Remove Pro PC Cleaner

ttanin · April 20, 2015

This is keep popping up.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01
Ran by HP at 2015-04-19 21:24:37
Running from C:\Users\HP\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAStationInstallConditions (HKLM-x32\...\{87C343D8-00D6-4A46-924C-54E744AFA6D6}) (Version: 15.175.191.0 - Client Marketing Systems)
AAUpdateConditions (HKLM-x32\...\{40E27BC4-2003-41C7-B4D3-E636B8DAF969}) (Version: 15.175.191.0 - Client Marketing Systems)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advisors Assistant Station Program (HKLM-x32\...\{5F428015-AF7B-4605-A26B-ACCC76BAE383}) (Version: 17.149.761.2 - Client Marketing Systems, Inc.)
AdvisorsAssistantFileTransfer (HKLM-x32\...\{36FB377C-5B4B-4146-B339-00455492BA57}) (Version: 2.001.007.0 - Client Marketing Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.54.0.1092 - Innovative Solutions)
Dropbox (HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Product Improvement Study (HKLM\...\{83F51BBA-48BE-4BB6-B96A-F4AAE4C462F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.6 - Sonix)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Network Connections 19.5.303.0 (HKLM\...\PROSetDX) (Version: 19.5.303.0 - Intel)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{2BF67B4B-7C5E-4045-8766-BB44838DC61A}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 1.2.7 - Motorola Mobility)
MotoHelper 2.1.40 Driver 5.5.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.40 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.7.0147.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.5.0 (Version: 5.5.0 - Motorola Inc.) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NACIS (HKLM-x32\...\{FA0F5459-81A7-4A60-8F45-7F0F24838FFA}) (Version: 19.3 - North American Company)
NACIS (x32 Version: 19.3 - North American Company) Hidden
NACIS (x32 Version: 19.5 - North American Company) Hidden
NACIS (x32 Version: 19.6 - North American Company) Hidden
NACIS (x32 Version: 19.7 - North American Company) Hidden
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
Ohio National Product Illustrations (HKLM-x32\...\{B9BA3A18-121D-4266-8150-1B513A965A35}) (Version: 43.01.2012 - Ohio National Financial Services)
OJ4620FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SQL Server System CLR Types (HKLM-x32\...\{C9FD9DF2-D92B-4321-A338-52961FECE249}) (Version: 10.1.2531.0 - Microsoft Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TaxACT 2014 California Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 California Preparer's - 1040 Edition) (Version: 1.03 - TaxACT, Inc.)
TaxACT 2014 Massachusetts Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 Massachusetts Preparer's - 1040 Edition) (Version: 1.01 - TaxACT, Inc.)
TaxACT 2014 Massachusetts Preparer's - 1120S Edition (HKLM-x32\...\TaxACT 2014 Massachusetts Preparer's - 1120S Edition) (Version: 1.01 - TaxACT, Inc.)
TaxACT 2014 New York Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 New York Preparer's - 1040 Edition) (Version: 1.01 - TaxACT, Inc.)
TaxACT 2014 Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 Preparer's - 1040 Edition) (Version: 1.00 - TaxACT, Inc.)
TaxACT 2014 Preparer's - 1120S Edition (HKLM-x32\...\TaxACT 2014 Preparer's - 1120S Edition) (Version: 1.02 - TaxACT, Inc.)
TaxACT 2014 Rhode Island Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 Rhode Island Preparer's - 1040 Edition) (Version: 1.02 - TaxACT, Inc.)
TaxACT 2014 South Carolina Preparer's - 1040 Edition (HKLM-x32\...\TaxACT 2014 South Carolina Preparer's - 1040 Edition) (Version: 1.01 - TaxACT, Inc.)
Unchecky v0.3.7 (HKLM-x32\...\Unchecky) (Version: 0.3.7 - RaMMicHaeL)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Windows Driver Package - Toshiba (Thotkey) HIDClass (07/31/2012 8.0.0.4) (HKLM\...\70DF870FDBAA06028AE153473AC83D84CAC23714) (Version: 07/31/2012 8.0.0.4 - Toshiba)
Wondershare Dr.Fone for Android(Build 4.8.1.136) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.1.136 - Wondershare Software Co.,Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\HP\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3292518850-759306849-2421569196-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

09-04-2015 08:23:25 Windows Update
10-04-2015 12:12:06 Windows Update
11-04-2015 09:26:57 Windows Update
14-04-2015 11:14:42 Windows Update
15-04-2015 21:46:18 Windows Update
19-04-2015 09:28:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-04-19 17:06 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {172EA889-C74F-4178-A991-FC1272D7D10E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1880C33E-60F8-44C0-92FB-91AF6DE2D42D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2B327276-1194-485D-B05D-8A6692A952FE} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {380A6148-6138-443F-AA3E-8477E082230A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {496CD934-31B6-4644-BE2F-E498265ADAE9} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4FFE2FFC-A478-421F-90E2-673F330C717D} - System32\Tasks\Norton PC Checkup Setup => C:\Users\HP\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe <==== ATTENTION
Task: {6173720F-A840-41D0-A5DA-A5FE02BF4D3D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {698211B7-84BF-4FF2-B7BF-2300E70C03A3} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: {6F526430-5365-4DB8-8E85-55477481D66E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {885C8E50-7D5C-42F0-843C-FEE0F40B9BB5} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {892F77CF-C9A8-41B0-AAC7-A5F487EC0533} - System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe [2015-04-03] (Innovative Solutions)
Task: {95DF4A65-770F-41D3-838F-4BBA06860E4C} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {9C5C75F5-0940-41AF-BB9E-3D18F2131D34} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-02-09] ()
Task: {B281320D-2C7C-433D-BDA3-C1604974ED4A} - System32\Tasks\Driver Booster SkipUAC (HP) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {B5E46480-D77D-4631-B35A-CE9CE6F54758} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {BB3265F2-FA1F-468B-9E26-F1A388493298} - System32\Tasks\G2MUpdateTask-S-1-5-21-3292518850-759306849-2421569196-1000 => C:\Users\HP\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BEE62E4C-D909-4659-8D39-2CF2518AFE95} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {D50FBDEF-4CC4-4A1E-9AEE-13475263F19B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {E7D01421-C0F7-47FC-8170-46821FB6C046} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EAFDB959-5D40-4177-986D-826E31721612} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job => C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3292518850-759306849-2421569196-1000.job => C:\Users\HP\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-10-25 12:40 - 2015-02-03 22:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-01 17:55 - 2012-02-01 17:55 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2012-02-01 17:55 - 2012-02-01 17:55 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2012-02-07 17:54 - 2012-02-07 17:54 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2012-02-07 17:53 - 2012-02-07 17:53 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2012-02-07 17:56 - 2012-02-07 17:56 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2012-02-07 17:54 - 2012-02-07 17:54 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2012-02-07 17:54 - 2012-02-07 17:54 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2015-04-19 17:06 - 2015-04-19 17:06 - 00043008 _____ () c:\users\hp\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl35pei.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-23 09:51 - 2015-04-03 10:05 - 00008760 _____ () C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll
2015-03-25 09:04 - 2015-03-25 09:04 - 01020928 _____ () C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-04-15 12:34 - 2015-04-15 12:34 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3292518850-759306849-2421569196-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3292518850-759306849-2421569196-500 - Administrator - Disabled)
Guest (S-1-5-21-3292518850-759306849-2421569196-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3292518850-759306849-2421569196-1002 - Limited - Enabled)
HP (S-1-5-21-3292518850-759306849-2421569196-1000 - Administrator - Enabled) => C:\Users\HP

==================== Faulty Device Manager Devices =============

Name: Intel® Turbo Boost Technology Driver with Dynamic Power Performance Management PCH Filter Driver
Description: Intel® Turbo Boost Technology Driver with Dynamic Power Performance Management PCH Filter Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: Impcd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2015 05:07:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 11:55:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2015 11:54:50 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (04/18/2015 05:33:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 05:26:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 09:22:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/18/2015 09:21:50 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "asmv2:clrClassInvocation1".Error in manifest or policy file "asmv2:clrClassInvocation2" on line asmv2:clrClassInvocation3.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (04/18/2015 08:34:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: drivermax.exe, version: 7.54.0.1092, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18798, time stamp: 0x5507b485
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x13f4
Faulting application start time: 0xdrivermax.exe0
Faulting application path: drivermax.exe1
Faulting module path: drivermax.exe2
Report Id: drivermax.exe3

Error: (04/18/2015 08:33:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/19/2015 05:07:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/19/2015 05:06:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/19/2015 05:06:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (04/19/2015 09:26:14 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %HP-PC60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.195.3705.0

   Update Source: %HP-PC51

   Update Stage: 4.7.0205.00

   Source Path: 4.7.0205.01

   Signature Type: %HP-PC602

   Update Type: %HP-PC604

   User: HP-PC\HP

   Current Engine Version: %HP-PC605

   Previous Engine Version: %HP-PC606

   Error code: %HP-PC607

   Error description: %HP-PC608

Error: (04/19/2015 09:26:14 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %HP-PC60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.195.3705.0

   Update Source: %HP-PC51

   Update Stage: 4.7.0205.00

   Source Path: 4.7.0205.01

   Signature Type: %HP-PC602

   Update Type: %HP-PC604

   User: HP-PC\HP

   Current Engine Version: %HP-PC605

   Previous Engine Version: %HP-PC606

   Error code: %HP-PC607

   Error description: %HP-PC608

Error: (04/19/2015 09:25:42 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.195.3705.0

   Update Source: %NT AUTHORITY59

   Update Stage: 4.7.0205.00

   Source Path: 4.7.0205.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (04/18/2015 05:33:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (04/18/2015 05:32:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/18/2015 05:32:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (04/18/2015 05:26:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (04/19/2015 05:07:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2015 11:55:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

Error: (04/19/2015 11:54:50 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointc:\program files (x86)\client marketing systems\advisors assistant\aaoutlookaddin6\AAOutlookAddIn6.dll.Manifestc:\program files (x86)\client marketing systems\advisors assistant\aaoutlookaddin6\AAOutlookAddIn6.dll.Manifest4

Error: (04/18/2015 05:33:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 05:26:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2015 09:22:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe

Error: (04/18/2015 09:21:50 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointc:\program files (x86)\client marketing systems\advisors assistant\aaoutlookaddin6\AAOutlookAddIn6.dll.Manifestc:\program files (x86)\client marketing systems\advisors assistant\aaoutlookaddin6\AAOutlookAddIn6.dll.Manifest4

Error: (04/18/2015 08:34:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: drivermax.exe7.54.0.10922a425e19KERNELBASE.dll6.1.7601.187985507b4850eedfade0000c42d13f401d079d3e9f2427aC:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exeC:\Windows\syswow64\KERNELBASE.dll30318217-e5c7-11e4-89b3-705ab6adabf7

Error: (04/18/2015 08:33:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core i7 CPU M 620 @ 2.67GHz
Percentage of memory in use: 60%
Total physical RAM: 3957.87 MB
Available physical RAM: 1570.83 MB
Total Pagefile: 7913.93 MB
Available Pagefile: 5139.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:183.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B1D33994)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ttanin · April 20, 2015

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by HP (administrator) on HP-PC on 19-04-2015 21:23:14
Running from C:\Users\HP\Downloads
Loaded Profiles: HP (Available profiles: HP)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Dropbox, Inc.) C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\Run: [DriverMax] => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [8874536 2015-04-03] (Innovative Solutions)
HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\Run: [DriverMax_RESTART] => [X]
HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\MountPoints2: E - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-3292518850-759306849-2421569196-1000\...\MountPoints2: {4459f31c-a015-11e4-9903-705ab6adabf7} - F:\MotoCastSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-03-25]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-03-25]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2014-12-31]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3292518850-759306849-2421569196-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> DefaultScope {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =
SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =
SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {DC5DFC58-803E-4B02-B128-23F1C0CAEAF8} URL = https://www.google.com/search?q={searchTerms}
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-25] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-25] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-25] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-25] (LastPass)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Client Marketing Systems\Advisors Assistant\skype4com.dll [2008-07-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928
FF Homepage: https://www.gmail.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-25] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-25] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3292518850-759306849-2421569196-1000: @citrixonline.com/appdetectorplugin -> C:\Users\HP\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-11-18] (Citrix Online)
FF Extension: No Name - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\Extensions\artur.dubovoy@gmail.com [2015-04-18]
FF Extension: LastPass - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\Extensions\support@lastpass.com [2015-03-25]
FF Extension: YesScript - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\Extensions\yesscript@userstyles.org.xpi [2015-03-24]
FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-04]
FF Extension: Greasemonkey - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\qkmjrpbe.default-1427206009928\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-03-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [161744 2015-03-11] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-03-14] (Advanced Micro Devices, Inc.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
S3 EtmDevPch; C:\Windows\System32\DRIVERS\EtmDevPch.sys [67392 2012-10-13] (Intel Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-15] (REALiX)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11532704 2015-01-09] (Intel Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2009-09-24] (REDC)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()
R3 ST50220; C:\Windows\System32\Drivers\ST50220.sys [51248 2008-12-02] (Sonix)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-03-24] (SlimWare Utilities, Inc.)
R3 v3DDKAdapterKmode; C:\Windows\System32\DRIVERS\v3DDKAdapterKmode.sys [130728 2013-10-23] (Grain Media, Inc.)
R3 ZCLDRV; C:\Windows\System32\DRIVERS\ZclDrv64.sys [71680 2013-06-27] (TechnoScope Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 21:23 - 2015-04-19 21:23 - 00016517 _____ () C:\Users\HP\Downloads\FRST.txt
2015-04-19 21:22 - 2015-04-19 21:23 - 00000000 ____D () C:\FRST
2015-04-19 21:22 - 2015-04-19 21:22 - 02098176 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe
2015-04-18 08:31 - 2015-04-19 17:05 - 00000224 _____ () C:\Windows\setupact.log
2015-04-18 08:31 - 2015-04-18 08:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-15 07:54 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 07:54 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 07:54 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 07:54 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 07:54 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 07:54 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 07:54 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 07:54 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 07:54 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 07:54 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 07:54 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 07:54 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 07:54 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 07:54 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 07:54 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 07:54 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 07:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 07:54 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 07:54 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 07:54 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 07:54 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 07:54 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 07:54 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 07:54 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 07:54 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 07:54 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 07:54 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 07:54 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 07:54 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 07:54 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 07:54 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 07:54 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 07:54 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 07:54 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 07:54 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 07:54 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 07:54 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 07:54 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 07:53 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 07:53 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 07:53 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 07:53 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 07:53 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 07:53 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 07:53 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 07:53 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 07:53 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 07:53 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 07:53 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 07:53 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 07:53 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 07:53 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 07:53 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 07:53 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 07:53 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 07:53 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 07:53 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 07:53 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 07:53 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 07:53 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 07:53 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 07:53 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 07:53 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 07:53 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 07:53 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 07:53 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 07:53 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 07:53 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 07:53 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 07:53 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 07:53 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 07:53 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 07:53 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 07:53 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 07:53 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 07:53 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 07:53 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 07:53 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 07:53 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 07:53 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 07:53 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 07:53 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 07:53 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 07:53 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 07:53 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 07:53 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 07:53 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 07:53 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 07:53 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 07:53 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 07:53 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 07:53 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 07:53 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 07:53 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 07:53 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 07:53 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 07:53 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 07:53 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 07:53 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 07:53 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 07:53 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 07:53 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 07:53 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 07:53 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 07:53 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 07:53 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 07:53 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 07:53 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 07:53 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 07:53 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 07:53 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 07:53 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 07:53 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 07:53 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 07:53 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 07:53 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-12 08:39 - 2015-04-12 08:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2A657AE9.sys
2015-04-11 09:26 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-11 09:26 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-11 09:26 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-11 09:26 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-11 09:26 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-11 09:26 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-11 09:26 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-11 09:26 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-11 09:26 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-11 09:26 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-11 09:26 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-11 09:26 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-11 09:26 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-11 09:26 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-11 09:26 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-11 09:26 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-10 12:12 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-10 12:12 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-10 12:12 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-10 12:12 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-10 12:12 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-10 12:12 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-10 12:12 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-10 12:12 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-08 10:23 - 2015-04-08 10:23 - 00000080 _____ () C:\Users\HP\AppData\Local\X-Plane Installer.prf
2015-04-08 10:20 - 2015-04-08 10:20 - 00000038 _____ () C:\Users\HP\AppData\Local\x-plane_install_10.txt
2015-04-08 10:20 - 2015-04-08 10:20 - 00000000 ____D () C:\Users\HP\AppData\Roaming\NVIDIA
2015-04-08 08:03 - 2015-04-08 08:03 - 00002120 _____ () C:\Users\Public\Desktop\ONFS Illustrations.lnk
2015-04-08 08:03 - 2015-04-08 08:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ohio National
2015-04-06 20:53 - 2015-04-06 20:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-03 15:28 - 2015-04-03 15:28 - 00009934 _____ () C:\Users\HP\Documents\Book331.xlsx
2015-03-30 18:32 - 2015-04-07 11:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-30 18:32 - 2015-03-30 18:32 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-30 18:32 - 2015-03-30 18:32 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-30 17:48 - 2015-03-30 18:35 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-30 17:47 - 2015-03-30 18:35 - 00000000 ____D () C:\Users\HP\AppData\Local\Google
2015-03-30 17:47 - 2015-03-30 17:47 - 00000000 ____D () C:\Users\HP\AppData\Local\Deployment
2015-03-30 17:35 - 2015-03-30 17:41 - 00000000 ____D () C:\Program Files (x86)\Gmail Notifier
2015-03-30 16:06 - 2015-03-30 16:06 - 00023702 _____ () C:\Users\HP\Desktop\Tanin ADV Part 2A 3-30-15.txt
2015-03-29 08:37 - 2015-03-29 08:37 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-29 08:37 - 2015-03-29 08:37 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-25 09:03 - 2015-03-25 09:03 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-03-24 09:15 - 2009-09-03 10:37 - 00067072 _____ (REDC) C:\Windows\system32\Drivers\rimmpx64.sys
2015-03-24 09:13 - 2009-09-24 17:31 - 00076288 _____ (REDC) C:\Windows\system32\Drivers\risdsn64.sys
2015-03-24 09:10 - 2013-10-23 22:26 - 00343208 _____ () C:\Windows\SysWOW64\v3DDKAdapterUmodeWow.dll
2015-03-24 09:10 - 2013-10-23 22:25 - 00377512 _____ () C:\Windows\system32\v3DDKAdapterUmode.dll
2015-03-24 09:10 - 2013-10-23 22:25 - 00130728 _____ (Grain Media, Inc.) C:\Windows\system32\Drivers\v3DDKAdapterKmode.sys
2015-03-24 09:03 - 2013-06-27 16:04 - 00042496 _____ (TechnoScope Co., Ltd.) C:\Windows\system32\ZclDrv64.dll
2015-03-24 09:03 - 2013-06-27 16:04 - 00036352 _____ (TechnoScope Co., Ltd.) C:\Windows\SysWOW64\ZclDrv.dll
2015-03-24 09:03 - 2013-06-27 16:02 - 00393216 _____ (TechnoScope Co., Ltd.) C:\Windows\SysWOW64\Zcl.dll
2015-03-24 09:03 - 2013-06-27 16:01 - 00425472 _____ (TechnoScope Co., Ltd.) C:\Windows\system32\Zcl64.dll
2015-03-24 09:03 - 2013-06-27 13:08 - 00071680 _____ (TechnoScope Co., Ltd.) C:\Windows\system32\Drivers\ZCLDrv64.sys
2015-03-24 09:03 - 2005-09-08 11:25 - 00040960 _____ (TechnoScope) C:\Windows\SysWOW64\Ccm.dll
2015-03-24 07:52 - 2015-03-24 07:52 - 00000000 ____D () C:\ProgramData\SlimWare Utilities, Inc
2015-03-23 15:46 - 2015-03-23 21:39 - 00000000 ____D () C:\Users\HP\Documents\AirportMadness4-PC
2015-03-23 09:51 - 2015-04-06 18:54 - 00001234 _____ () C:\Users\HP\Desktop\DriverMax.lnk
2015-03-23 09:51 - 2015-04-06 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
2015-03-22 09:20 - 2012-10-13 07:08 - 00165952 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys
2015-03-22 09:20 - 2012-10-13 07:08 - 00067392 _____ (Intel Corporation) C:\Windows\system32\Drivers\EtmDevPch.sys
2015-03-20 21:03 - 2013-02-19 12:59 - 00057848 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 21:14 - 2014-10-27 13:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-19 20:44 - 2015-02-07 12:28 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-04-19 20:34 - 2014-10-31 08:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 20:30 - 2014-11-18 11:58 - 00000544 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3292518850-759306849-2421569196-1000.job
2015-04-19 17:21 - 2014-11-25 20:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 17:13 - 2009-07-14 00:45 - 00037952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 17:13 - 2009-07-14 00:45 - 00037952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 17:08 - 2014-09-26 11:20 - 01906076 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 17:06 - 2015-01-23 13:31 - 00000000 ____D () C:\Temp
2015-04-19 17:06 - 2014-11-11 13:53 - 00000000 ___RD () C:\Users\HP\Dropbox
2015-04-19 17:06 - 2014-11-11 13:25 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Dropbox
2015-04-19 17:05 - 2015-03-15 20:27 - 00002566 _____ () C:\Windows\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c
2015-04-19 17:05 - 2015-03-15 20:27 - 00000298 _____ () C:\Windows\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c.job
2015-04-19 17:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-19 08:11 - 2015-03-19 21:34 - 00000400 _____ () C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2015-04-17 14:04 - 2015-01-19 19:23 - 00000033 _____ () C:\Windows\SysWOW64\msxkwn.vxp
2015-04-17 14:04 - 2015-01-19 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxACT
2015-04-16 08:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 22:09 - 2014-11-03 12:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 22:07 - 2014-10-25 13:09 - 00774096 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 22:07 - 2009-07-14 01:13 - 00774096 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 22:01 - 2014-10-25 12:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 21:53 - 2014-10-25 12:32 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 21:53 - 2009-07-13 22:34 - 00000541 _____ () C:\Windows\win.ini
2015-04-15 21:45 - 2014-11-14 18:37 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2015-04-15 12:34 - 2014-10-31 08:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 12:34 - 2014-10-31 08:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 12:34 - 2014-10-31 08:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-12 13:52 - 2014-11-18 11:58 - 00003558 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3292518850-759306849-2421569196-1000
2015-04-12 09:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-10 12:19 - 2014-11-11 13:53 - 00001005 _____ () C:\Users\HP\Desktop\Dropbox.lnk
2015-04-10 12:19 - 2014-11-11 13:28 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-10 12:13 - 2014-12-10 10:01 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-10 12:13 - 2014-10-25 12:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-08 08:02 - 2014-11-07 12:18 - 00000000 ____D () C:\Users\HP\AppData\Local\Downloaded Installations
2015-04-07 12:47 - 2015-01-19 19:19 - 00000133 _____ () C:\Windows\TaxACT14.ini
2015-04-06 16:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Registration
2015-04-06 16:46 - 2014-11-09 15:44 - 00002297 _____ () C:\Users\Public\Desktop\NACIS.lnk
2015-04-06 16:46 - 2014-10-27 09:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-01 19:21 - 2009-07-14 01:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-30 17:47 - 2014-11-10 09:46 - 00000000 ____D () C:\Users\HP\AppData\Local\Apps\2.0
2015-03-30 16:42 - 2015-01-17 12:15 - 00000000 ____D () C:\Windows\Minidump
2015-03-30 15:59 - 2015-01-26 20:59 - 00000000 ____D () C:\Users\HP\AppData\Local\Advisors Assistant
2015-03-28 07:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-27 09:16 - 2014-11-09 14:32 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe
2015-03-25 09:04 - 2015-03-06 12:18 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-03-25 09:03 - 2015-03-06 12:19 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-25 09:03 - 2015-03-06 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-24 09:38 - 2014-10-27 08:28 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2015-03-23 20:31 - 2014-11-25 20:51 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-23 20:31 - 2014-11-25 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-23 20:31 - 2014-11-25 20:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-23 20:01 - 2014-11-03 12:02 - 00000000 ____D () C:\Users\HP\AppData\Local\Microsoft Help
2015-03-23 09:51 - 2015-03-15 20:27 - 00000000 ____D () C:\Program Files (x86)\Innovative Solutions

==================== Files in the root of some directories =======

2015-03-06 12:19 - 2015-03-25 09:04 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-04-08 10:23 - 2015-04-08 10:23 - 0000080 _____ () C:\Users\HP\AppData\Local\X-Plane Installer.prf
2015-04-08 10:20 - 2015-04-08 10:20 - 0000038 _____ () C:\Users\HP\AppData\Local\x-plane_install_10.txt
2014-11-10 18:33 - 2014-11-10 18:33 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl35pei.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-14 16:19

==================== End Of Log ============================

deeprybka · April 20, 2015

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Step 1

Press the + R on your keyboard at the same time. Type notepad and click OK.

Copy the entire content of the codebox below and paste into the notepad document:

CloseProcesses:HKLM-x32\...\Run: [] => [X]HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> DefaultScope {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =Task: {4FFE2FFC-A478-421F-90E2-673F330C717D} - System32\Tasks\Norton PC Checkup Setup => C:\Users\HP\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe Task: {B5E46480-D77D-4631-B35A-CE9CE6F54758} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe Task: {EAFDB959-5D40-4177-986D-826E31721612} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe C:\Program Files (x86)\Pro PC CleanerEmptyTemp:

Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Can you please tell me which problems still persist now?

ttanin · April 20, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by HP at 2015-04-20 17:10:59 Run:1
Running from C:\Users\HP\Downloads
Loaded Profiles: HP (Available profiles: HP)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:HKLM-x32\...\Run: [] => [X]HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> DefaultScope {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =Task: {4FFE2FFC-A478-421F-90E2-673F330C717D} - System32\Tasks\Norton PC Checkup Setup => C:\Users\HP\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe Task: {B5E46480-D77D-4631-B35A-CE9CE6F54758} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe Task: {EAFDB959-5D40-4177-986D-826E31721612} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe C:\Program Files (x86)\Pro PC CleanerEmptyTemp
*****************

Processes closed successfully.

The system needed a reboot.

==== End of Fixlog 17:11:01 ====

deeprybka · April 21, 2015

You did it wrong.

Step 1

Please download the attached fixlist and save it in the same directory as FRST.

Start FRST with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

fixlist.txt

ttanin · April 21, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by HP at 2015-04-21 09:05:20 Run:2
Running from C:\Users\HP\Downloads
Loaded Profiles: HP (Available profiles: HP)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe
C:\ProgramData\6XDvn37n
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]
*****************

HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found.
"C:\ProgramData\6XDvn37n" => File/Directory not found.
vToolbarUpdater18.0.0 => Service not found.

==== End of Fixlog 09:05:20 ====

deeprybka · April 21, 2015

That was not the attached fixlist. Please download the attached fixlist above.

ttanin · April 21, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by HP at 2015-04-21 09:05:20 Run:2
Running from C:\Users\HP\Downloads
Loaded Profiles: HP (Available profiles: HP)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe
C:\ProgramData\6XDvn37n
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]
*****************

HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found.
"C:\ProgramData\6XDvn37n" => File/Directory not found.
vToolbarUpdater18.0.0 => Service not found.

==== End of Fixlog 09:05:20 ====

deeprybka · April 21, 2015

I don't know what are you doing...

Please download the attached fixlist and run the fix.

ttanin · April 21, 2015

I just did that again. PLease post instructions from the beginning. Lets try again.

deeprybka · April 21, 2015

You did it wrong.
Step 1
Please download the attached fixlist and save it in the same directory as FRST.
Start FRST with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.
fixlist.txt

ttanin · April 21, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by HP at 2015-04-21 16:50:38 Run:3
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available profiles: HP)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe
C:\ProgramData\6XDvn37n
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]
*****************

HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found.
"C:\ProgramData\6XDvn37n" => File/Directory not found.
vToolbarUpdater18.0.0 => Service not found.

==== End of Fixlog 16:50:38 ====

deeprybka · April 21, 2015

I don't know what are you doing! The content of the fixlist must be:

CloseProcesses:HKLM-x32\...\Run: [] => [X]HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> DefaultScope {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =Task: {4FFE2FFC-A478-421F-90E2-673F330C717D} - System32\Tasks\Norton PC Checkup Setup => C:\Users\HP\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe Task: {B5E46480-D77D-4631-B35A-CE9CE6F54758} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe Task: {EAFDB959-5D40-4177-986D-826E31721612} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe C:\Program Files (x86)\Pro PC CleanerEmptyTemp:

ttanin · April 21, 2015

I follwed all the instructions exactly so I must have a different type of problem.

deeprybka · April 21, 2015

fixlist.txt

ttanin · April 21, 2015

I have no idea what I need to do? Please post instructions from the beginning. I have way too many files on my desktop now. I want to deleete all of them start over. Posting a file with no instructions is not helpful.

deeprybka · April 21, 2015

Please download the attached fixlist above and save it in the same directory as FRST.

Start FRST with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

ttanin · April 22, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by HP at 2015-04-21 21:10:42 Run:4
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available profiles: HP)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> DefaultScope {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =
SearchScopes: HKU\S-1-5-21-3292518850-759306849-2421569196-1000 -> {B8B14CBB-2C8B-4992-98ED-9C52601EE885} URL =
Task: {4FFE2FFC-A478-421F-90E2-673F330C717D} - System32\Tasks\Norton PC Checkup Setup => C:\Users\HP\AppData\Local\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe
Task: {B5E46480-D77D-4631-B35A-CE9CE6F54758} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {EAFDB959-5D40-4177-986D-826E31721612} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
C:\Program Files (x86)\Pro PC Cleaner
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-3292518850-759306849-2421569196-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3292518850-759306849-2421569196-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8B14CBB-2C8B-4992-98ED-9C52601EE885}" => Key deleted successfully.
HKCR\CLSID\{B8B14CBB-2C8B-4992-98ED-9C52601EE885} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4FFE2FFC-A478-421F-90E2-673F330C717D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FFE2FFC-A478-421F-90E2-673F330C717D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton PC Checkup Setup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton PC Checkup Setup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5E46480-D77D-4631-B35A-CE9CE6F54758}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5E46480-D77D-4631-B35A-CE9CE6F54758}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAFDB959-5D40-4177-986D-826E31721612}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAFDB959-5D40-4177-986D-826E31721612}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.
"C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found.
EmptyTemp: => Removed 366.5 MB temporary data.

The system needed a reboot.

==== End of Fixlog 21:11:07 ====

deeprybka · April 22, 2015

Step 1

Please downloadOnline Scanner and save it to your Desktop.

Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
Start with administartor privileges.
Select the option Yes, I accept the Terms of Use and click on Start.
Choose the following settings:

Click on Start. The virus signature database will begin to download. This may take some time.
When completed the Online Scan will begin automatically.
Note: This scan might take a long time! Please be patient.
When completed, click on Finish.
A log fileis created at
Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

ttanin · April 22, 2015

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1017901bc772d647b59c43a44f6ed15a
# engine=23507
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-22 01:59:00
# local_time=2015-04-22 09:59:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5120768 52587134 0 0
# scanned=136587
# found=3
# cleaned=3
# scan_time=3979
sh=BB5796D99C7A5C634E1FF884AA9C89E5432C2242 ft=1 fh=0166008790b84ad6 vn="a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\HP\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Helper.dll"
sh=9FA6D7B3D2E3E78BAAB80EBC55195D04FC7D6E15 ft=1 fh=298bf44a8c81ab6f vn="a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\HP\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ProPCCleaner.exe"
sh=E8B48B4A4E02A0487C466D94160B720077CC0A83 ft=1 fh=77de76f5be644067 vn="a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\HP\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Uninst000.CA.dll"
ESETSmartInstaller@High as downloader log:
all ok

deeprybka · April 22, 2015

Can you please tell me which problems still persist now?

ttanin · April 23, 2015

It is much better. I am not going to use the PC much on Thursday, lets see if I run into anything on Friday.

deeprybka · April 23, 2015

OK...

ttanin · April 23, 2015

I run superantispyware daily and it still finds stuff from the pro cleaner. Here is their log file. Most of the stuff this software finds is not important. I had the software remove the files, but I know this software never completely cures the issue.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/23/2015 at 10:58 AM

Application Version : 6.0.1186
Database Version : 11844

Scan type       : Complete Scan
Total Scan Time : 00:19:37

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 545
Memory threats detected   : 0
Registry items scanned    : 50811
Registry threats detected : 0
File items scanned        : 21970
File threats detected     : 8

Adware.Tracking Cookie
   .imrworldwide.com [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ]
   .statcounter.com [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ]
   .bttrack.com [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QKMJRPBE.DEFAULT-1427206009928\COOKIES.SQLITE ]

Trojan.Agent/Gen-FakeAV
   C:\USERS\HP\APPDATA\ROAMING\RAINMAKER SOFTWARE GROUP LLC.?\PRO PC CLEANER 2.5.6\INSTALL\A5A8ADA\INSTACT.EXE

PUP.ProPCCleaner/Variant
   C:\USERS\HP\APPDATA\ROAMING\RAINMAKER SOFTWARE GROUP LLC.?\PRO PC CLEANER 2.5.6\INSTALL\A5A8ADA\SPLASH.EXE

============
End of Log
============

deeprybka · April 23, 2015

Step 1

Press the + R on your keyboard at the same time. Type notepad and click OK.

Copy the entire content of the codebox below and paste into the notepad document:

"C:\Users\HP\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6"

Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Remove Pro PC Cleaner

Recommended Posts

ttanin 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

ttanin 0

Link to post

Share on other sites

deeprybka 0

Link to post

Share on other sites

Archived

Recently Browsing 0 members

Important Information