Jump to content

OneSystemCare woes


Mika
 Share

Recommended Posts

Hi,

 

Running Windows 7 and MS Security Essentials. Inadvertently picked up OneSystemCare malware in June; ran Malwarebytes (with suspect files quarantined) and thought that was the end of it. In retrospect, the system has been running more and more slowly since then. New recent behavior is the system will periodically freeze for minutes and MS Security Eesentials will be turned off. Ran Malwarebytes again. 1 OneSystemCare file quarantined, but the behaviors uneffected. So, likely OneSystemCare has not been entirely removed and/or other malware is present.

 

Please help..Thank you.

 

 

 

FRST.txt***************************************************************

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by sumika (administrator) on RAIDER (09-10-2015 21:36:16)
Running from C:\Users\sumika\Desktop
Loaded Profiles: Micky & sumika (Available Profiles: Micky & Jessie & PF & Gamerz & sumika)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\stacsv64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\OSD\OSD_Service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Flux Software LLC) C:\Users\Micky\AppData\Local\FluxSoftware\Flux\flux.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
(Akamai Technologies, Inc.) C:\Users\Micky\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Akamai Technologies, Inc.) C:\Users\Micky\AppData\Local\Akamai\netsession_win.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Microsoft) C:\Program Files (x86)\OSD\OSD_Main.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\sumika\AppData\Local\FluxSoftware\Flux\flux.exe
(© 2015 Microsoft Corporation) C:\Users\sumika\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Microsoft) C:\Program Files (x86)\OSD\OSD_Main.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-09-15] (IDT, Inc.)
HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [AlienFX Controller] => C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [63304 2010-05-21] (Alienware Corporation)
HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [120328 2008-04-04] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [OSD_LAUNCH] => c:\Program Files (x86)\OSD\Launch.exe [32768 2010-01-04] (HH)
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-04-28] (cyberlink)
HKLM-x32\...\Run: [uCam_Menu] => c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [iJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\FastAccess: C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll [2010-04-04] ()
HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Run: [F.lux] => C:\Users\Micky\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Micky\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568208 2015-09-11] (Google)
HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Run: [Dropbox Update] => C:\Users\Micky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-01] (Dropbox, Inc.)
HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-609782877-1678570109-4088673391-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\Run: [F.lux] => C:\Users\sumika\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\Run: [bingSvc] => C:\Users\sumika\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] scecli FAPassSync
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-12]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-04-12]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-04-12]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
GroupPolicyUsers\S-1-5-21-609782877-1678570109-4088673391-1003\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-609782877-1678570109-4088673391-1002\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-609782877-1678570109-4088673391-1001\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{B0200DF8-F103-4CE0-A759-F06A0F228BBD}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{EFBD35C6-3D4B-4CF9-BB7B-61C9A516158A}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-609782877-1678570109-4088673391-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-609782877-1678570109-4088673391-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-609782877-1678570109-4088673391-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-609782877-1678570109-4088673391-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienware.com/
HKU\S-1-5-21-609782877-1678570109-4088673391-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com
HKU\S-1-5-21-609782877-1678570109-4088673391-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-609782877-1678570109-4088673391-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://forums.malwarebytes.org/
HKU\S-1-5-21-609782877-1678570109-4088673391-1005\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.com
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-12] (LastPass)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-25] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-12] (LastPass)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll [2010-04-04] (Sensible Vision )
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-12] (LastPass)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-12] (LastPass)
Toolbar: HKU\S-1-5-21-609782877-1678570109-4088673391-1005 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\sumika\AppData\Roaming\Mozilla\Firefox\Profiles\s0hyc9xb.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2BDF&PC=SK2B&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-25] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-04-12] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-04-12] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-609782877-1678570109-4088673391-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-03-30] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-09] (Apple Inc.)
FF Extension: Bing Search - C:\Users\sumika\AppData\Roaming\Mozilla\Firefox\Profiles\s0hyc9xb.default\Extensions\bingsearch.full@microsoft.com [2015-04-25]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw => not found

Chrome:
=======
CHR HKU\S-1-5-21-609782877-1678570109-4088673391-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-609782877-1678570109-4088673391-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
R2 HappyOSD; C:\Program Files (x86)\OSD\OSD_Service.exe [16384 2010-01-04] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe [240640 2009-09-15] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GKUPRO2D; C:\Windows\System32\DRIVERS\GKUPRO2D.sys [120320 2012-11-05] (Gemalto)
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R0 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [46792 2009-07-13] (Intel Corporation)
S3 iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [178400 2009-10-13] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R3 WinRing0_1_2_0; C:\Program Files (x86)\OSD\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-04-16] (CyberLink Corp.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 21:36 - 2015-10-09 21:36 - 00026393 _____ C:\Users\sumika\Desktop\FRST.txt
2015-10-09 21:35 - 2015-10-09 21:28 - 02194944 _____ (Farbar) C:\Users\sumika\Desktop\FRST64.exe
2015-10-09 21:34 - 2015-10-09 21:34 - 00000000 ___RD C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2015-10-09 21:30 - 2015-10-09 21:36 - 00000000 ____D C:\FRST
2015-10-09 21:30 - 2015-10-09 21:30 - 00038494 _____ C:\Users\Micky\Desktop\FRST.txt
2015-10-09 21:30 - 2015-10-09 21:30 - 00030864 _____ C:\Users\Micky\Desktop\Addition.txt
2015-10-09 21:27 - 2015-10-09 21:28 - 02194944 _____ (Farbar) C:\Users\Micky\Desktop\FRST64.exe
2015-10-09 21:24 - 2015-10-09 21:24 - 00000000 ___RD C:\Users\Micky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2015-10-09 15:53 - 2015-10-09 16:00 - 00000000 ____D C:\Users\sumika\AppData\Local\Glyph
2015-10-09 15:53 - 2015-10-09 16:00 - 00000000 ____D C:\Users\Micky\AppData\Local\Glyph
2015-10-09 15:53 - 2015-10-09 16:00 - 00000000 ____D C:\ProgramData\Glyph
2015-10-09 15:53 - 2015-10-09 15:53 - 00000959 _____ C:\Users\sumika\Desktop\Glyph.lnk
2015-10-09 15:53 - 2015-10-09 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-10-09 15:52 - 2015-10-09 16:00 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-10-09 15:50 - 2015-10-09 15:51 - 31274360 _____ (Trion Worlds Inc.) C:\Users\Micky\Downloads\GlyphInstall-9999-1001.exe
2015-10-09 15:40 - 2015-10-09 15:40 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-09 15:40 - 2015-10-09 15:40 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-09 15:39 - 2015-10-09 15:39 - 00243672 _____ C:\Users\Micky\Downloads\Firefox Setup Stub 41.0.1.exe
2015-10-09 14:11 - 2015-10-09 21:16 - 00000112 _____ C:\Windows\setupact.log
2015-10-09 14:11 - 2015-10-09 14:11 - 00000000 _____ C:\Windows\setuperr.log
2015-10-09 06:38 - 2015-10-09 06:38 - 00001180 _____ C:\Windows\system32\.crusader
2015-10-09 06:29 - 2015-10-09 06:30 - 11326824 _____ (SurfRight B.V.) C:\Users\Gamerz\Downloads\HitmanPro_x64.exe
2015-10-09 06:29 - 2015-10-09 06:29 - 00000000 ____D C:\Users\Gamerz\AppData\Local\Macromedia
2015-10-09 06:11 - 2015-10-09 06:11 - 00000000 ___RD C:\Users\Gamerz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2015-10-09 06:11 - 2015-10-09 06:11 - 00000000 ____D C:\Users\Gamerz\AppData\Roaming\LastPass
2015-10-09 06:11 - 2015-10-09 06:11 - 00000000 ____D C:\Users\Gamerz\AppData\LocalLow\LastPass
2015-10-09 06:11 - 2015-10-09 06:11 - 00000000 ____D C:\Users\Gamerz\AppData\Local\GWX
2015-10-09 06:11 - 2015-10-09 06:11 - 00000000 ____D C:\Users\Gamerz\AppData\Local\Google
2015-10-08 22:47 - 2015-10-08 22:47 - 00000000 ____D C:\Users\Micky\Desktop\Old Firefox Data
2015-10-08 22:29 - 2015-10-08 22:32 - 00000000 ____D C:\AdwCleaner
2015-10-08 22:25 - 2015-10-08 22:27 - 01682432 _____ C:\Users\Micky\Downloads\AdwCleaner(1).exe
2015-10-06 20:48 - 2015-10-06 20:48 - 00000000 ____D C:\Windows\SysWOW64\syncdb
2015-10-06 20:43 - 2015-10-06 20:43 - 00000000 ____D C:\Users\sumika\AppData\Local\Steam
2015-10-06 20:43 - 2015-10-06 20:43 - 00000000 ____D C:\Users\sumika\AppData\Local\CEF
2015-10-06 18:06 - 2015-10-06 18:06 - 633643640 _____ C:\Windows\MEMORY.DMP
2015-10-06 18:06 - 2015-10-06 18:06 - 00280384 _____ C:\Windows\Minidump\100615-23509-01.dmp
2015-10-04 20:04 - 2015-10-04 20:04 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-04 20:04 - 2015-10-04 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-04 20:04 - 2015-10-04 20:04 - 00000000 ____D C:\Program Files\iTunes
2015-10-04 20:04 - 2015-10-04 20:04 - 00000000 ____D C:\Program Files\iPod
2015-10-04 20:04 - 2015-10-04 20:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-04 20:02 - 2015-10-04 20:02 - 00000000 ____D C:\Program Files\Bonjour
2015-10-04 20:02 - 2015-10-04 20:02 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-10-04 20:01 - 2015-10-04 20:01 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-10-04 20:01 - 2015-10-04 20:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-10-04 12:14 - 2015-10-04 12:14 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-04 12:14 - 2015-10-04 12:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-04 12:14 - 2015-10-04 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-02 21:54 - 2015-10-02 21:54 - 00000000 ____D C:\Users\Micky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-02 20:52 - 2015-10-09 15:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-11 16:34 - 2015-09-11 16:34 - 00011432 _____ C:\Users\Micky\Downloads\schools-Jess.xlsx
2015-09-09 21:44 - 2015-09-09 21:44 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-09 21:44 - 2015-09-09 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-09 21:43 - 2015-09-09 21:44 - 00000000 ____D C:\Program Files (x86)\QuickTime

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 21:34 - 2012-02-27 20:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-09 21:34 - 2010-08-31 14:44 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-10-09 21:34 - 2010-08-31 14:44 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-10-09 21:34 - 2010-08-12 04:23 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2015-10-09 21:29 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 21:29 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 21:26 - 2014-04-12 15:57 - 00000000 ____D C:\Users\Micky\AppData\LocalLow\LastPass
2015-10-09 21:24 - 2015-04-15 20:01 - 00000000 ___RD C:\Users\Micky\Google Drive
2015-10-09 21:22 - 2012-02-27 20:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-09 21:21 - 2009-07-14 01:13 - 00796158 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-09 21:20 - 2014-10-11 15:55 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 21:19 - 2009-07-14 01:10 - 01881169 _____ C:\Windows\WindowsUpdate.log
2015-10-09 21:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 20:42 - 2014-10-11 15:54 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-09 20:39 - 2012-10-15 20:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-09 20:39 - 2010-08-12 05:59 - 02785762 _____ C:\Windows\PFRO.log
2015-10-09 19:48 - 2015-07-01 20:36 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000UA.job
2015-10-09 19:13 - 2013-02-16 08:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-09 16:48 - 2015-07-01 20:36 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000Core.job
2015-10-09 15:48 - 2010-08-31 17:47 - 00000000 ____D C:\Users\Micky\AppData\Local\Mozilla
2015-10-09 15:41 - 2010-08-31 17:47 - 00000000 ____D C:\Users\Micky\AppData\Roaming\Mozilla
2015-10-09 15:38 - 2014-06-21 21:42 - 00000000 __SHD C:\Users\Micky\AppData\Local\EmieUserList
2015-10-09 15:38 - 2014-06-21 21:42 - 00000000 __SHD C:\Users\Micky\AppData\Local\EmieSiteList
2015-10-09 15:37 - 2015-03-29 20:33 - 00000000 __SHD C:\Users\Micky\AppData\LocalLow\EmieUserList
2015-10-09 15:37 - 2015-03-29 20:33 - 00000000 __SHD C:\Users\Micky\AppData\LocalLow\EmieSiteList
2015-10-09 15:34 - 2015-05-08 21:12 - 00000000 ____D C:\Users\sumika\AppData\Roaming\Skype
2015-10-09 15:24 - 2013-01-02 14:49 - 00000000 ____D C:\Windows\system32\appmgmt
2015-10-09 15:24 - 2010-08-12 04:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-09 15:15 - 2011-03-04 10:43 - 00000632 __RSH C:\Users\Micky\ntuser.pol
2015-10-09 15:15 - 2010-08-31 14:44 - 00000000 ____D C:\Users\Micky
2015-10-09 14:07 - 2012-02-27 20:12 - 00000000 ____D C:\Users\Micky\AppData\LocalLow\Google
2015-10-09 14:06 - 2012-02-27 20:11 - 00000000 ____D C:\Users\Micky\AppData\Local\Google
2015-10-09 13:34 - 2013-01-06 20:37 - 00000000 ____D C:\Users\sumika\AppData\Local\Google
2015-10-09 13:34 - 2012-02-27 20:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-09 07:41 - 2011-03-04 10:58 - 00000000 ____D C:\Users\Gamerz
2015-10-09 06:41 - 2012-12-28 23:04 - 00000000 ____D C:\Users\sumika
2015-10-09 06:38 - 2012-12-21 23:32 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-09 06:11 - 2011-05-27 16:04 - 00066632 _____ C:\Users\Gamerz\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-09 06:11 - 2011-05-27 16:04 - 00001415 _____ C:\Users\Gamerz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-09 06:11 - 2011-05-27 16:03 - 00001234 __RSH C:\Users\Gamerz\ntuser.pol
2015-10-09 06:11 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-09 06:09 - 2012-12-28 23:04 - 00000632 __RSH C:\Users\sumika\ntuser.pol
2015-10-08 22:57 - 2013-05-15 06:43 - 00000000 ___RD C:\Users\Micky\Dropbox
2015-10-08 22:57 - 2013-05-15 06:40 - 00000000 ____D C:\Users\Micky\AppData\Roaming\Dropbox
2015-10-08 22:12 - 2010-08-12 06:29 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-08 22:09 - 2012-02-28 17:28 - 00000000 ____D C:\Users\Jessie\AppData\Roaming\Ubisoft
2015-10-08 22:09 - 2012-02-09 16:49 - 00000000 ____D C:\Users\Gamerz\AppData\Roaming\Ubisoft
2015-10-08 22:09 - 2011-10-06 17:24 - 00000000 ____D C:\Users\Micky\AppData\Roaming\Ubisoft
2015-10-08 22:09 - 2011-10-06 17:05 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-10-08 22:09 - 2010-08-12 04:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-08 22:09 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-08 22:03 - 2012-12-28 23:05 - 00066632 _____ C:\Users\sumika\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-08 21:56 - 2010-08-31 22:21 - 00000000 ____D C:\Users\Micky\AppData\Local\Adobe
2015-10-08 21:54 - 2015-01-09 20:57 - 00000000 ____D C:\Users\Micky\Documents\ArcheAgeOld
2015-10-08 21:53 - 2010-08-12 04:22 - 00000000 ____D C:\ProgramData\Adobe
2015-10-08 21:51 - 2015-07-11 18:21 - 00000000 ____D C:\Users\sumika\AppData\Local\Adobe
2015-10-08 06:02 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 05:56 - 2010-08-31 14:44 - 00066632 _____ C:\Users\Micky\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-08 05:56 - 2009-07-14 00:45 - 00298336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-07 22:08 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-06 20:48 - 2013-01-02 18:28 - 00000000 ____D C:\Users\sumika\AppData\Roaming\Adobe
2015-10-06 20:32 - 2014-06-01 14:18 - 00000000 ____D C:\Users\sumika\AppData\Roaming\Guild Wars 2
2015-10-06 18:06 - 2013-06-11 20:20 - 00000000 ____D C:\Windows\Minidump
2015-10-06 13:46 - 2014-10-11 15:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-06 12:57 - 2015-05-20 14:34 - 00000000 ____D C:\Users\sumika\AppData\Local\CrashDumps
2015-10-06 12:56 - 2014-10-11 15:54 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-06 12:56 - 2014-10-11 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-04 20:04 - 2012-03-30 16:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-04 20:01 - 2012-03-30 16:12 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-04 14:59 - 2015-04-25 10:12 - 00000000 ____D C:\Users\Micky\AppData\Roaming\Skype
2015-10-04 12:15 - 2015-04-25 10:11 - 00000000 ____D C:\ProgramData\Skype
2015-10-01 19:25 - 2015-04-15 13:34 - 00002004 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-10-01 19:25 - 2015-04-15 13:34 - 00002002 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-10-01 19:25 - 2015-04-15 13:34 - 00001992 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-10-01 19:25 - 2015-04-15 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-09-26 21:06 - 2015-07-16 07:21 - 00000000 ____D C:\Users\Micky\Documents\finances
2015-09-26 12:44 - 2015-07-09 21:59 - 00000000 ____D C:\Users\Micky\AppData\Local\TeamSpeak 3 Client
2015-09-23 14:12 - 2014-07-21 06:44 - 00000000 ____D C:\Users\Micky\AppData\Local\Akamai
2015-09-22 11:15 - 2013-02-16 08:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-22 11:14 - 2013-01-19 17:27 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-22 11:14 - 2013-01-19 17:27 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-16 18:10 - 2015-04-15 19:21 - 00000000 ____D C:\Users\Micky\Documents\Jess
2015-09-14 16:17 - 2012-02-27 20:11 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-14 16:17 - 2012-02-27 20:11 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-10 20:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-09-09 06:13 - 2009-07-14 03:47 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 06:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions

==================== Files in the root of some directories =======

2014-04-12 15:58 - 2014-04-12 15:58 - 14883840 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-06-08 21:34 - 2015-06-08 21:40 - 0000566 _____ () C:\Users\sumika\AppData\Roaming\burnaware.ini

Some files in TEMP:
====================
C:\Users\Micky\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqh9yep.dll
C:\Users\Micky\AppData\Local\temp\MSETUP4.EXE
C:\Users\Micky\AppData\Local\temp\otk37zu0.dll
C:\Users\PF\AppData\Local\temp\Gw2.exe
C:\Users\sumika\AppData\Local\temp\HitmanPro.exe
C:\Users\sumika\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-06 13:40

==================== End of FRST.txt ============================

 

Addition.txt *********************************************************************

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by sumika (2015-10-09 21:36:44)
Running from C:\Users\sumika\Desktop
Windows 7 Professional Service Pack 1 (X64) (2010-08-31 18:44:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-609782877-1678570109-4088673391-500 - Administrator - Disabled)
ASPNET (S-1-5-21-609782877-1678570109-4088673391-1007 - Limited - Enabled)
Gamerz (S-1-5-21-609782877-1678570109-4088673391-1003 - Limited - Enabled) => C:\Users\Gamerz
Guest (S-1-5-21-609782877-1678570109-4088673391-501 - Limited - Disabled)
Jessie (S-1-5-21-609782877-1678570109-4088673391-1001 - Limited - Enabled) => C:\Users\Jessie
Micky (S-1-5-21-609782877-1678570109-4088673391-1000 - Limited - Enabled) => C:\Users\Micky
PF (S-1-5-21-609782877-1678570109-4088673391-1002 - Limited - Enabled) => C:\Users\PF
sumika (S-1-5-21-609782877-1678570109-4088673391-1005 - Administrator - Enabled) => C:\Users\sumika

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Alienware)
AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Alienware)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ATI Catalyst Install Manager (HKLM\...\{AF1591C8-243B-F1C2-3DDC-263FA2AFF515}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Banctec Service Agreement (HKLM-x32\...\{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}) (Version: 2.0.0 - Dell Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - )
Canon iP2700 series User Registration (HKLM-x32\...\Canon iP2700 series User Registration) (Version:  - )
Canon MX700 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (x32 Version: 2009.1217.1710.30775 - ATI) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.1.10049.0 - Cisco Consumer Products LLC)
Command Center (HKLM-x32\...\InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}) (Version: 2.5.54.0 - Alienware Corp.)
Command Center (Version: 2.5.54.0 - Alienware Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3131 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\Flux) (Version:  - )
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
FastStone Photo Resizer 3.1 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Drive (HKLM-x32\...\{CF772DD2-4767-49AE-B764-EACA6F6CD9AE}) (Version: 1.25.0286.7715 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\HappyCloud) (Version: 1.368 - Happy Cloud, Inc.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Network Connections 14.8.43.0 (HKLM\...\PROSetDX) (Version: 14.8.43.0 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech Gaming Software 5.02 (HKLM\...\{ECDF0939-A653-44D0-8B8E-597B890F45EC}) (Version: 5.02.116 - Logitech)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 en-US)) (Version: 38.2.0 - Mozilla)
MSRedist (x32 Version: 9.0.30729.4148 - Symantec Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{3b6371dd-9f71-40bd-bcfb-7096af55a197}) (Version:  - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
OSD Setup (HKLM-x32\...\{98E5A0C3-86ED-4429-9386-F0DB49E958EA}) (Version: 1.1.0 - MyOSD)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.57.01 - RICOH)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.12.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Lord of the Rings Online (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\LOTROen) (Version:  - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9603 - Broadcom Corporation)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

09-10-2015 09:31:14 Scheduled Checkpoint
09-10-2015 13:30:45 Removed Google Earth
09-10-2015 15:23:47 Removed Ventrilo Client for Windows x64
09-10-2015 15:24:30 Removed Adobe Acrobat Reader DC.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-01-12 13:24 - 00000021 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {136CD927-574B-499B-A49C-8B98D9947AA2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000Core => C:\Users\Micky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-01] (Dropbox, Inc.)
Task: {1C7F9246-27DC-496C-96F6-5B7F33923532} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {23ED1071-11DE-4D93-9198-E2EEFA45210A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {294509B8-1FFE-4461-B9C2-B18692121E49} - System32\Tasks\{CDC3D427-A553-44CE-AFDB-1252E0427C4D} => pcalua.exe -a C:\Users\Micky\Downloads\sdvp_pdf_export.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {30BD7623-F683-42EF-8130-8FA819B34353} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {430967BF-C2D5-4F19-B6A2-93720D73BE3B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {44B5E43A-7881-4FB7-A501-5001A7CC9496} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {53F3FB31-1B49-4512-BEF9-94B133796B3F} - \One System Care Monitor -> No File <==== ATTENTION
Task: {6D9F6710-CC8E-4ADB-9E48-033324EE9DD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {6F0A65AD-8080-4B82-9677-D79CC40D06A1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {75B5D71C-EBD3-4F41-8B31-EF5B1DD5D635} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B72537B4-3329-4042-9555-246207F3945F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000UA => C:\Users\Micky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-01] (Dropbox, Inc.)
Task: {C2D8808F-41F5-4A0D-8FB4-C4BE6476D0D9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {C644A805-4A7B-427F-9FE4-A3934339EA63} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {D5872B23-EB1C-4723-8302-AA5E68B5BA93} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000Core.job => C:\Users\Micky\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000UA.job => C:\Users\Micky\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-05-21 11:39 - 2010-05-21 11:39 - 00154424 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
2010-08-12 04:13 - 2010-08-12 04:13 - 00075056 _____ () C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-04 15:10 - 2010-01-04 15:10 - 00016384 _____ () C:\Program Files (x86)\OSD\OSD_Service.exe
2009-05-05 13:56 - 2009-05-05 13:56 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-12 04:22 - 2010-08-12 04:22 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-12 04:23 - 2011-08-18 12:05 - 02751808 _____ () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-05-21 11:38 - 2010-05-21 11:38 - 00016704 _____ () C:\Program Files\Alienware\Command Center\AlienFusionController.exe
2010-04-04 14:45 - 2010-04-04 14:45 - 00094536 _____ () C:\Windows\system32\FAIEExtension.DLL
2010-08-12 04:13 - 2010-08-12 04:13 - 00037712 _____ () C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
2010-08-12 04:13 - 2010-08-12 04:13 - 00025408 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
2010-08-12 04:13 - 2010-08-12 04:13 - 00011584 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll
2010-08-12 04:13 - 2010-08-12 04:13 - 00024904 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
2010-08-12 04:13 - 2010-08-12 04:13 - 00028496 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
2010-08-12 04:13 - 2010-08-12 04:13 - 00027984 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
2010-08-12 04:13 - 2010-08-12 04:13 - 00036688 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
2010-08-12 04:13 - 2010-08-12 04:13 - 00019792 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
2010-08-12 04:13 - 2010-08-12 04:13 - 00036688 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
2010-08-12 04:13 - 2010-08-12 04:13 - 00037200 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
2010-08-12 04:13 - 2010-08-12 04:13 - 00017224 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll
2010-01-11 18:01 - 2010-01-11 18:01 - 00046080 _____ () C:\Program Files (x86)\OSD\Win7CCD.dll
2015-10-09 15:46 - 2015-10-09 15:46 - 01020928 _____ () C:\Users\Micky\AppData\Roaming\Mozilla\Firefox\Profiles\i9mwyurn.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-10-09 21:24 - 2015-10-09 21:24 - 00098816 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32api.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00110080 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\pywintypes27.dll
2015-10-09 21:24 - 2015-10-09 21:24 - 00364544 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\pythoncom27.dll
2015-10-09 21:24 - 2015-10-09 21:24 - 00046080 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_socket.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 01208320 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_ssl.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00320512 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32com.shell.shell.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00776704 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_hashlib.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 01176576 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._core_.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00806400 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._gdi_.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00816128 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._windows_.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 01067008 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._controls_.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00733184 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._misc_.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00682496 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\pysqlite2._sqlite.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00088064 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_ctypes.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00119808 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32file.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00108544 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32security.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00007168 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\hashobjs_ext.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00070144 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\usb_ext.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00167936 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32gui.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00018432 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32event.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00128512 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_elementtree.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00127488 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\pyexpat.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00013824 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\common.time34.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00036864 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_psutil_windows.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00038912 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32inet.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00011264 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32crypt.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00077312 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._html2.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00027136 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_multiprocessing.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00020480 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_yappi.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00035840 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32process.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00686080 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\unicodedata.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00123392 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._wizard.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00024064 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32pipe.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00010240 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\select.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00025600 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32pdh.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00525640 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\windows._lib_cacheinvalidation.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00017408 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32profile.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00022528 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32ts.pyd
2015-10-09 21:24 - 2015-10-09 21:24 - 00078848 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._animate.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\microsoft.com -> hxxp://*.update.microsoft.com
IE trusted site: HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\microsoft.com -> hxxps://*.update.microsoft.com
IE trusted site: HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\windowsupdate.com -> hxxp://download.windowsupdate.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-609782877-1678570109-4088673391-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Micky\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-609782877-1678570109-4088673391-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0B2C8302-DC2E-4479-991D-8C77480EB1F9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{D2074901-9CD2-453A-82ED-12B228E2A5EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AEB4F819-B9AF-499D-A099-27AFC5F2F1B4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8A6855DC-FD4D-4C29-8DEC-0967213B7CC9}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{F66A9915-773B-4C4C-AEC4-36439EC40038}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{567F5D0C-E77A-41C9-AE3E-10D1D99ACB67}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{E5F6A2BA-787C-46BE-8EDA-1C115B002708}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{EB8E8618-CD3F-4B29-94FD-46CC45056DB5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{9E708BB7-4D79-4C4B-8A98-0B2EC9491307}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{4434DCDD-E488-40B5-951F-62E6D0D3B6C6}] => (Allow) C:\Users\sumika\AppData\Local\temp\7zS1CB3.tmp\SymNRT.exe
FirewallRules: [{68392503-FC95-4EB6-BCD2-E11262732B34}] => (Allow) C:\Users\sumika\AppData\Local\temp\7zS1CB3.tmp\SymNRT.exe
FirewallRules: [{5AF57BA9-1FDD-4F77-9CC5-19774F82ED5B}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{441CD3C1-5BC4-4391-B991-D11724186847}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{8C613B2F-6EFD-40E5-8B4C-FD3623939EBB}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{F8540CB6-7DA1-469B-89D7-6552D446DED5}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [TCP Query User{D8F9FEB2-A0A2-4EC2-BAA2-AC20ADD6D5DB}C:\programdata\turbine\the lord of the rings online\lotroclient.exe] => (Block) C:\programdata\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [uDP Query User{8F11FFE2-5AA6-4F72-88D2-ED2D3CA7E588}C:\programdata\turbine\the lord of the rings online\lotroclient.exe] => (Block) C:\programdata\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [{56B31B81-6F79-42D5-8BD1-608A89BD67EE}] => (Allow) C:\Users\Micky\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{66003D94-932A-4F57-9B55-C87122D343A9}] => (Allow) C:\Users\Micky\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{2543F502-18AA-4753-88F1-54B7ABB8E1C9}C:\users\micky\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\micky\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{02BFEDC8-D5BF-47F2-A123-1ABF4142956F}C:\users\micky\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\micky\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{452D0A75-161E-4CD6-A1A0-78CCF67CE269}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{BE704B3C-7092-4072-801D-5272B69CF729}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{EC156D59-7C26-4E9C-A511-F193E0C68ACF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D41E61D6-E170-4661-AE04-B311F46A96AC}] => (Allow) LPort=2869
FirewallRules: [{6728BDE8-588A-4A9A-AD9C-6C08798C431D}] => (Allow) LPort=1900
FirewallRules: [{E7449E7C-26C0-498F-A495-1CB87771EE62}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{084A8A2E-75C5-4A8C-8E6A-839E868342B4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{B0D3C49F-BF08-4E7C-9059-6D8F98C15C0B}C:\users\pf\appdata\local\temp\gw2.exe] => (Allow) C:\users\pf\appdata\local\temp\gw2.exe
FirewallRules: [uDP Query User{D8E0B9DE-B7CF-4779-A01F-F05319581362}C:\users\pf\appdata\local\temp\gw2.exe] => (Allow) C:\users\pf\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{1324D719-0665-4077-B45D-3E7C52545634}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [uDP Query User{B4841580-BEF6-4195-801D-195E0C62A6C3}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{BE510829-FF23-4546-9577-F558421961A9}C:\users\micky\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\micky\appdata\local\akamai\netsession_win.exe
FirewallRules: [uDP Query User{186F72CE-32DB-47F8-9616-9ADB186D906B}C:\users\micky\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\micky\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{DEF21DA1-2D66-4C4D-984C-EDF69B9ECDEF}C:\users\micky\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\micky\appdata\local\akamai\netsession_win.exe
FirewallRules: [uDP Query User{59C4D1CF-CE86-487B-8F82-CF4A1CFB8F0C}C:\users\micky\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\micky\appdata\local\akamai\netsession_win.exe
FirewallRules: [{12520024-24E9-4A00-9E56-0629FE77E954}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8FFF1B2C-CC98-4B69-A585-4DF6E1AC34FC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{1214398B-FDFE-4A51-8EB5-E225B0016B8E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{8B11E352-1E8E-49BB-BD74-BE137B2D1DA4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{440B7C55-18C4-4641-936E-A8F1403379E8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1FC6E87C-6D42-40F0-9F8C-190DE81CE5D5}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{D56B06B5-AE91-4FBD-96AF-F80AD9378CB5}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{F1642526-0585-4C7A-8B21-B4ED6F512617}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{61333CA2-DE02-46E6-B525-7996E4110B70}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F8B2903-B295-457F-83CF-046016529EF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6D2764D0-3367-476F-8819-1E62C615CD03}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9F1921F2-DDD8-4E6D-BA04-EF8DB4805395}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3F52DB36-6C67-4C2C-B737-2577E378F673}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{08651C39-2EA6-426F-BEEC-AA3939AE965A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2015 07:53:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18015 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3dcc

Start Time: 01d102c9e485fc47

Termination Time: 9

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: d82837b6-6ee0-11e5-a490-0026b9ff2681

Error: (10/09/2015 06:27:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.8.204.0, time stamp: 0x5541eadf
Faulting module name: mpsvc.dll, version: 4.8.204.0, time stamp: 0x5541eb17
Exception code: 0xc0000005
Fault offset: 0x00000000000139c1
Faulting process id: 0x3b8
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3

Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000030c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003B4EB30.72).  hr = 0x80070005, Access is denied.
.

Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000d10,(null),0,REG_BINARY,000000000888E3A0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {3e252995-d87b-4b67-a396-1ac923c950fe}

Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000798,(null),0,REG_BINARY,0000000003C3E320.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {83834c2e-4cd6-4683-828b-0bbe93fdd3d4}

Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000d10,(null),0,REG_BINARY,000000000888E3A0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {3e252995-d87b-4b67-a396-1ac923c950fe}

Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000798,(null),0,REG_BINARY,0000000003C3E320.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {83834c2e-4cd6-4683-828b-0bbe93fdd3d4}

Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001cc,(null),0,REG_BINARY,00000000036EEA60.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {4f5c71df-96ff-4b8c-a791-f795c77319ed}

Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002ec,(null),0,REG_BINARY,00000000028FE310.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {154cfae3-beaf-4543-bfdf-c40871bfff7c}

Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,(null),0,REG_BINARY,0000000001FFED30.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {40ef47c2-1601-4e1c-9912-596e796d11b5}


System errors:
=============
Error: (10/09/2015 09:35:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/09/2015 09:24:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/09/2015 09:17:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/09/2015 08:40:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/09/2015 08:40:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/09/2015 08:40:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/09/2015 08:40:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/09/2015 08:40:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/09/2015 08:40:02 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/09/2015 08:39:57 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


==================== Memory info ===========================

Processor: Intel® Core i7 CPU Q 840 @ 1.87GHz
Percentage of memory in use: 29%
Total physical RAM: 8180.5 MB
Available physical RAM: 5783.23 MB
Total Virtual: 16359.21 MB
Available Virtual: 13385.07 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:223.79 GB) (Free:59.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: B347C6D6)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=223.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Staff

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.


2eyjdoj.png Check Disk

  • Press the WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
Check Disk report:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

fixlist.txt

Link to post
Share on other sites

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          10/10/2015 7:59:28 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Raider
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x59d1.
  329984 file records processed.                                         

File verification completed.
  2269 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  10115 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  424808 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  329984 file SDs/SIDs processed.                                        

Cleaning up 1104 unused index entries from index $SII of file 0x9.
Cleaning up 1104 unused index entries from index $SDH of file 0x9.
Cleaning up 1104 unused security descriptors.
Security descriptor verification completed.
  47413 data files processed.                                           

CHKDSK is verifying Usn Journal...
  36379504 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  329968 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  18743814 free clusters processed.                                        

Free space verification is complete.
Windows has made corrections to the file system.

 234657909 KB total disk space.
 159106344 KB in 212316 files.
    133504 KB in 47414 indexes.
         0 KB in bad sectors.
    442805 KB in use by the system.
     65536 KB occupied by the log file.
  74975256 KB available on disk.

      4096 bytes in each allocation unit.
  58664477 total allocation units on disk.
  18743814 allocation units available on disk.

Internal Info:
00 09 05 00 8d f6 03 00 21 8c 07 00 00 00 00 00  ........!.......
44 0a 00 00 83 27 00 00 00 00 00 00 00 00 00 00  D....'..........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-10-10T11:59:28.000000000Z" />
    <EventRecordID>55564</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Raider</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0x59d1.
  329984 file records processed.                                         

File verification completed.
  2269 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  10115 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  424808 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  329984 file SDs/SIDs processed.                                        

Cleaning up 1104 unused index entries from index $SII of file 0x9.
Cleaning up 1104 unused index entries from index $SDH of file 0x9.
Cleaning up 1104 unused security descriptors.
Security descriptor verification completed.
  47413 data files processed.                                           

CHKDSK is verifying Usn Journal...
  36379504 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  329968 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  18743814 free clusters processed.                                        

Free space verification is complete.
Windows has made corrections to the file system.

 234657909 KB total disk space.
 159106344 KB in 212316 files.
    133504 KB in 47414 indexes.
         0 KB in bad sectors.
    442805 KB in use by the system.
     65536 KB occupied by the log file.
  74975256 KB available on disk.

      4096 bytes in each allocation unit.
  58664477 total allocation units on disk.
  18743814 allocation units available on disk.

Internal Info:
00 09 05 00 8d f6 03 00 21 8c 07 00 00 00 00 00  ........!.......
44 0a 00 00 83 27 00 00 00 00 00 00 00 00 00 00  D....'..........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

Fixlog.txt

Link to post
Share on other sites

To check how the system is behaving, I have been trying to exercise it with the types of activities I associate with the poor performance and MS Security Essentials (MSSE) being turned off.

 

The two activities that come to mind are 1) web browser use and 2) playing the game ArcheAge (by Trion Worlds). I don't know if these two activities really trigger the behaviors or there is an underlying issue on my computer.

 

My first test was to re-install the two programs necessary to run ArcheAge (Glyph and ArcheAge - I had uninstalled them earlier thinking they could be part of the problem). Near the very end of the install of ArcheAge, MS Security Essentials turned off (I don't know how or why). In the last few days, I have gotten into the habit of having the MS Security Essentials window open so I could tell at a glance if it is On or Off - so it was easy to see when it changed to Off. I wasn't doing anything else at that time with the system except watching the install window. I turned MSSE back on (it took >30 sec for it to change to On). The system does seem faster. I ran the game for awhile. MSSE switched off a second time (I wasn't doing anything else).

 

Trion claims that Glyph must be run as administrator (and indeed other players report it will not run correctly without admin privs). Trion's website suggests that if there are firewall or antivirus problems that Glyph and its downloader program should be whitelisted. I have not done this with this install because I didn't want to do something you didn't direct me to do. Please let me know if you want me to make that change and try it.

 

[i checked Trion's support website regarding problems with MSSE and couldn't find anything other than the above advice. I know someone else who currently has Windows 7 (but not Professional) and MSSE along with ArcheAge with no apparent problems.]

 

Given your earlier direction to refrain from internet access, I haven't tried using the web browser for anything other than this post. Although my use of the browser has been very limited, it seems fine so far, e.g., no signs of slowness and MSSE is still On. Should I use this more? Given the earlier advice, I was relunctant to do much along these lines and especially to go to any site where I needed a password without your ok.

 

Next steps?

Link to post
Share on other sites

  • Staff

MSE indeed has/had some problems:

Error: (10/09/2015 06:27:40 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MsMpEng.exe, version: 4.8.204.0, time stamp: 0x5541eadf

Faulting module name: mpsvc.dll, version: 4.8.204.0, time stamp: 0x5541eb17

Exception code: 0xc0000005

Fault offset: 0x00000000000139c1

Faulting process id: 0x3b8

Faulting application start time: 0xMsMpEng.exe0

Faulting application path: MsMpEng.exe1

Faulting module path: MsMpEng.exe2

Report Id: MsMpEng.exe3

I would like you to reinstall it.

You can run this utility and select Microsoft Security Essentials for uninstall:

https://support.microsoft.com/en-us/mats/program_install_and_uninstall?wa=wsignin1.0

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.