Mika Posted October 10, 2015 ID:994607 Share Posted October 10, 2015 Hi, Running Windows 7 and MS Security Essentials. Inadvertently picked up OneSystemCare malware in June; ran Malwarebytes (with suspect files quarantined) and thought that was the end of it. In retrospect, the system has been running more and more slowly since then. New recent behavior is the system will periodically freeze for minutes and MS Security Eesentials will be turned off. Ran Malwarebytes again. 1 OneSystemCare file quarantined, but the behaviors uneffected. So, likely OneSystemCare has not been entirely removed and/or other malware is present. Please help..Thank you. FRST.txt*************************************************************** Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015Ran by sumika (administrator) on RAIDER (09-10-2015 21:36:16)Running from C:\Users\sumika\DesktopLoaded Profiles: Micky & sumika (Available Profiles: Micky & Jessie & PF & Gamerz & sumika)Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\stacsv64.exe(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe() C:\Program Files (x86)\OSD\OSD_Service.exe(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Flux Software LLC) C:\Users\Micky\AppData\Local\FluxSoftware\Flux\flux.exe(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe(Akamai Technologies, Inc.) C:\Users\Micky\AppData\Local\Akamai\netsession_win.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Akamai Technologies, Inc.) C:\Users\Micky\AppData\Local\Akamai\netsession_win.exe(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe(Microsoft) C:\Program Files (x86)\OSD\OSD_Main.exe(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(AMD) C:\Windows\System32\atieclxx.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Flux Software LLC) C:\Users\sumika\AppData\Local\FluxSoftware\Flux\flux.exe(© 2015 Microsoft Corporation) C:\Users\sumika\AppData\Local\Microsoft\BingSvc\BingSvc.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe(Microsoft) C:\Program Files (x86)\OSD\OSD_Main.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe() C:\Program Files\Alienware\Command Center\AlienFusionController.exe(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-09-15] (IDT, Inc.)HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)HKLM\...\Run: [AlienFX Controller] => C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [63304 2010-05-21] (Alienware Corporation)HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [120328 2008-04-04] (Logitech Inc.)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)HKLM-x32\...\Run: [OSD_LAUNCH] => c:\Program Files (x86)\OSD\Launch.exe [32768 2010-01-04] (HH)HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-17] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)HKLM-x32\...\Run: [PDVD8LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)HKLM-x32\...\Run: [bDRegion] => c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-04-28] (cyberlink)HKLM-x32\...\Run: [uCam_Menu] => c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)HKLM-x32\...\Run: [iJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-23] (Apple Inc.)HKLM-x32\...\Run: [FAStartup] => [X]HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)Winlogon\Notify\FastAccess: C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll [2010-04-04] ()HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Run: [F.lux] => C:\Users\Micky\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Micky\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568208 2015-09-11] (Google)HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Run: [Dropbox Update] => C:\Users\Micky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-01] (Dropbox, Inc.)HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Policies\system: [LogonHoursAction] 2HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\S-1-5-21-609782877-1678570109-4088673391-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\Run: [F.lux] => C:\Users\sumika\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\Run: [bingSvc] => C:\Users\sumika\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\Policies\system: [LogonHoursAction] 2HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1Lsa: [Notification Packages] scecli FAPassSyncShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-09-11] (Google)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No FileStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-12]ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-04-12]ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-04-12]ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)GroupPolicyUsers\S-1-5-21-609782877-1678570109-4088673391-1003\User: Restriction <======= ATTENTIONGroupPolicyUsers\S-1-5-21-609782877-1678570109-4088673391-1002\User: Restriction <======= ATTENTIONGroupPolicyUsers\S-1-5-21-609782877-1678570109-4088673391-1001\User: Restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1Tcpip\..\Interfaces\{B0200DF8-F103-4CE0-A759-F06A0F228BBD}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1Tcpip\..\Interfaces\{EFBD35C6-3D4B-4CF9-BB7B-61C9A516158A}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-609782877-1678570109-4088673391-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\S-1-5-21-609782877-1678570109-4088673391-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-609782877-1678570109-4088673391-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-609782877-1678570109-4088673391-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienware.com/HKU\S-1-5-21-609782877-1678570109-4088673391-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.comHKU\S-1-5-21-609782877-1678570109-4088673391-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-609782877-1678570109-4088673391-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://forums.malwarebytes.org/HKU\S-1-5-21-609782877-1678570109-4088673391-1005\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.alienware.comBHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-25] (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-12] (LastPass)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-25] (Oracle Corporation)BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-12] (LastPass)BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll [2010-04-04] (Sensible Vision )BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No FileToolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-12] (LastPass)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-12] (LastPass)Toolbar: HKU\S-1-5-21-609782877-1678570109-4088673391-1005 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cabFireFox:========FF ProfilePath: C:\Users\sumika\AppData\Roaming\Mozilla\Firefox\Profiles\s0hyc9xb.defaultFF DefaultSearchEngine: BingFF SearchEngineOrder.3: BingFF SelectedSearchEngine: BingFF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2BDF&PC=SK2B&q=FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-25] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-25] (Oracle Corporation)FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-04-12] (LastPass)FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-04-12] (LastPass)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)FF Plugin HKU\S-1-5-21-609782877-1678570109-4088673391-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-01-03] (The Happy Cloud)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012-03-30] (Sun Microsystems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-09] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-09] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-09] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-09] (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-09] (Apple Inc.)FF Extension: Bing Search - C:\Users\sumika\AppData\Roaming\Mozilla\Firefox\Profiles\s0hyc9xb.default\Extensions\bingsearch.full@microsoft.com [2015-04-25]FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw => not foundChrome:=======CHR HKU\S-1-5-21-609782877-1678570109-4088673391-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-609782877-1678570109-4088673391-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)R2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )R2 HappyOSD; C:\Program Files (x86)\OSD\OSD_Service.exe [16384 2010-01-04] () [File not signed]S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe [240640 2009-09-15] (IDT, Inc.)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S3 GKUPRO2D; C:\Windows\System32\DRIVERS\GKUPRO2D.sys [120320 2012-11-05] (Gemalto)S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)R0 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [46792 2009-07-13] (Intel Corporation)S3 iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [178400 2009-10-13] (Intel Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)R3 WinRing0_1_2_0; C:\Program Files (x86)\OSD\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; c:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-04-16] (CyberLink Corp.)S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-10-09 21:36 - 2015-10-09 21:36 - 00026393 _____ C:\Users\sumika\Desktop\FRST.txt2015-10-09 21:35 - 2015-10-09 21:28 - 02194944 _____ (Farbar) C:\Users\sumika\Desktop\FRST64.exe2015-10-09 21:34 - 2015-10-09 21:34 - 00000000 ___RD C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 82015-10-09 21:30 - 2015-10-09 21:36 - 00000000 ____D C:\FRST2015-10-09 21:30 - 2015-10-09 21:30 - 00038494 _____ C:\Users\Micky\Desktop\FRST.txt2015-10-09 21:30 - 2015-10-09 21:30 - 00030864 _____ C:\Users\Micky\Desktop\Addition.txt2015-10-09 21:27 - 2015-10-09 21:28 - 02194944 _____ (Farbar) C:\Users\Micky\Desktop\FRST64.exe2015-10-09 21:24 - 2015-10-09 21:24 - 00000000 ___RD C:\Users\Micky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 82015-10-09 15:53 - 2015-10-09 16:00 - 00000000 ____D C:\Users\sumika\AppData\Local\Glyph2015-10-09 15:53 - 2015-10-09 16:00 - 00000000 ____D C:\Users\Micky\AppData\Local\Glyph2015-10-09 15:53 - 2015-10-09 16:00 - 00000000 ____D C:\ProgramData\Glyph2015-10-09 15:53 - 2015-10-09 15:53 - 00000959 _____ C:\Users\sumika\Desktop\Glyph.lnk2015-10-09 15:53 - 2015-10-09 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph2015-10-09 15:52 - 2015-10-09 16:00 - 00000000 ____D C:\Program Files (x86)\Glyph2015-10-09 15:50 - 2015-10-09 15:51 - 31274360 _____ (Trion Worlds Inc.) C:\Users\Micky\Downloads\GlyphInstall-9999-1001.exe2015-10-09 15:40 - 2015-10-09 15:40 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-10-09 15:40 - 2015-10-09 15:40 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-10-09 15:39 - 2015-10-09 15:39 - 00243672 _____ C:\Users\Micky\Downloads\Firefox Setup Stub 41.0.1.exe2015-10-09 14:11 - 2015-10-09 21:16 - 00000112 _____ C:\Windows\setupact.log2015-10-09 14:11 - 2015-10-09 14:11 - 00000000 _____ C:\Windows\setuperr.log2015-10-09 06:38 - 2015-10-09 06:38 - 00001180 _____ C:\Windows\system32\.crusader2015-10-09 06:29 - 2015-10-09 06:30 - 11326824 _____ (SurfRight B.V.) C:\Users\Gamerz\Downloads\HitmanPro_x64.exe2015-10-09 06:29 - 2015-10-09 06:29 - 00000000 ____D C:\Users\Gamerz\AppData\Local\Macromedia2015-10-09 06:11 - 2015-10-09 06:11 - 00000000 ___RD C:\Users\Gamerz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 82015-10-09 06:11 - 2015-10-09 06:11 - 00000000 ____D C:\Users\Gamerz\AppData\Roaming\LastPass2015-10-09 06:11 - 2015-10-09 06:11 - 00000000 ____D C:\Users\Gamerz\AppData\LocalLow\LastPass2015-10-09 06:11 - 2015-10-09 06:11 - 00000000 ____D C:\Users\Gamerz\AppData\Local\GWX2015-10-09 06:11 - 2015-10-09 06:11 - 00000000 ____D C:\Users\Gamerz\AppData\Local\Google2015-10-08 22:47 - 2015-10-08 22:47 - 00000000 ____D C:\Users\Micky\Desktop\Old Firefox Data2015-10-08 22:29 - 2015-10-08 22:32 - 00000000 ____D C:\AdwCleaner2015-10-08 22:25 - 2015-10-08 22:27 - 01682432 _____ C:\Users\Micky\Downloads\AdwCleaner(1).exe2015-10-06 20:48 - 2015-10-06 20:48 - 00000000 ____D C:\Windows\SysWOW64\syncdb2015-10-06 20:43 - 2015-10-06 20:43 - 00000000 ____D C:\Users\sumika\AppData\Local\Steam2015-10-06 20:43 - 2015-10-06 20:43 - 00000000 ____D C:\Users\sumika\AppData\Local\CEF2015-10-06 18:06 - 2015-10-06 18:06 - 633643640 _____ C:\Windows\MEMORY.DMP2015-10-06 18:06 - 2015-10-06 18:06 - 00280384 _____ C:\Windows\Minidump\100615-23509-01.dmp2015-10-04 20:04 - 2015-10-04 20:04 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk2015-10-04 20:04 - 2015-10-04 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-10-04 20:04 - 2015-10-04 20:04 - 00000000 ____D C:\Program Files\iTunes2015-10-04 20:04 - 2015-10-04 20:04 - 00000000 ____D C:\Program Files\iPod2015-10-04 20:04 - 2015-10-04 20:04 - 00000000 ____D C:\Program Files (x86)\iTunes2015-10-04 20:02 - 2015-10-04 20:02 - 00000000 ____D C:\Program Files\Bonjour2015-10-04 20:02 - 2015-10-04 20:02 - 00000000 ____D C:\Program Files (x86)\Bonjour2015-10-04 20:01 - 2015-10-04 20:01 - 00000000 ____D C:\Windows\System32\Tasks\Apple2015-10-04 20:01 - 2015-10-04 20:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update2015-10-04 12:14 - 2015-10-04 12:14 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk2015-10-04 12:14 - 2015-10-04 12:14 - 00000000 ___RD C:\Program Files (x86)\Skype2015-10-04 12:14 - 2015-10-04 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-10-02 21:54 - 2015-10-02 21:54 - 00000000 ____D C:\Users\Micky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-10-02 20:52 - 2015-10-09 15:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-09-11 16:34 - 2015-09-11 16:34 - 00011432 _____ C:\Users\Micky\Downloads\schools-Jess.xlsx2015-09-09 21:44 - 2015-09-09 21:44 - 00001807 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2015-09-09 21:44 - 2015-09-09 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2015-09-09 21:43 - 2015-09-09 21:44 - 00000000 ____D C:\Program Files (x86)\QuickTime==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-10-09 21:34 - 2012-02-27 20:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-10-09 21:34 - 2010-08-31 14:44 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks2015-10-09 21:34 - 2010-08-31 14:44 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks2015-10-09 21:34 - 2010-08-12 04:23 - 00000000 ____D C:\Program Files (x86)\AlienRespawn2015-10-09 21:29 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-10-09 21:29 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-10-09 21:26 - 2014-04-12 15:57 - 00000000 ____D C:\Users\Micky\AppData\LocalLow\LastPass2015-10-09 21:24 - 2015-04-15 20:01 - 00000000 ___RD C:\Users\Micky\Google Drive2015-10-09 21:22 - 2012-02-27 20:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-10-09 21:21 - 2009-07-14 01:13 - 00796158 _____ C:\Windows\system32\PerfStringBackup.INI2015-10-09 21:20 - 2014-10-11 15:55 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-10-09 21:19 - 2009-07-14 01:10 - 01881169 _____ C:\Windows\WindowsUpdate.log2015-10-09 21:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-10-09 20:42 - 2014-10-11 15:54 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-10-09 20:39 - 2012-10-15 20:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-10-09 20:39 - 2010-08-12 05:59 - 02785762 _____ C:\Windows\PFRO.log2015-10-09 19:48 - 2015-07-01 20:36 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000UA.job2015-10-09 19:13 - 2013-02-16 08:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2015-10-09 16:48 - 2015-07-01 20:36 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000Core.job2015-10-09 15:48 - 2010-08-31 17:47 - 00000000 ____D C:\Users\Micky\AppData\Local\Mozilla2015-10-09 15:41 - 2010-08-31 17:47 - 00000000 ____D C:\Users\Micky\AppData\Roaming\Mozilla2015-10-09 15:38 - 2014-06-21 21:42 - 00000000 __SHD C:\Users\Micky\AppData\Local\EmieUserList2015-10-09 15:38 - 2014-06-21 21:42 - 00000000 __SHD C:\Users\Micky\AppData\Local\EmieSiteList2015-10-09 15:37 - 2015-03-29 20:33 - 00000000 __SHD C:\Users\Micky\AppData\LocalLow\EmieUserList2015-10-09 15:37 - 2015-03-29 20:33 - 00000000 __SHD C:\Users\Micky\AppData\LocalLow\EmieSiteList2015-10-09 15:34 - 2015-05-08 21:12 - 00000000 ____D C:\Users\sumika\AppData\Roaming\Skype2015-10-09 15:24 - 2013-01-02 14:49 - 00000000 ____D C:\Windows\system32\appmgmt2015-10-09 15:24 - 2010-08-12 04:22 - 00000000 ____D C:\Program Files (x86)\Adobe2015-10-09 15:15 - 2011-03-04 10:43 - 00000632 __RSH C:\Users\Micky\ntuser.pol2015-10-09 15:15 - 2010-08-31 14:44 - 00000000 ____D C:\Users\Micky2015-10-09 14:07 - 2012-02-27 20:12 - 00000000 ____D C:\Users\Micky\AppData\LocalLow\Google2015-10-09 14:06 - 2012-02-27 20:11 - 00000000 ____D C:\Users\Micky\AppData\Local\Google2015-10-09 13:34 - 2013-01-06 20:37 - 00000000 ____D C:\Users\sumika\AppData\Local\Google2015-10-09 13:34 - 2012-02-27 20:11 - 00000000 ____D C:\Program Files (x86)\Google2015-10-09 07:41 - 2011-03-04 10:58 - 00000000 ____D C:\Users\Gamerz2015-10-09 06:41 - 2012-12-28 23:04 - 00000000 ____D C:\Users\sumika2015-10-09 06:38 - 2012-12-21 23:32 - 00000000 ____D C:\ProgramData\HitmanPro2015-10-09 06:11 - 2011-05-27 16:04 - 00066632 _____ C:\Users\Gamerz\AppData\Local\GDIPFONTCACHEV1.DAT2015-10-09 06:11 - 2011-05-27 16:04 - 00001415 _____ C:\Users\Gamerz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-10-09 06:11 - 2011-05-27 16:03 - 00001234 __RSH C:\Users\Gamerz\ntuser.pol2015-10-09 06:11 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2015-10-09 06:09 - 2012-12-28 23:04 - 00000632 __RSH C:\Users\sumika\ntuser.pol2015-10-08 22:57 - 2013-05-15 06:43 - 00000000 ___RD C:\Users\Micky\Dropbox2015-10-08 22:57 - 2013-05-15 06:40 - 00000000 ____D C:\Users\Micky\AppData\Roaming\Dropbox2015-10-08 22:12 - 2010-08-12 06:29 - 00000000 ____D C:\Program Files (x86)\Steam2015-10-08 22:09 - 2012-02-28 17:28 - 00000000 ____D C:\Users\Jessie\AppData\Roaming\Ubisoft2015-10-08 22:09 - 2012-02-09 16:49 - 00000000 ____D C:\Users\Gamerz\AppData\Roaming\Ubisoft2015-10-08 22:09 - 2011-10-06 17:24 - 00000000 ____D C:\Users\Micky\AppData\Roaming\Ubisoft2015-10-08 22:09 - 2011-10-06 17:05 - 00000000 ____D C:\Program Files (x86)\Ubisoft2015-10-08 22:09 - 2010-08-12 04:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2015-10-08 22:09 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2015-10-08 22:03 - 2012-12-28 23:05 - 00066632 _____ C:\Users\sumika\AppData\Local\GDIPFONTCACHEV1.DAT2015-10-08 21:56 - 2010-08-31 22:21 - 00000000 ____D C:\Users\Micky\AppData\Local\Adobe2015-10-08 21:54 - 2015-01-09 20:57 - 00000000 ____D C:\Users\Micky\Documents\ArcheAgeOld2015-10-08 21:53 - 2010-08-12 04:22 - 00000000 ____D C:\ProgramData\Adobe2015-10-08 21:51 - 2015-07-11 18:21 - 00000000 ____D C:\Users\sumika\AppData\Local\Adobe2015-10-08 06:02 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX2015-10-08 05:56 - 2010-08-31 14:44 - 00066632 _____ C:\Users\Micky\AppData\Local\GDIPFONTCACHEV1.DAT2015-10-08 05:56 - 2009-07-14 00:45 - 00298336 _____ C:\Windows\system32\FNTCACHE.DAT2015-10-07 22:08 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-10-06 20:48 - 2013-01-02 18:28 - 00000000 ____D C:\Users\sumika\AppData\Roaming\Adobe2015-10-06 20:32 - 2014-06-01 14:18 - 00000000 ____D C:\Users\sumika\AppData\Roaming\Guild Wars 22015-10-06 18:06 - 2013-06-11 20:20 - 00000000 ____D C:\Windows\Minidump2015-10-06 13:46 - 2014-10-11 15:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-10-06 12:57 - 2015-05-20 14:34 - 00000000 ____D C:\Users\sumika\AppData\Local\CrashDumps2015-10-06 12:56 - 2014-10-11 15:54 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-10-06 12:56 - 2014-10-11 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-10-04 20:04 - 2012-03-30 16:12 - 00000000 ____D C:\Program Files\Common Files\Apple2015-10-04 20:01 - 2012-03-30 16:12 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2015-10-04 14:59 - 2015-04-25 10:12 - 00000000 ____D C:\Users\Micky\AppData\Roaming\Skype2015-10-04 12:15 - 2015-04-25 10:11 - 00000000 ____D C:\ProgramData\Skype2015-10-01 19:25 - 2015-04-15 13:34 - 00002004 _____ C:\Users\Public\Desktop\Google Slides.lnk2015-10-01 19:25 - 2015-04-15 13:34 - 00002002 _____ C:\Users\Public\Desktop\Google Sheets.lnk2015-10-01 19:25 - 2015-04-15 13:34 - 00001992 _____ C:\Users\Public\Desktop\Google Docs.lnk2015-10-01 19:25 - 2015-04-15 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-09-26 21:06 - 2015-07-16 07:21 - 00000000 ____D C:\Users\Micky\Documents\finances2015-09-26 12:44 - 2015-07-09 21:59 - 00000000 ____D C:\Users\Micky\AppData\Local\TeamSpeak 3 Client2015-09-23 14:12 - 2014-07-21 06:44 - 00000000 ____D C:\Users\Micky\AppData\Local\Akamai2015-09-22 11:15 - 2013-02-16 08:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-09-22 11:14 - 2013-01-19 17:27 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-09-22 11:14 - 2013-01-19 17:27 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-09-16 18:10 - 2015-04-15 19:21 - 00000000 ____D C:\Users\Micky\Documents\Jess2015-09-14 16:17 - 2012-02-27 20:11 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-09-14 16:17 - 2012-02-27 20:11 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-09-10 20:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache2015-09-09 06:13 - 2009-07-14 03:47 - 00000000 ____D C:\Program Files\Windows Journal2015-09-09 06:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions==================== Files in the root of some directories =======2014-04-12 15:58 - 2014-04-12 15:58 - 14883840 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe2015-06-08 21:34 - 2015-06-08 21:40 - 0000566 _____ () C:\Users\sumika\AppData\Roaming\burnaware.iniSome files in TEMP:====================C:\Users\Micky\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqh9yep.dllC:\Users\Micky\AppData\Local\temp\MSETUP4.EXEC:\Users\Micky\AppData\Local\temp\otk37zu0.dllC:\Users\PF\AppData\Local\temp\Gw2.exeC:\Users\sumika\AppData\Local\temp\HitmanPro.exeC:\Users\sumika\AppData\Local\temp\sqlite3.dll==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-10-06 13:40==================== End of FRST.txt ============================ Addition.txt *********************************************************************Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-10-2015Ran by sumika (2015-10-09 21:36:44)Running from C:\Users\sumika\DesktopWindows 7 Professional Service Pack 1 (X64) (2010-08-31 18:44:01)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-609782877-1678570109-4088673391-500 - Administrator - Disabled)ASPNET (S-1-5-21-609782877-1678570109-4088673391-1007 - Limited - Enabled)Gamerz (S-1-5-21-609782877-1678570109-4088673391-1003 - Limited - Enabled) => C:\Users\GamerzGuest (S-1-5-21-609782877-1678570109-4088673391-501 - Limited - Disabled)Jessie (S-1-5-21-609782877-1678570109-4088673391-1001 - Limited - Enabled) => C:\Users\JessieMicky (S-1-5-21-609782877-1678570109-4088673391-1000 - Limited - Enabled) => C:\Users\MickyPF (S-1-5-21-609782877-1678570109-4088673391-1002 - Limited - Enabled) => C:\Users\PFsumika (S-1-5-21-609782877-1678570109-4088673391-1005 - Administrator - Enabled) => C:\Users\sumika==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)Advertising Center (x32 Version: 0.0.0.2 - Nero AG) HiddenAkamai NetSession Interface (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Akamai) (Version: - Akamai Technologies, Inc)AlienRespawn - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Alienware)AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Alienware)Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)ATI Catalyst Install Manager (HKLM\...\{AF1591C8-243B-F1C2-3DDC-263FA2AFF515}) (Version: 3.0.754.0 - ATI Technologies, Inc.)Banctec Service Agreement (HKLM-x32\...\{BD4B02C1-0271-4D7D-A850-19DE2E5CDF83}) (Version: 2.0.0 - Dell Inc.)Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: - )Canon iP2700 series User Registration (HKLM-x32\...\Canon iP2700 series User Registration) (Version: - )Canon MX700 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series) (Version: - )Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )ccc-core-static (x32 Version: 2009.1217.1710.30775 - ATI) HiddenCisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.1.10049.0 - Cisco Consumer Products LLC)Command Center (HKLM-x32\...\InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}) (Version: 2.5.54.0 - Alienware Corp.)Command Center (Version: 2.5.54.0 - Alienware Corp.) HiddenCyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3131 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)Dropbox (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)f.lux (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\Flux) (Version: - )f.lux (HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\Flux) (Version: - )FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)FastStone Photo Resizer 3.1 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.1 - FastStone Soft.)Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)Google Drive (HKLM-x32\...\{CF772DD2-4767-49AE-B764-EACA6F6CD9AE}) (Version: 1.25.0286.7715 - Google, Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.15 - Google Inc.) HiddenHappy Cloud Client (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\HappyCloud) (Version: 1.368 - Happy Cloud, Inc.)iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)ImagXpress (x32 Version: 7.0.74.0 - Nero AG) HiddenIntel® Network Connections 14.8.43.0 (HKLM\...\PROSetDX) (Version: 14.8.43.0 - Intel)Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)Logitech Gaming Software 5.02 (HKLM\...\{ECDF0939-A653-44D0-8B8E-597B890F45EC}) (Version: 5.02.116 - Logitech)Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1 - Mozilla)Mozilla Thunderbird 38.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 en-US)) (Version: 38.2.0 - Mozilla)MSRedist (x32 Version: 9.0.30729.4148 - Symantec Corporation) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Nero 9 Essentials (HKLM-x32\...\{3b6371dd-9f71-40bd-bcfb-7096af55a197}) (Version: - Nero AG)Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)OSD Setup (HKLM-x32\...\{98E5A0C3-86ED-4429-9386-F0DB49E958EA}) (Version: 1.1.0 - MyOSD)QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.57.01 - RICOH)Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.12.0 - Synaptics Incorporated)TeamSpeak 3 Client (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)The Lord of the Rings Online (HKU\S-1-5-21-609782877-1678570109-4088673391-1000\...\LOTROen) (Version: - )Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9603 - Broadcom Corporation)Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-609782877-1678570109-4088673391-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Micky\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)==================== Restore Points =========================09-10-2015 09:31:14 Scheduled Checkpoint09-10-2015 13:30:45 Removed Google Earth09-10-2015 15:23:47 Removed Ventrilo Client for Windows x6409-10-2015 15:24:30 Removed Adobe Acrobat Reader DC.==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 22:34 - 2013-01-12 13:24 - 00000021 _RASH C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {136CD927-574B-499B-A49C-8B98D9947AA2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000Core => C:\Users\Micky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-01] (Dropbox, Inc.)Task: {1C7F9246-27DC-496C-96F6-5B7F33923532} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)Task: {23ED1071-11DE-4D93-9198-E2EEFA45210A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)Task: {294509B8-1FFE-4461-B9C2-B18692121E49} - System32\Tasks\{CDC3D427-A553-44CE-AFDB-1252E0427C4D} => pcalua.exe -a C:\Users\Micky\Downloads\sdvp_pdf_export.exe -d "C:\Program Files (x86)\Mozilla Firefox"Task: {30BD7623-F683-42EF-8130-8FA819B34353} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)Task: {430967BF-C2D5-4F19-B6A2-93720D73BE3B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)Task: {44B5E43A-7881-4FB7-A501-5001A7CC9496} - \One System Care Run Delay -> No File <==== ATTENTIONTask: {53F3FB31-1B49-4512-BEF9-94B133796B3F} - \One System Care Monitor -> No File <==== ATTENTIONTask: {6D9F6710-CC8E-4ADB-9E48-033324EE9DD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)Task: {6F0A65AD-8080-4B82-9677-D79CC40D06A1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)Task: {75B5D71C-EBD3-4F41-8B31-EF5B1DD5D635} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)Task: {B72537B4-3329-4042-9555-246207F3945F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000UA => C:\Users\Micky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-01] (Dropbox, Inc.)Task: {C2D8808F-41F5-4A0D-8FB4-C4BE6476D0D9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiserTask: {C644A805-4A7B-427F-9FE4-A3934339EA63} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)Task: {D5872B23-EB1C-4723-8302-AA5E68B5BA93} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000Core.job => C:\Users\Micky\AppData\Local\Dropbox\Update\DropboxUpdate.exeTask: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-609782877-1678570109-4088673391-1000UA.job => C:\Users\Micky\AppData\Local\Dropbox\Update\DropboxUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (Whitelisted) ==============2010-05-21 11:39 - 2010-05-21 11:39 - 00154424 _____ () C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll2010-08-12 04:13 - 2010-08-12 04:13 - 00075056 _____ () C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2010-01-04 15:10 - 2010-01-04 15:10 - 00016384 _____ () C:\Program Files (x86)\OSD\OSD_Service.exe2009-05-05 13:56 - 2009-05-05 13:56 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2010-08-12 04:22 - 2010-08-12 04:22 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2010-08-12 04:23 - 2011-08-18 12:05 - 02751808 _____ () C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE2010-05-21 11:38 - 2010-05-21 11:38 - 00016704 _____ () C:\Program Files\Alienware\Command Center\AlienFusionController.exe2010-04-04 14:45 - 2010-04-04 14:45 - 00094536 _____ () C:\Windows\system32\FAIEExtension.DLL2010-08-12 04:13 - 2010-08-12 04:13 - 00037712 _____ () C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll2010-08-12 04:13 - 2010-08-12 04:13 - 00025408 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll2010-08-12 04:13 - 2010-08-12 04:13 - 00011584 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll2010-08-12 04:13 - 2010-08-12 04:13 - 00024904 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll2010-08-12 04:13 - 2010-08-12 04:13 - 00028496 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll2010-08-12 04:13 - 2010-08-12 04:13 - 00027984 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll2010-08-12 04:13 - 2010-08-12 04:13 - 00036688 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll2010-08-12 04:13 - 2010-08-12 04:13 - 00019792 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll2010-08-12 04:13 - 2010-08-12 04:13 - 00036688 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll2010-08-12 04:13 - 2010-08-12 04:13 - 00037200 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll2010-08-12 04:13 - 2010-08-12 04:13 - 00017224 _____ () C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll2010-01-11 18:01 - 2010-01-11 18:01 - 00046080 _____ () C:\Program Files (x86)\OSD\Win7CCD.dll2015-10-09 15:46 - 2015-10-09 15:46 - 01020928 _____ () C:\Users\Micky\AppData\Roaming\Mozilla\Firefox\Profiles\i9mwyurn.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll2015-10-09 21:24 - 2015-10-09 21:24 - 00098816 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32api.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00110080 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\pywintypes27.dll2015-10-09 21:24 - 2015-10-09 21:24 - 00364544 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\pythoncom27.dll2015-10-09 21:24 - 2015-10-09 21:24 - 00046080 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_socket.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 01208320 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_ssl.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00320512 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32com.shell.shell.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00776704 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_hashlib.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 01176576 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._core_.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00806400 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._gdi_.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00816128 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._windows_.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 01067008 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._controls_.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00733184 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._misc_.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00682496 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\pysqlite2._sqlite.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00088064 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_ctypes.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00119808 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32file.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00108544 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32security.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00007168 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\hashobjs_ext.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00070144 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\usb_ext.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00167936 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32gui.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00018432 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32event.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00128512 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_elementtree.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00127488 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\pyexpat.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00013824 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\common.time34.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00036864 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_psutil_windows.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00038912 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32inet.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00011264 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32crypt.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00077312 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._html2.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00027136 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_multiprocessing.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00020480 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\_yappi.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00035840 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32process.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00686080 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\unicodedata.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00123392 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._wizard.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00024064 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32pipe.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00010240 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\select.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00025600 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32pdh.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00525640 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\windows._lib_cacheinvalidation.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00017408 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32profile.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00022528 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\win32ts.pyd2015-10-09 21:24 - 2015-10-09 21:24 - 00078848 _____ () C:\Users\Micky\AppData\Local\Temp\_MEI41962\wx._animate.pyd==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)IE trusted site: HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\microsoft.com -> hxxp://*.update.microsoft.comIE trusted site: HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\microsoft.com -> hxxps://*.update.microsoft.comIE trusted site: HKU\S-1-5-21-609782877-1678570109-4088673391-1005\...\windowsupdate.com -> hxxp://download.windowsupdate.com==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-609782877-1678570109-4088673391-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Micky\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgHKU\S-1-5-21-609782877-1678570109-4088673391-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\sumika\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 75.75.75.75 - 75.75.76.76HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [{0B2C8302-DC2E-4479-991D-8C77480EB1F9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXEFirewallRules: [{D2074901-9CD2-453A-82ED-12B228E2A5EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{AEB4F819-B9AF-499D-A099-27AFC5F2F1B4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{8A6855DC-FD4D-4C29-8DEC-0967213B7CC9}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exeFirewallRules: [{F66A9915-773B-4C4C-AEC4-36439EC40038}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exeFirewallRules: [{567F5D0C-E77A-41C9-AE3E-10D1D99ACB67}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exeFirewallRules: [{E5F6A2BA-787C-46BE-8EDA-1C115B002708}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exeFirewallRules: [{EB8E8618-CD3F-4B29-94FD-46CC45056DB5}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exeFirewallRules: [{9E708BB7-4D79-4C4B-8A98-0B2EC9491307}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exeFirewallRules: [{4434DCDD-E488-40B5-951F-62E6D0D3B6C6}] => (Allow) C:\Users\sumika\AppData\Local\temp\7zS1CB3.tmp\SymNRT.exeFirewallRules: [{68392503-FC95-4EB6-BCD2-E11262732B34}] => (Allow) C:\Users\sumika\AppData\Local\temp\7zS1CB3.tmp\SymNRT.exeFirewallRules: [{5AF57BA9-1FDD-4F77-9CC5-19774F82ED5B}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exeFirewallRules: [{441CD3C1-5BC4-4391-B991-D11724186847}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exeFirewallRules: [{8C613B2F-6EFD-40E5-8B4C-FD3623939EBB}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exeFirewallRules: [{F8540CB6-7DA1-469B-89D7-6552D446DED5}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exeFirewallRules: [TCP Query User{D8F9FEB2-A0A2-4EC2-BAA2-AC20ADD6D5DB}C:\programdata\turbine\the lord of the rings online\lotroclient.exe] => (Block) C:\programdata\turbine\the lord of the rings online\lotroclient.exeFirewallRules: [uDP Query User{8F11FFE2-5AA6-4F72-88D2-ED2D3CA7E588}C:\programdata\turbine\the lord of the rings online\lotroclient.exe] => (Block) C:\programdata\turbine\the lord of the rings online\lotroclient.exeFirewallRules: [{56B31B81-6F79-42D5-8BD1-608A89BD67EE}] => (Allow) C:\Users\Micky\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{66003D94-932A-4F57-9B55-C87122D343A9}] => (Allow) C:\Users\Micky\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [TCP Query User{2543F502-18AA-4753-88F1-54B7ABB8E1C9}C:\users\micky\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\micky\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [uDP Query User{02BFEDC8-D5BF-47F2-A123-1ABF4142956F}C:\users\micky\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\micky\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [{452D0A75-161E-4CD6-A1A0-78CCF67CE269}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exeFirewallRules: [{BE704B3C-7092-4072-801D-5272B69CF729}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exeFirewallRules: [{EC156D59-7C26-4E9C-A511-F193E0C68ACF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{D41E61D6-E170-4661-AE04-B311F46A96AC}] => (Allow) LPort=2869FirewallRules: [{6728BDE8-588A-4A9A-AD9C-6C08798C431D}] => (Allow) LPort=1900FirewallRules: [{E7449E7C-26C0-498F-A495-1CB87771EE62}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{084A8A2E-75C5-4A8C-8E6A-839E868342B4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [TCP Query User{B0D3C49F-BF08-4E7C-9059-6D8F98C15C0B}C:\users\pf\appdata\local\temp\gw2.exe] => (Allow) C:\users\pf\appdata\local\temp\gw2.exeFirewallRules: [uDP Query User{D8E0B9DE-B7CF-4779-A01F-F05319581362}C:\users\pf\appdata\local\temp\gw2.exe] => (Allow) C:\users\pf\appdata\local\temp\gw2.exeFirewallRules: [TCP Query User{1324D719-0665-4077-B45D-3E7C52545634}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exeFirewallRules: [uDP Query User{B4841580-BEF6-4195-801D-195E0C62A6C3}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exeFirewallRules: [TCP Query User{BE510829-FF23-4546-9577-F558421961A9}C:\users\micky\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\micky\appdata\local\akamai\netsession_win.exeFirewallRules: [uDP Query User{186F72CE-32DB-47F8-9616-9ADB186D906B}C:\users\micky\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\micky\appdata\local\akamai\netsession_win.exeFirewallRules: [TCP Query User{DEF21DA1-2D66-4C4D-984C-EDF69B9ECDEF}C:\users\micky\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\micky\appdata\local\akamai\netsession_win.exeFirewallRules: [uDP Query User{59C4D1CF-CE86-487B-8F82-CF4A1CFB8F0C}C:\users\micky\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\micky\appdata\local\akamai\netsession_win.exeFirewallRules: [{12520024-24E9-4A00-9E56-0629FE77E954}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{8FFF1B2C-CC98-4B69-A585-4DF6E1AC34FC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [TCP Query User{1214398B-FDFE-4A51-8EB5-E225B0016B8E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exeFirewallRules: [uDP Query User{8B11E352-1E8E-49BB-BD74-BE137B2D1DA4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exeFirewallRules: [{440B7C55-18C4-4641-936E-A8F1403379E8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{1FC6E87C-6D42-40F0-9F8C-190DE81CE5D5}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exeFirewallRules: [{D56B06B5-AE91-4FBD-96AF-F80AD9378CB5}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exeFirewallRules: [{F1642526-0585-4C7A-8B21-B4ED6F512617}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{61333CA2-DE02-46E6-B525-7996E4110B70}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{4F8B2903-B295-457F-83CF-046016529EF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{6D2764D0-3367-476F-8819-1E62C615CD03}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{9F1921F2-DDD8-4E6D-BA04-EF8DB4805395}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{3F52DB36-6C67-4C2C-B737-2577E378F673}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{08651C39-2EA6-426F-BEEC-AA3939AE965A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe==================== Faulty Device Manager Devices =============Name: facap, FastAccess Video CaptureDescription: facap, FastAccess Video CaptureClass Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Manufacturer: Sensible VisionService: FACAPProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: =========================Application errors:==================Error: (10/09/2015 07:53:00 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program iexplore.exe version 11.0.9600.18015 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 3dccStart Time: 01d102c9e485fc47Termination Time: 9Application Path: C:\Program Files\Internet Explorer\iexplore.exeReport Id: d82837b6-6ee0-11e5-a490-0026b9ff2681Error: (10/09/2015 06:27:40 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: MsMpEng.exe, version: 4.8.204.0, time stamp: 0x5541eadfFaulting module name: mpsvc.dll, version: 4.8.204.0, time stamp: 0x5541eb17Exception code: 0xc0000005Fault offset: 0x00000000000139c1Faulting process id: 0x3b8Faulting application start time: 0xMsMpEng.exe0Faulting application path: MsMpEng.exe1Faulting module path: MsMpEng.exe2Report Id: MsMpEng.exe3Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000030c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003B4EB30.72). hr = 0x80070005, Access is denied..Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000d10,(null),0,REG_BINARY,000000000888E3A0.72). hr = 0x80070005, Access is denied..Operation: BackupShutdown EventContext: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {3e252995-d87b-4b67-a396-1ac923c950fe}Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000798,(null),0,REG_BINARY,0000000003C3E320.72). hr = 0x80070005, Access is denied..Operation: BackupShutdown EventContext: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {83834c2e-4cd6-4683-828b-0bbe93fdd3d4}Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000d10,(null),0,REG_BINARY,000000000888E3A0.72). hr = 0x80070005, Access is denied..Operation: BackupShutdown EventContext: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {3e252995-d87b-4b67-a396-1ac923c950fe}Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000798,(null),0,REG_BINARY,0000000003C3E320.72). hr = 0x80070005, Access is denied..Operation: BackupShutdown EventContext: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {83834c2e-4cd6-4683-828b-0bbe93fdd3d4}Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001cc,(null),0,REG_BINARY,00000000036EEA60.72). hr = 0x80070005, Access is denied..Operation: BackupShutdown EventContext: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {4f5c71df-96ff-4b8c-a791-f795c77319ed}Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002ec,(null),0,REG_BINARY,00000000028FE310.72). hr = 0x80070005, Access is denied..Operation: BackupShutdown EventContext: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {154cfae3-beaf-4543-bfdf-c40871bfff7c}Error: (10/09/2015 06:38:29 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,(null),0,REG_BINARY,0000000001FFED30.72). hr = 0x80070005, Access is denied..Operation: BackupShutdown EventContext: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {40ef47c2-1601-4e1c-9912-596e796d11b5}System errors:=============Error: (10/09/2015 09:35:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.Error: (10/09/2015 09:24:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.Error: (10/09/2015 09:17:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.Error: (10/09/2015 08:40:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/09/2015 08:40:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/09/2015 08:40:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error:%%1068Error: (10/09/2015 08:40:03 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}Error: (10/09/2015 08:40:03 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}Error: (10/09/2015 08:40:02 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}Error: (10/09/2015 08:39:57 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}==================== Memory info ===========================Processor: Intel® Core i7 CPU Q 840 @ 1.87GHzPercentage of memory in use: 29%Total physical RAM: 8180.5 MBAvailable physical RAM: 5783.23 MBTotal Virtual: 16359.21 MBAvailable Virtual: 13385.07 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:223.79 GB) (Free:59.12 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: B347C6D6)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=223.8 GB) - (Type=07 NTFS)==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 10, 2015 ID:994617 Share Posted October 10, 2015 Hello, They call me TwinHeadedEagle around here, and I'll try to help your with your issue. Before we start please read and note the following:We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding! The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File).Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please upload them into your next reply. Link to post Share on other sites More sharing options...
Mika Posted October 10, 2015 Author ID:994641 Share Posted October 10, 2015 Hi, I apologize for the in-line scan reports, I was following the instructions for posting. In any case, I am happy to supply the log information through attachments and will attempt to follow your instructions to the letter. Please see attachments and thanks for taking on my case.Addition.txtFRST.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 10, 2015 ID:994642 Share Posted October 10, 2015 Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please upload it to your reply. Check DiskPress the + R on your keyboard at the same time. Type cmd and click OK.Copy/Enter the command below and press Enter:chkdsk C: /rYou should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.Check Disk report:Press the + R on your keyboard at the same time. Type eventvwr and click OK.In the left panel, expand Windows Logs and then click on Application.Now, on the right side, click on Filter Current Log.Under Event Sources, check only Wininit and click OK.Now you'll be presented with one or multiple Wininit logs.Click on an entry corresponding to the date and time of the disk check.On the top main menu, click Action > Copy > Copy Details as Text.Paste the contents into your next reply.fixlist.txt Link to post Share on other sites More sharing options...
Mika Posted October 10, 2015 Author ID:994661 Share Posted October 10, 2015 Log Name: ApplicationSource: Microsoft-Windows-WininitDate: 10/10/2015 7:59:28 AMEvent ID: 1001Task Category: NoneLevel: InformationKeywords: ClassicUser: N/AComputer: RaiderDescription:Checking file system on C:The type of the file system is NTFS.Volume label is OS.A disk check has been scheduled.Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)...Cleaning up instance tags for file 0x59d1. 329984 file records processed. File verification completed. 2269 large file records processed. 0 bad file records processed. 2 EA records processed. 10115 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 424808 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 329984 file SDs/SIDs processed. Cleaning up 1104 unused index entries from index $SII of file 0x9.Cleaning up 1104 unused index entries from index $SDH of file 0x9.Cleaning up 1104 unused security descriptors.Security descriptor verification completed. 47413 data files processed. CHKDSK is verifying Usn Journal... 36379504 USN bytes processed. Usn Journal verification completed.CHKDSK is verifying file data (stage 4 of 5)... 329968 files processed. File data verification completed.CHKDSK is verifying free space (stage 5 of 5)... 18743814 free clusters processed. Free space verification is complete.Windows has made corrections to the file system. 234657909 KB total disk space. 159106344 KB in 212316 files. 133504 KB in 47414 indexes. 0 KB in bad sectors. 442805 KB in use by the system. 65536 KB occupied by the log file. 74975256 KB available on disk. 4096 bytes in each allocation unit. 58664477 total allocation units on disk. 18743814 allocation units available on disk.Internal Info:00 09 05 00 8d f6 03 00 21 8c 07 00 00 00 00 00 ........!.......44 0a 00 00 83 27 00 00 00 00 00 00 00 00 00 00 D....'..........00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................Windows has finished checking your disk.Please wait while your computer restarts.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-10-10T11:59:28.000000000Z" /> <EventRecordID>55564</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>Raider</Computer> <Security /> </System> <EventData> <Data>Checking file system on C:The type of the file system is NTFS.Volume label is OS.A disk check has been scheduled.Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)...Cleaning up instance tags for file 0x59d1. 329984 file records processed. File verification completed. 2269 large file records processed. 0 bad file records processed. 2 EA records processed. 10115 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 424808 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 329984 file SDs/SIDs processed. Cleaning up 1104 unused index entries from index $SII of file 0x9.Cleaning up 1104 unused index entries from index $SDH of file 0x9.Cleaning up 1104 unused security descriptors.Security descriptor verification completed. 47413 data files processed. CHKDSK is verifying Usn Journal... 36379504 USN bytes processed. Usn Journal verification completed.CHKDSK is verifying file data (stage 4 of 5)... 329968 files processed. File data verification completed.CHKDSK is verifying free space (stage 5 of 5)... 18743814 free clusters processed. Free space verification is complete.Windows has made corrections to the file system. 234657909 KB total disk space. 159106344 KB in 212316 files. 133504 KB in 47414 indexes. 0 KB in bad sectors. 442805 KB in use by the system. 65536 KB occupied by the log file. 74975256 KB available on disk. 4096 bytes in each allocation unit. 58664477 total allocation units on disk. 18743814 allocation units available on disk.Internal Info:00 09 05 00 8d f6 03 00 21 8c 07 00 00 00 00 00 ........!.......44 0a 00 00 83 27 00 00 00 00 00 00 00 00 00 00 D....'..........00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................Windows has finished checking your disk.Please wait while your computer restarts.</Data> </EventData></Event>Fixlog.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 10, 2015 ID:994669 Share Posted October 10, 2015 Excellent. How is your PC behaving now? Link to post Share on other sites More sharing options...
Mika Posted October 10, 2015 Author ID:994708 Share Posted October 10, 2015 To check how the system is behaving, I have been trying to exercise it with the types of activities I associate with the poor performance and MS Security Essentials (MSSE) being turned off. The two activities that come to mind are 1) web browser use and 2) playing the game ArcheAge (by Trion Worlds). I don't know if these two activities really trigger the behaviors or there is an underlying issue on my computer. My first test was to re-install the two programs necessary to run ArcheAge (Glyph and ArcheAge - I had uninstalled them earlier thinking they could be part of the problem). Near the very end of the install of ArcheAge, MS Security Essentials turned off (I don't know how or why). In the last few days, I have gotten into the habit of having the MS Security Essentials window open so I could tell at a glance if it is On or Off - so it was easy to see when it changed to Off. I wasn't doing anything else at that time with the system except watching the install window. I turned MSSE back on (it took >30 sec for it to change to On). The system does seem faster. I ran the game for awhile. MSSE switched off a second time (I wasn't doing anything else). Trion claims that Glyph must be run as administrator (and indeed other players report it will not run correctly without admin privs). Trion's website suggests that if there are firewall or antivirus problems that Glyph and its downloader program should be whitelisted. I have not done this with this install because I didn't want to do something you didn't direct me to do. Please let me know if you want me to make that change and try it. [i checked Trion's support website regarding problems with MSSE and couldn't find anything other than the above advice. I know someone else who currently has Windows 7 (but not Professional) and MSSE along with ArcheAge with no apparent problems.] Given your earlier direction to refrain from internet access, I haven't tried using the web browser for anything other than this post. Although my use of the browser has been very limited, it seems fine so far, e.g., no signs of slowness and MSSE is still On. Should I use this more? Given the earlier advice, I was relunctant to do much along these lines and especially to go to any site where I needed a password without your ok. Next steps? Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 10, 2015 ID:994716 Share Posted October 10, 2015 MSE indeed has/had some problems: Error: (10/09/2015 06:27:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MsMpEng.exe, version: 4.8.204.0, time stamp: 0x5541eadf Faulting module name: mpsvc.dll, version: 4.8.204.0, time stamp: 0x5541eb17 Exception code: 0xc0000005 Fault offset: 0x00000000000139c1 Faulting process id: 0x3b8 Faulting application start time: 0xMsMpEng.exe0 Faulting application path: MsMpEng.exe1 Faulting module path: MsMpEng.exe2 Report Id: MsMpEng.exe3 I would like you to reinstall it. You can run this utility and select Microsoft Security Essentials for uninstall: https://support.microsoft.com/en-us/mats/program_install_and_uninstall?wa=wsignin1.0 Link to post Share on other sites More sharing options...
Mika Posted October 10, 2015 Author ID:994731 Share Posted October 10, 2015 This link brought up the fixit program (just checking that was intended). Microsoft Security Essentials was not listed for uninstall. The closest item was Microsoft Security Client. I did not uninstall anything. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 10, 2015 ID:994736 Share Posted October 10, 2015 Yes, you can choose Microsoft Security Client. Link to post Share on other sites More sharing options...
Mika Posted October 10, 2015 Author ID:994751 Share Posted October 10, 2015 OK. Successfully uninstalled and re-installed MSSE. Updated virus definitions and scanned system (clean scan). Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 10, 2015 ID:994754 Share Posted October 10, 2015 Very good. Is everything running fine now? Link to post Share on other sites More sharing options...
Mika Posted October 11, 2015 Author ID:994776 Share Posted October 11, 2015 No, unfortunately, Microsoft Security Essentials keeps turning off. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 11, 2015 ID:994790 Share Posted October 11, 2015 I don't know why is this happening. If this is the only issue, I suppose you should change MSE for some better solution, like Avast, AVG, etc. Link to post Share on other sites More sharing options...
Mika Posted October 11, 2015 Author ID:994924 Share Posted October 11, 2015 De-installed MSE. Installed AVG, updated defs, clean scan. Have been running it all day with no detectable problem. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 12, 2015 ID:994966 Share Posted October 12, 2015 Good. Can we consider this as solved now? Link to post Share on other sites More sharing options...
Mika Posted October 13, 2015 Author ID:995338 Share Posted October 13, 2015 Yes, I think so - haven't seen any more problems with the virus protection stopping. Thanks for all of your help! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 23, 2015 Root Admin ID:997389 Share Posted October 23, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts