HP\AppData\Local\Deployment2015-03-30 17:35 - 2015-03-30 17:41 - 00000000 ____D () C:\Program Files (x86)\Gmail Notifier2015-03-30 16:06 - 2015-03-30 16:06 - 00023702 _____ () C:\Users\HP\Desktop\Tanin ADV Part 2A 3-30-15.txt2015-03-29 08:37 - 2015-03-29 08:37 - 00000000 ___SD () C:\Windows\SysWOW64\GWX2015-03-29 08:37 - 2015-03-29 08:37 - 00000000 ___SD () C:\Windows\system32\GWX2015-03-25 09:03 - 2015-03-25 09:03 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk2015-03-24 09:15 - 2009-09-03 10:37 - 00067072 _____ (REDC) C:\Windows\system32\Drivers\rimmpx64.sys2015-03-24 09:13 - 2009-09-24 17:31 - 00076288 _____ (REDC) C:\Windows\system32\Drivers\risdsn64.sys2015-03-24 09:10 - 2013-10-23 22:26 - 00343208 _____ () C:\Windows\SysWOW64\v3DDKAdapterUmodeWow.dll2015-03-24 09:10 - 2013-10-23 22:25 - 00377512 _____ () C:\Windows\system32\v3DDKAdapterUmode.dll2015-03-24 09:10 - 2013-10-23 22:25 - 00130728 _____ (Grain Media, Inc.) C:\Windows\system32\Drivers\v3DDKAdapterKmode.sys2015-03-24 09:03 - 2013-06-27 16:04 - 00042496 _____ (TechnoScope Co., Ltd.) C:\Windows\system32\ZclDrv64.dll2015-03-24 09:03 - 2013-06-27 16:04 - 00036352 _____ (TechnoScope Co., Ltd.) C:\Windows\SysWOW64\ZclDrv.dll2015-03-24 09:03 - 2013-06-27 16:02 - 00393216 _____ (TechnoScope Co., Ltd.) C:\Windows\SysWOW64\Zcl.dll2015-03-24 09:03 - 2013-06-27 16:01 - 00425472 _____ (TechnoScope Co., Ltd.) C:\Windows\system32\Zcl64.dll2015-03-24 09:03 - 2013-06-27 13:08 - 00071680 _____ (TechnoScope Co., Ltd.) C:\Windows\system32\Drivers\ZCLDrv64.sys2015-03-24 09:03 - 2005-09-08 11:25 - 00040960 _____ (TechnoScope) C:\Windows\SysWOW64\Ccm.dll2015-03-24 07:52 - 2015-03-24 07:52 - 00000000 ____D () C:\ProgramData\SlimWare Utilities, Inc2015-03-23 15:46 - 2015-03-23 21:39 - 00000000 ____D () C:\Users\HP\Documents\AirportMadness4-PC2015-03-23 09:51 - 2015-04-06 18:54 - 00001234 _____ () C:\Users\HP\Desktop\DriverMax.lnk2015-03-23 09:51 - 2015-04-06 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax2015-03-22 09:20 - 2012-10-13 07:08 - 00165952 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys2015-03-22 09:20 - 2012-10-13 07:08 - 00067392 _____ (Intel Corporation) C:\Windows\system32\Drivers\EtmDevPch.sys2015-03-20 21:03 - 2013-02-19 12:59 - 00057848 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-04-19 21:14 - 2014-10-27 13:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2015-04-19 20:44 - 2015-02-07 12:28 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2015-04-19 20:34 - 2014-10-31 08:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-04-19 20:30 - 2014-11-18 11:58 - 00000544 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3292518850-759306849-2421569196-1000.job2015-04-19 17:21 - 2014-11-25 20:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-04-19 17:13 - 2009-07-14 00:45 - 00037952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-04-19 17:13 - 2009-07-14 00:45 - 00037952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-04-19 17:08 - 2014-09-26 11:20 - 01906076 _____ () C:\Windows\WindowsUpdate.log2015-04-19 17:06 - 2015-01-23 13:31 - 00000000 ____D () C:\Temp2015-04-19 17:06 - 2014-11-11 13:53 - 00000000 ___RD () C:\Users\HP\Dropbox2015-04-19 17:06 - 2014-11-11 13:25 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Dropbox2015-04-19 17:05 - 2015-03-15 20:27 - 00002566 _____ () C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c2015-04-19 17:05 - 2015-03-15 20:27 - 00000298 _____ () C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job2015-04-19 17:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-04-19 08:11 - 2015-03-19 21:34 - 00000400 _____ () C:\Windows\Tasks\DriverEasy Scheduled Scan.job2015-04-17 14:04 - 2015-01-19 19:23 - 00000033 _____ () C:\Windows\SysWOW64\msxkwn.vxp2015-04-17 14:04 - 2015-01-19 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxACT2015-04-16 08:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2015-04-15 22:09 - 2014-11-03 12:02 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-04-15 22:07 - 2014-10-25 13:09 - 00774096 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-04-15 22:07 - 2009-07-14 01:13 - 00774096 _____ () C:\Windows\system32\PerfStringBackup.INI2015-04-15 22:01 - 2014-10-25 12:32 - 00000000 ____D () C:\Windows\system32\MRT2015-04-15 21:53 - 2014-10-25 12:32 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-04-15 21:53 - 2009-07-13 22:34 - 00000541 _____ () C:\Windows\win.ini2015-04-15 21:45 - 2014-11-14 18:37 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype2015-04-15 12:34 - 2014-10-31 08:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-04-15 12:34 - 2014-10-31 08:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-04-15 12:34 - 2014-10-31 08:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-04-12 13:52 - 2014-11-18 11:58 - 00003558 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3292518850-759306849-2421569196-10002015-04-12 09:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat2015-04-10 12:19 - 2014-11-11 13:53 - 00001005 _____ () C:\Users\HP\Desktop\Dropbox.lnk2015-04-10 12:19 - 2014-11-11 13:28 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-04-10 12:13 - 2014-12-10 10:01 - 00000000 ____D () C:\Windows\system32\appraiser2015-04-10 12:13 - 2014-10-25 12:19 - 00000000 ___SD () C:\Windows\system32\CompatTel2015-04-08 08:02 - 2014-11-07 12:18 - 00000000 ____D () C:\Users\HP\AppData\Local\Downloaded Installations2015-04-07 12:47 - 2015-01-19 19:19 - 00000133 _____ () C:\Windows\TaxACT14.ini2015-04-06 16:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Registration2015-04-06 16:46 - 2014-11-09 15:44 - 00002297 _____ () C:\Users\Public\Desktop\NACIS.lnk2015-04-06 16:46 - 2014-10-27 09:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2015-04-01 19:21 - 2009-07-14 01:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2015-03-30 17:47 - 2014-11-10 09:46 - 00000000 ____D () C:\Users\HP\AppData\Local\Apps\2.02015-03-30 16:42 - 2015-01-17 12:15 - 00000000 ____D () C:\Windows\Minidump2015-03-30 15:59 - 2015-01-26 20:59 - 00000000 ____D () C:\Users\HP\AppData\Local\Advisors Assistant2015-03-28 07:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF2015-03-27 09:16 - 2014-11-09 14:32 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe2015-03-25 09:04 - 2015-03-06 12:18 - 00000000 ____D () C:\Program Files (x86)\LastPass2015-03-25 09:03 - 2015-03-06 12:19 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass2015-03-25 09:03 - 2015-03-06 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass2015-03-24 09:38 - 2014-10-27 08:28 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys2015-03-23 20:31 - 2014-11-25 20:51 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-03-23 20:31 - 2014-11-25 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-03-23 20:31 - 2014-11-25 20:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-03-23 20:01 - 2014-11-03 12:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Microsoft Help2015-03-23 09:51 - 2015-03-15 20:27 - 00000000 ____D () C:\Program Files (x86)\Innovative Solutions==================== Files in the root of some directories =======2015-03-06 12:19 - 2015-03-25 09:04 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe2015-04-08 10:23 - 2015-04-08 10:23 - 0000080 _____ () C:\Users\HP\AppData\Local\X-Plane Installer.prf2015-04-08 10:20 - 2015-04-08 10:20 - 0000038 _____ () C:\Users\HP\AppData\Local\x-plane_install_10.txt2014-11-10 18:33 - 2014-11-10 18:33 - 0000057 _____ () C:\ProgramData\Ament.iniSome content of TEMP:====================C:\Users\HP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl35pei.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-04-14 16:19==================== End Of Log ============================ Share this post Link to post Share on other sites
deeprybka #3 Posted April 20, 2015 Hi & My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully. My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.P2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.Step 1Press the + R on your keyboard at the same time. Type notepad and click OK.Copy the entire content of the codebox below and paste into the notepad document:CloseProcesses:HKLM-x32\...\Run: [] => [X]HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> DefaultScope {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =Task: {4FFE2FFC-A478-421F-90E2-673F330C717D} - System32\Tasks\Norton PC Checkup Setup => C:\Users\HP\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe Task: {B5E46480-D77D-4631-B35A-CE9CE6F54758} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe Task: {EAFDB959-5D40-4177-986D-826E31721612} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe C:\Program Files (x86)\Pro PC CleanerEmptyTemp:Click File, Save As and type fixlist.txt as the File Name.Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please post it to your reply.Can you please tell me which problems still persist now? Share this post Link to post Share on other sites
ttanin #4 Posted April 20, 2015 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015Ran by HP at 2015-04-20 17:10:59 Run:1Running from C:\Users\HP\DownloadsLoaded Profiles: HP (Available profiles: HP)Boot Mode: Normal==============================================Content of fixlist:*****************CloseProcesses:HKLM-x32\...\Run: [] => [X]HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> DefaultScope {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =Task: {4FFE2FFC-A478-421F-90E2-673F330C717D} - System32\Tasks\Norton PC Checkup Setup => C:\Users\HP\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe Task: {B5E46480-D77D-4631-B35A-CE9CE6F54758} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe Task: {EAFDB959-5D40-4177-986D-826E31721612} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe C:\Program Files (x86)\Pro PC CleanerEmptyTemp*****************Processes closed successfully.The system needed a reboot.==== End of Fixlog 17:11:01 ==== Share this post Link to post Share on other sites
deeprybka #5 Posted April 21, 2015 You did it wrong. Step 1 Please download the attached fixlist and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from. Please copy and paste its contents in your next reply.fixlist.txt Share this post Link to post Share on other sites
ttanin #6 Posted April 21, 2015 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015Ran by HP at 2015-04-21 09:05:20 Run:2Running from C:\Users\HP\DownloadsLoaded Profiles: HP (Available profiles: HP)Boot Mode: Normal==============================================Content of fixlist:*****************HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exeC:\ProgramData\6XDvn37nS2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]*****************HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found."C:\ProgramData\6XDvn37n" => File/Directory not found.vToolbarUpdater18.0.0 => Service not found.==== End of Fixlog 09:05:20 ==== Share this post Link to post Share on other sites
deeprybka #7 Posted April 21, 2015 That was not the attached fixlist. Please download the attached fixlist above. Share this post Link to post Share on other sites
ttanin #8 Posted April 21, 2015 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015Ran by HP at 2015-04-21 09:05:20 Run:2Running from C:\Users\HP\DownloadsLoaded Profiles: HP (Available profiles: HP)Boot Mode: Normal==============================================Content of fixlist:*****************HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exeC:\ProgramData\6XDvn37nS2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]*****************HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found."C:\ProgramData\6XDvn37n" => File/Directory not found.vToolbarUpdater18.0.0 => Service not found.==== End of Fixlog 09:05:20 ==== Share this post Link to post Share on other sites
deeprybka #9 Posted April 21, 2015 I don't know what are you doing... Please download the attached fixlist and run the fix. Share this post Link to post Share on other sites
ttanin #10 Posted April 21, 2015 I just did that again. PLease post instructions from the beginning. Lets try again. Share this post Link to post Share on other sites
deeprybka #11 Posted April 21, 2015 You did it wrong.Step 1Please download the attached fixlist and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.Please copy and paste its contents in your next reply.fixlist.txt Share this post Link to post Share on other sites
ttanin #12 Posted April 21, 2015 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015Ran by HP at 2015-04-21 16:50:38 Run:3Running from C:\Users\HP\DesktopLoaded Profiles: HP (Available profiles: HP)Boot Mode: Normal==============================================Content of fixlist:*****************HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exeC:\ProgramData\6XDvn37nS2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]*****************HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found."C:\ProgramData\6XDvn37n" => File/Directory not found.vToolbarUpdater18.0.0 => Service not found.==== End of Fixlog 16:50:38 ==== Share this post Link to post Share on other sites
deeprybka #13 Posted April 21, 2015 I don't know what are you doing! The content of the fixlist must be:CloseProcesses:HKLM-x32\...\Run: [] => [X]HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> DefaultScope {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =Task: {4FFE2FFC-A478-421F-90E2-673F330C717D} - System32\Tasks\Norton PC Checkup Setup => C:\Users\HP\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe Task: {B5E46480-D77D-4631-B35A-CE9CE6F54758} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe Task: {EAFDB959-5D40-4177-986D-826E31721612} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe C:\Program Files (x86)\Pro PC CleanerEmptyTemp: Share this post Link to post Share on other sites
ttanin #14 Posted April 21, 2015 I follwed all the instructions exactly so I must have a different type of problem. Share this post Link to post Share on other sites
ttanin #16 Posted April 21, 2015 I have no idea what I need to do? Please post instructions from the beginning. I have way too many files on my desktop now. I want to deleete all of them start over. Posting a file with no instructions is not helpful. Share this post Link to post Share on other sites
deeprybka #17 Posted April 21, 2015 Please download the attached fixlist above and save it in the same directory as FRST.Start FRST with Administrator privileges.Press the Fix button.When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.Please copy and paste its contents in your next reply. Share this post Link to post Share on other sites
ttanin #18 Posted April 22, 2015 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015Ran by HP at 2015-04-21 21:10:42 Run:4Running from C:\Users\HP\DesktopLoaded Profiles: HP (Available profiles: HP)Boot Mode: Normal==============================================Content of fixlist:*****************CloseProcesses:HKLM-x32\...\Run: [] => [X]HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restrictionSearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> DefaultScope {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =Task: {4FFE2FFC-A478-421F-90E2-673F330C717D} - System32\Tasks\Norton PC Checkup Setup => C:\Users\HP\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exeTask: {B5E46480-D77D-4631-B35A-CE9CE6F54758} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exeTask: {EAFDB959-5D40-4177-986D-826E31721612} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exeC:\Program Files (x86)\Pro PC CleanerEmptyTemp:*****************Processes closed successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.HKU\S-1-5-21-3292518850-759306849-2421569196-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully."HKU\S-1-5-21-3292518850-759306849-2421569196-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8B14CBB-2C8B-4992-98ED-9C52601EE885}" => Key deleted successfully.HKCR\CLSID\{B8B14CBB-2C8B-4992-98ED-9C52601EE885} => Key not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4FFE2FFC-A478-421F-90E2-673F330C717D}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FFE2FFC-A478-421F-90E2-673F330C717D}" => Key deleted successfully.C:\Windows\System32\Tasks\Norton PC Checkup Setup => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton PC Checkup Setup" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5E46480-D77D-4631-B35A-CE9CE6F54758}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5E46480-D77D-4631-B35A-CE9CE6F54758}" => Key deleted successfully.C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAFDB959-5D40-4177-986D-826E31721612}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAFDB959-5D40-4177-986D-826E31721612}" => Key deleted successfully.C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully."C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found.EmptyTemp: => Removed 366.5 MB temporary data.The system needed a reboot.==== End of Fixlog 21:11:07 ==== Share this post Link to post Share on other sites
deeprybka #19 Posted April 22, 2015 Step 1 Please downloadOnline Scanner and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start with administartor privileges.Select the option Yes, I accept the Terms of Use and click on Start.Choose the following settings:Click on Start. The virus signature database will begin to download. This may take some time.When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed, click on Finish.A log fileis created at Copy and paste the content of this log file in your next reply. Note: Do not forget to re-enable your antivirus application after running the above scan! Share this post Link to post Share on other sites
ttanin #20 Posted April 22, 2015 ESETSmartInstaller@High as downloader log:all okESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=1017901bc772d647b59c43a44f6ed15a# engine=23507# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2015-04-22 01:59:00# local_time=2015-04-22 09:59:00 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode_1='Microsoft Security Essentials'# compatibility_mode=5895 16777213 100 100 5120768 52587134 0 0# scanned=136587# found=3# cleaned=3# scan_time=3979sh=BB5796D99C7A5C634E1FF884AA9C89E5432C2242 ft=1 fh=0166008790b84ad6 vn="a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\HP\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Helper.dll"sh=9FA6D7B3D2E3E78BAAB80EBC55195D04FC7D6E15 ft=1 fh=298bf44a8c81ab6f vn="a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\HP\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ProPCCleaner.exe"sh=E8B48B4A4E02A0487C466D94160B720077CC0A83 ft=1 fh=77de76f5be644067 vn="a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\HP\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Uninst000.CA.dll"ESETSmartInstaller@High as downloader log:all ok Share this post Link to post Share on other sites
deeprybka #21 Posted April 22, 2015 Can you please tell me which problems still persist now? Share this post Link to post Share on other sites
ttanin #22 Posted April 23, 2015 It is much better. I am not going to use the PC much on Thursday, lets see if I run into anything on Friday. Share this post Link to post Share on other sites
ttanin #24 Posted April 23, 2015 I run superantispyware daily and it still finds stuff from the pro cleaner. Here is their log file. Most of the stuff this software finds is not important. I had the software remove the files, but I know this software never completely cures the issue. SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 04/23/2015 at 10:58 AMApplication Version : 6.0.1186Database Version : 11844Scan type : Complete ScanTotal Scan Time : 00:19:37Operating System InformationWindows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)UAC On - Limited UserMemory items scanned : 545Memory threats detected : 0Registry items scanned : 50811Registry threats detected : 0File items scanned : 21970File threats detected : 8Adware.Tracking Cookie .imrworldwide.com [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ] .statcounter.com [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ] .bttrack.com [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ]Trojan.Agent/Gen-FakeAV C:\USERS\HP\APPDATA\ROAMING\RAINMAKER SOFTWARE GROUP LLC.?\PRO PC CLEANER 2.5.6\INSTALL\A5A8ADA\INSTACT.EXEPUP.ProPCCleaner/Variant C:\USERS\HP\APPDATA\ROAMING\RAINMAKER SOFTWARE GROUP LLC.?\PRO PC CLEANER 2.5.6\INSTALL\A5A8ADA\SPLASH.EXE============ End of Log============ Share this post Link to post Share on other sites
deeprybka #25 Posted April 23, 2015 Step 1Press the + R on your keyboard at the same time. Type notepad and click OK.Copy the entire content of the codebox below and paste into the notepad document:"C:\Users\HP\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6"Click File, Save As and type fixlist.txt as the File Name.Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please post it to your reply. Share this post Link to post Share on other sites