Jump to content

Trying to clean my windows 7 PC


Recommended Posts

Hello all,

 

My friend gave me his windows 7 laptop a little while ago and it was kind of in a bad way (slow, overloaded with crap, etc). I didn't really do anything about it until about a week ago.  He was running Mcafee and I had never really heard great things about it so I removed it and installed Windows Defender/Microsoft security essentials. Then I installed Malwarebytes.

 

A few things happened at this time: First, MSE found two items (at least two, can't remember if i deleted or removed some files but they are not in "history" (if anyone knows where the full MSE log can be found please advise)) classified as browser modifiers.  They were listed as WIN32/KipodToolsCby and WIN32/Diplugem.  For now they are quarantined. I then ran MBAM (hyper scan) and it found ~30 PUPs in the registry keys, values, and data. It also found ~40 files and folders. I removed them and ran a threat scan in MBAM. It found nothing.

 

About 15 minutes after this, MBAM real time protection started popping up a warning every few seconds about malicious website protection, all involving outgoing connections coming from tor.exe. I panicked and disabled my internet connection (maybe a little overzealous, haha). I contacted my friend and asked if he had ever used/installed/was aware of tor. He had not even really heard of it let alone installed it. I don't really know all that much about tor myself or computer security in general so I can only guess that he was part of a botnet or something similar.

 

Either way, I attempted to uninstall tor by simply deleting the .exe and any files in it's directory, so i'm not sure if I was successful. I then decided to check a little more deeply through the list of programs installed and removed a few more which were either preinstalled bloatware or otherwise suspicious or unnecessary. This brings us to now.

 

While doing a little research during the first part of this ordeal, I heard about ADW cleaner through some posts on this forum. I ran it for the first time today and it found some stuff. I did not take any action besides scanning. I looked at the pinned posts in this forum and then downloaded and ran FarBar recovery tool also only scanning. As I don't want to do anything rash and mess up this computer I just collected the logs. Here they are, hope someone can help me figure out how to proceed from here! Thanks in advance. 

 

Full Disclosure: He had Vuze (torrenting software) installed and I never removed it before but I just uninstalled right before making this post. As far as I am aware there is no other P2P software installed, and no cracked software either. There may be some strange things because I run some less than user friendly chemistry programs and had to edit environmental variables and things like that. 

 

P.S. I can also upload any MBAM scan logs, protection logs, w/e if you need or want it.

 

LOGS

 In order: FarBar FRST.txt, Addition.txt, then ADW Cleaner log. ADW cleaner was actually run first but no action was taken.

 

FarBar FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015

Ran by Dominic (administrator) on DOMINIC-PC (11-12-2015 00:21:14)
Running from C:\Users\Dominic\Downloads
Loaded Profiles: Dominic & RA Media Server (Available Profiles: Dominic & RA Media Server)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe
(Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
(Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Motive Communications, Inc.) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SoftThinks) C:\Windows\sminst\SftService.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(LogMeIn, Inc.) C:\Users\Dominic\AppData\Local\LogMeIn Client\LMIIgnition.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-24] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-06-15] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [X]
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\...\Run: [Google Update] => C:\Users\Dominic\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [876216 2015-09-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\...\MountPoints2: {0c870075-d4c3-11e0-be79-002219da0542} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\...\MountPoints2: {3d6b0160-5103-11e1-aab8-002219da0542} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\...\MountPoints2: {7e5b8690-448c-11e0-a24c-002219da0542} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\...\MountPoints2: {882b9d19-3a68-11e0-a2d5-002219da0542} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\...\MountPoints2: {ec240e53-1af2-11e0-8ffd-d508933fc449} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1086673812-429092812-4238826206-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1086673812-429092812-4238826206-1001\...\RunOnce: [DPAPIKeyMig] => C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-24]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-24]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-24]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-24]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [s-1-5-21-1086673812-429092812-4238826206-1000] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 131.156.1.11 131.156.116.210
Tcpip\..\Interfaces\{806463CB-6AFD-499E-AADB-8B473066E3EE}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{E6B1F3F4-C6F5-4B61-AB6D-BD7101C1AE14}: [DhcpNameServer] 131.156.1.11 131.156.116.210
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-1086673812-429092812-4238826206-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-1086673812-429092812-4238826206-1000 -> {B3CF2548-2DB9-434D-9100-92AB04D14B12} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-1086673812-429092812-4238826206-1000 -> {C6D6A094-A1BF-4D91-AEA8-06D7A7FACFB0} URL = hxxp://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1086673812-429092812-4238826206-1000 -> {D5F38BEF-31E3-4564-BC92-FD9CFAED3F46} URL = hxxp://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1086673812-429092812-4238826206-1000 -> {E5ACD15F-42EE-4F3F-A721-3C1341081657} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-1086673812-429092812-4238826206-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-04] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: FAIESSOHelper Class -> {A2F122DA-055F-4df7-8F24-7354DBDBA85B} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll => No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-04] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1086673812-429092812-4238826206-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Dominic\AppData\Roaming\Mozilla\Firefox\Profiles\j8d0cfr8.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-05-20] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-05-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=15.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2015\Chem3D\npChem3DPlugin.dll [2015-03-14] (PerkinElmer)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=15.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2015\ChemDraw\npcdp32.dll [2015-03-14] (PerkinElmer)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-08-28] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [No File]
FF Plugin HKU\S-1-5-21-1086673812-429092812-4238826206-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dominic\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1086673812-429092812-4238826206-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dominic\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1086673812-429092812-4238826206-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominic\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2011-11-02] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-06-28] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-06-28] (RealPlayer Cloud)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-12-01]
FF Extension: Copy Plain Text 2 - C:\Users\Dominic\AppData\Roaming\Mozilla\Firefox\Profiles\j8d0cfr8.default\Extensions\copyplaintext@teo.pl.xpi [2015-07-30]
FF Extension: Self-Destructing Cookies - C:\Users\Dominic\AppData\Roaming\Mozilla\Firefox\Profiles\j8d0cfr8.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-12-01]
FF Extension: Thumbnail Zoom Plus - C:\Users\Dominic\AppData\Roaming\Mozilla\Firefox\Profiles\j8d0cfr8.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2015-07-30]
FF Extension: Adblock Plus - C:\Users\Dominic\AppData\Roaming\Mozilla\Firefox\Profiles\j8d0cfr8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-01]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-05-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-12-10] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://www.niu.edu/index.shtml"
CHR Profile: C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-06-10]
CHR Extension: (Adblock Plus) - C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-12-10]
CHR Extension: (Adblock for Pirate Bay) - C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2014-05-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-07-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Dominic\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe [89600 2009-03-30] (Andrea Electronics Corporation)
R2 Apache2.2; C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S4 dsl-db; C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2009-09-29] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [42544 2009-06-18] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-11-30] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [303104 2008-02-12] (Motive Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [356912 2009-06-18] (National Instruments Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2013-07-30] (Pharos Systems International) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 SftService; C:\Windows\sminst\sftservice.EXE [632048 2009-02-23] (SoftThinks)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\STacSV64.exe [268288 2009-03-30] (IDT, Inc.)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 McAfee SiteAdvisor Service; "c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe" [X]
S4 tor; "C:\Program Files (x86)\Tor\tor.exe" --nt-service "-ControlPort" "9051" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-06-15] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2015-11-30] (LogMeIn, Inc.)
R3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 PCD5SRVC{048DBD20-445E8C82-05040104}; \??\C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-11 00:18 - 2015-12-11 00:19 - 00048696 _____ C:\Users\Dominic\Downloads\Addition.txt
2015-12-11 00:17 - 2015-12-11 00:21 - 00027268 _____ C:\Users\Dominic\Downloads\FRST.txt
2015-12-11 00:16 - 2015-12-11 00:21 - 00000000 ____D C:\FRST
2015-12-11 00:15 - 2015-12-11 00:15 - 02369024 _____ (Farbar) C:\Users\Dominic\Downloads\FRST64.exe
2015-12-10 23:22 - 2015-12-10 23:22 - 00000000 ____D C:\AdwCleaner
2015-12-10 23:21 - 2015-12-10 23:22 - 01738240 _____ C:\Users\Dominic\Downloads\adwcleaner_5.024.exe
2015-12-10 20:03 - 2015-12-10 20:03 - 00000000 ____D C:\Users\Dominic\AppData\Roaming\PDAppFlex
2015-12-10 19:49 - 2015-12-10 19:49 - 00000000 ____D C:\Users\Dominic\AppData\Local\CEF
2015-12-10 19:47 - 2015-12-10 19:47 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-10 19:46 - 2015-12-10 19:46 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-12-10 19:46 - 2015-12-10 19:46 - 00002039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-12-10 19:46 - 2015-12-10 19:46 - 00002016 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-12-10 19:30 - 2015-12-10 19:51 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-10 19:28 - 2015-12-10 19:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-10 19:28 - 2015-12-10 19:28 - 00002049 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-10 19:25 - 2015-12-10 19:25 - 02094184 _____ (Adobe) C:\Users\Dominic\Downloads\acrobatproDC_00000000000000000000000409.exe
2015-12-10 19:22 - 2015-12-10 19:22 - 00000000 ____D C:\Users\Dominic\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2015-12-10 18:25 - 2015-12-10 18:25 - 00001035 _____ C:\Users\Dominic\Desktop\LogMeIn Client.lnk
2015-12-08 23:38 - 2015-12-08 23:39 - 00006720 _____ C:\Users\Dominic\Downloads\Chem 440 HW Atkins 2015.pdf
2015-12-07 15:12 - 2015-12-07 15:14 - 00000000 ____D C:\Users\Dominic\Desktop\shelx64
2015-12-07 15:12 - 2015-12-07 15:12 - 00000000 ____D C:\Users\Dominic\Desktop\tg1
2015-12-07 15:06 - 2015-12-07 15:06 - 04855608 _____ (LogMeIn, Inc.) C:\Users\Dominic\Downloads\LogMeIn Client.exe
2015-12-04 21:01 - 2015-12-04 21:01 - 00000000 ____D C:\Users\Dominic\AppData\Local\ElevatedDiagnostics
2015-12-04 20:53 - 2015-12-04 20:53 - 01736704 _____ C:\Users\Dominic\Downloads\AdwCleaner.exe
2015-12-04 20:45 - 2015-12-11 00:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-04 20:44 - 2015-12-04 21:33 - 00001098 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-04 20:44 - 2015-12-04 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-04 20:44 - 2015-12-04 20:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-04 20:44 - 2015-12-04 20:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-04 20:44 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-04 20:44 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-04 20:44 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-04 20:43 - 2015-12-04 20:43 - 22908888 _____ (Malwarebytes ) C:\Users\Dominic\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-04 17:08 - 2015-12-04 17:09 - 06801752 _____ (Piriform Ltd) C:\Users\Dominic\Downloads\ccsetup512.exe
2015-12-04 15:03 - 2015-12-04 15:03 - 00001945 _____ C:\Windows\epplauncher.mif
2015-12-04 15:02 - 2015-12-04 21:33 - 00002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-12-04 15:02 - 2015-12-04 15:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-12-04 15:02 - 2015-12-04 15:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-12-04 14:57 - 2015-12-04 14:58 - 14243008 _____ (Microsoft Corporation) C:\Users\Dominic\Downloads\mseinstall.exe
2015-12-04 14:54 - 2015-12-07 15:01 - 00000909 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-12-04 14:54 - 2015-12-04 14:54 - 00001024 _____ C:\.rnd
2015-12-04 14:54 - 2015-11-30 15:07 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-12-04 14:54 - 2015-11-30 15:07 - 00107008 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-12-04 14:54 - 2015-11-30 15:07 - 00035328 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-12-04 14:54 - 2015-06-15 08:14 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2015-12-04 14:53 - 2015-12-09 16:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-12-04 14:51 - 2015-12-04 14:51 - 25841664 _____ C:\Users\Dominic\Downloads\LogMeIn.msi
2015-12-04 12:08 - 2015-12-04 21:33 - 00001035 _____ C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-12-04 12:03 - 2015-12-10 17:17 - 00000000 ____D C:\Users\Dominic\AppData\Local\LogMeInIgnition
2015-12-04 12:03 - 2015-12-04 12:04 - 00000000 ____D C:\Users\Dominic\AppData\Local\LogMeIn Client
2015-12-04 11:59 - 2015-12-11 00:10 - 00000000 ____D C:\Users\Dominic\AppData\Local\LogMeIn Hamachi
2015-12-04 11:59 - 2015-12-10 19:17 - 00000000 ____D C:\ProgramData\LogMeIn
2015-12-04 11:59 - 2015-12-04 11:59 - 00000000 ____D C:\Users\Dominic\AppData\Local\LogMeIn
2015-12-04 11:58 - 2015-12-04 21:33 - 00000922 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-12-04 11:58 - 2015-12-04 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-12-04 11:58 - 2015-12-04 11:58 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-12-04 11:56 - 2015-12-04 11:57 - 08810496 _____ C:\Users\Dominic\Downloads\Hamachi.msi
2015-12-04 05:51 - 2015-12-04 21:32 - 00001719 _____ C:\Users\Dominic\Desktop\Default.rdp - Shortcut.lnk
2015-12-04 05:27 - 2015-12-04 05:50 - 00002032 ____H C:\Users\Dominic\Documents\Default.rdp
2015-12-02 20:35 - 2015-12-02 20:35 - 00000000 ___SD C:\Users\Dominic\Documents\My Data Sources
2015-12-02 16:28 - 2015-12-02 16:34 - 00000301 _____ C:\Users\Dominic\sad.abs
2015-12-02 16:08 - 2015-12-02 16:08 - 00815104 _____ C:\Users\Dominic\Downloads\sadabs.exe
2015-12-02 16:07 - 2015-12-02 16:07 - 00312363 _____ C:\Users\Dominic\Downloads\Shelx97_manual.zip
2015-12-02 16:03 - 2015-12-02 16:03 - 00822156 _____ C:\Users\Dominic\Downloads\New Doc 25_1.pdf
2015-12-01 19:32 - 2015-12-01 19:32 - 00322014 _____ C:\Users\Dominic\Downloads\8265622_eTranscript.pdf
2015-12-01 17:22 - 2015-12-04 17:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-30 15:00 - 2015-11-30 15:00 - 00035616 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr.dll
2015-11-30 15:00 - 2015-11-30 15:00 - 00014944 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\radpms.sys
2015-11-30 15:00 - 2015-11-30 15:00 - 00014624 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr2.dll
2015-11-30 15:00 - 2015-11-30 15:00 - 00011552 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\lmimirr.sys
2015-11-19 22:17 - 2015-11-19 22:17 - 00009010 _____ C:\Users\Dominic\Downloads\Extra Credit Word Count.xlsx
2015-11-17 23:10 - 2015-11-17 23:10 - 00209920 _____ C:\Users\Dominic\Downloads\Statistics_11182015001015.xls
2015-11-17 22:41 - 2015-11-17 22:41 - 00206848 _____ C:\Users\Dominic\Downloads\Statistics_11172015132958 (1).xls
2015-11-17 22:08 - 2015-11-17 22:08 - 00110592 _____ C:\Users\Dominic\Downloads\Statistics_11172015230754.xls
2015-11-17 12:31 - 2015-11-17 12:31 - 00204800 _____ C:\Users\Dominic\Downloads\Statistics_11172015133104.xls
2015-11-17 12:30 - 2015-11-17 12:30 - 00206848 _____ C:\Users\Dominic\Downloads\Statistics_11172015133030.xls
2015-11-17 12:30 - 2015-11-17 12:30 - 00206848 _____ C:\Users\Dominic\Downloads\Statistics_11172015132958.xls
2015-11-13 14:46 - 2015-12-10 18:22 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-11-13 14:46 - 2015-11-13 14:46 - 00004038 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-11-13 14:46 - 2015-11-13 14:46 - 00003226 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-11-13 14:46 - 2015-11-13 14:46 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-11-13 14:46 - 2015-11-13 14:46 - 00000000 ____D C:\Program Files\Dell Support Center
2015-11-12 11:51 - 2015-11-12 11:51 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys
2015-11-12 06:31 - 2015-11-12 06:31 - 00231582 _____ C:\Users\Dominic\Downloads\chem440 practice test 3 fall2015.pdf
2015-11-12 01:40 - 2015-11-12 01:40 - 00039673 _____ C:\Users\Dominic\Downloads\data.xlsx
2015-11-12 01:40 - 2015-11-12 01:40 - 00037293 _____ C:\Users\Dominic\Downloads\vapor pressure data.xlsx
2015-11-11 23:26 - 2015-11-11 23:23 - 00278624 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-11-11 23:24 - 2015-12-04 16:37 - 00000000 ____D C:\Users\Dominic\.oracle_jre_usage
2015-11-11 23:24 - 2015-11-11 23:24 - 00000000 ____D C:\Users\Dominic\AppData\Roaming\Sun
2015-11-11 23:21 - 2015-11-11 23:21 - 00000000 ____D C:\Users\Dominic\AppData\LocalLow\Oracle
2015-11-11 23:12 - 2015-11-11 23:12 - 00000000 ____D C:\Users\Dominic\Documents\Origin User Files
2015-11-11 23:05 - 2015-12-04 21:32 - 00002027 _____ C:\Users\Dominic\Desktop\OriginPro 8.lnk
2015-11-11 23:00 - 2015-11-11 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OriginLab
2015-11-11 22:59 - 2007-10-15 13:23 - 02199552 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\PdfDll32.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 01703936 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTCLR14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 01637520 _____ (Codejock Software) C:\Windows\SysWOW64\LPUIT05N.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 01433600 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDic14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 01396736 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltann14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 01122304 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltimg14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00703632 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPRES05N.DLL
2015-11-11 22:59 - 2007-10-15 13:23 - 00695440 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPDLG05N.DLL
2015-11-11 22:59 - 2007-10-15 13:23 - 00642192 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUIR05r.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00507024 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LtAct14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00434176 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltkrn14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00364544 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFCMP14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00262144 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDIS14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00253952 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTEml14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00241664 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltefx14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00228496 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpPdf05n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00224400 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPKRN05N.DLL
2015-11-11 22:59 - 2007-10-15 13:23 - 00221184 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lvkrn14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00155648 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTSGM14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00155648 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltfil14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00146576 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpDoc05n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00142480 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltact.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00139264 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpdf14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00138384 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpHTM05n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00138384 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpEmf05n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00113808 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPWSE05n.exe
2015-11-11 22:59 - 2007-10-15 13:23 - 00109712 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpRTF05n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00106680 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUID05n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00098304 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LtTtf14n.Dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00094208 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltdoc14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00089232 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPCPN05N.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00086016 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lffax14n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00085136 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPINS05N.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00077898 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfjb214n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00072848 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LpTxt05n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00068752 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lpdrv05n.DLL
2015-11-11 22:59 - 2007-10-15 13:23 - 00065536 _____ C:\Windows\SysWOW64\ltserial.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00056464 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUNI05N.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00056464 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPRPC05u.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00052368 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPEML05N.DLL
2015-11-11 22:59 - 2007-10-15 13:23 - 00048272 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPRNT05N.DLL
2015-11-11 22:59 - 2007-10-15 13:23 - 00038032 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPUMD05n.dll
2015-11-11 22:59 - 2007-10-15 13:23 - 00035984 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LPPMN05u.DLL
2015-11-11 22:59 - 2007-10-15 13:23 - 00032768 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lfwmf14n.dll
2015-11-11 22:56 - 2015-11-11 22:56 - 00000000 ____D C:\Program Files (x86)\OriginLab
2015-11-11 22:46 - 2015-11-11 22:46 - 01697808 _____ (Sysprogs OU) C:\Users\Dominic\Downloads\WinCDEmu-4.1.exe
2015-11-11 22:46 - 2015-11-11 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2015-11-11 22:46 - 2015-11-11 22:46 - 00000000 ____D C:\Program Files (x86)\WinCDEmu
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-11 00:20 - 2011-06-24 11:32 - 00000000 ____D C:\Program Files (x86)\Vuze
2015-12-11 00:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-10 23:57 - 2010-05-20 17:05 - 00018880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-10 23:57 - 2010-05-20 17:05 - 00018880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-10 23:32 - 2011-11-28 00:33 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086673812-429092812-4238826206-1000UA.job
2015-12-10 20:03 - 2009-07-09 11:38 - 00000000 ____D C:\Users\Dominic\AppData\Local\Adobe
2015-12-10 20:03 - 2009-07-01 16:17 - 00000000 ____D C:\Users\Dominic\AppData\Roaming\Adobe
2015-12-10 20:03 - 2009-06-24 04:38 - 00000000 ____D C:\ProgramData\Adobe
2015-12-10 20:01 - 2010-05-22 09:14 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{48664D02-A22A-4F1E-8BBE-829433A58462}
2015-12-10 19:59 - 2010-05-20 18:09 - 00071400 _____ C:\Users\Dominic\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-10 19:58 - 2009-07-13 22:45 - 04971144 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 19:58 - 2009-07-01 14:11 - 00000000 ____D C:\ProgramData\TEMP
2015-12-10 19:57 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-10 19:47 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-10 19:40 - 2009-06-24 04:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-10 18:28 - 2011-11-28 00:33 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086673812-429092812-4238826206-1000Core.job
2015-12-10 18:22 - 2009-06-24 04:55 - 00000000 ____D C:\ProgramData\PCDr
2015-12-10 18:00 - 2013-10-11 12:37 - 00000470 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2015-12-07 15:43 - 2009-07-13 23:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-04 22:52 - 2013-09-02 13:30 - 00000000 ____D C:\Program Files (x86)\Tor
2015-12-04 21:33 - 2015-11-02 14:25 - 00000928 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-12-04 21:33 - 2015-10-28 17:04 - 00001225 _____ C:\Users\Public\Desktop\Space Group Visualizer.lnk
2015-12-04 21:33 - 2015-09-11 12:18 - 00001471 _____ C:\Users\Public\Desktop\FP_Suite_TB.lnk
2015-12-04 21:33 - 2013-06-07 19:27 - 00001391 _____ C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-04 21:33 - 2013-05-23 09:08 - 00000862 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-04 21:33 - 2013-03-10 11:33 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-04 21:33 - 2012-08-03 18:43 - 00001255 _____ C:\Users\Public\Desktop\Spartan Student v5.0.0.lnk
2015-12-04 21:33 - 2010-05-20 17:09 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-12-04 21:33 - 2010-05-20 17:09 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-12-04 21:33 - 2010-05-20 15:17 - 00002028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2015-12-04 21:33 - 2009-07-13 22:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-04 21:33 - 2009-07-13 22:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-12-04 21:33 - 2009-07-13 22:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-12-04 21:33 - 2009-07-13 22:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-12-04 21:33 - 2009-07-13 22:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-12-04 21:33 - 2009-06-24 04:39 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
2015-12-04 21:32 - 2015-11-02 14:33 - 00001137 _____ C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Start Menu\EssentialFTIR.lnk
2015-12-04 21:32 - 2015-11-02 14:33 - 00001113 _____ C:\Users\Dominic\Desktop\EssentialFTIR.lnk
2015-12-04 21:32 - 2015-10-22 11:12 - 00002362 _____ C:\Users\Dominic\Desktop\ChemDraw Professional 15.0.lnk
2015-12-04 21:32 - 2015-07-24 13:11 - 00005390 _____ C:\Users\Dominic\Desktop\Nick's Documents - Shortcut.lnk
2015-12-04 21:32 - 2009-07-13 23:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-12-04 21:32 - 2009-07-13 22:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-12-04 21:28 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\security
2015-12-04 20:56 - 2013-04-08 14:01 - 00000000 ____D C:\Users\Dominic\AppData\LocalLow\Delta
2015-12-04 20:56 - 2011-05-16 22:11 - 00000000 ____D C:\Program Files (x86)\MyWebSearch
2015-12-04 17:16 - 2011-06-24 11:32 - 00000000 ____D C:\Users\Dominic\AppData\Roaming\Azureus
2015-12-04 17:16 - 2010-11-14 19:06 - 00000000 ____D C:\Windows\Minidump
2015-12-04 17:11 - 2013-05-23 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-04 17:03 - 2012-08-29 17:41 - 00000000 ____D C:\Users\Dominic\AppData\Roaming\Real
2015-12-04 17:01 - 2013-03-10 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-04 16:38 - 2013-11-18 21:10 - 00000000 ____D C:\ProgramData\Oracle
2015-12-04 16:38 - 2013-11-18 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-04 16:38 - 2009-06-24 04:33 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-04 16:37 - 2014-10-15 20:01 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-04 16:35 - 2012-08-29 17:41 - 00000000 ____D C:\Program Files (x86)\Real
2015-12-04 16:35 - 2012-08-29 17:40 - 00000000 ____D C:\ProgramData\Real
2015-12-04 16:32 - 2011-04-17 22:54 - 00000000 ____D C:\ProgramData\CyberLink
2015-12-04 16:32 - 2009-06-24 05:00 - 00000000 ____D C:\Program Files\CyberLink
2015-12-04 16:32 - 2009-06-24 04:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-04 15:34 - 2010-11-07 20:11 - 00007630 _____ C:\Users\Dominic\AppData\Local\Resmon.ResmonCfg
2015-12-04 13:14 - 2015-10-02 11:57 - 00003348 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1086673812-429092812-4238826206-1000
2015-12-04 13:14 - 2015-09-03 10:45 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1086673812-429092812-4238826206-1000
2015-12-04 13:12 - 2009-12-19 11:39 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-04 13:12 - 2009-06-24 04:53 - 00000000 ____D C:\ProgramData\McAfee
2015-12-04 12:44 - 2014-05-31 22:00 - 00000000 __SHD C:\AI_RecycleBin
2015-12-04 05:51 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-12-04 05:27 - 2011-11-28 00:33 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086673812-429092812-4238826206-1000UA
2015-12-04 05:27 - 2011-11-28 00:33 - 00003494 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086673812-429092812-4238826206-1000Core
2015-12-02 16:28 - 2010-05-20 17:09 - 00000000 ____D C:\Users\Dominic
2015-12-02 15:15 - 2015-09-28 14:02 - 00003370 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1086673812-429092812-4238826206-1000
2015-12-02 15:15 - 2015-09-28 14:02 - 00003240 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1086673812-429092812-4238826206-1000
2015-12-02 15:15 - 2010-05-20 17:09 - 00000000 ____D C:\Users\RA Media Server
2015-11-13 14:46 - 2009-06-24 04:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-11-12 08:07 - 2015-07-14 19:11 - 00000000 ____D C:\Users\Dominic\Documents\N_Barone_Documents
2015-11-12 06:48 - 2012-08-07 09:29 - 00000000 ____D C:\Users\Dominic\Documents\spartan
2015-11-11 23:11 - 2015-10-28 17:04 - 00000000 ____D C:\Users\Public\Documents\SpaceGroupViz
 
==================== Files in the root of some directories =======
 
2009-07-27 22:36 - 2009-12-07 20:26 - 8653312 _____ (Dell, Inc.                                                   ) C:\Users\Dominic\AppData\Roaming\DataSafeDotNet.exe
2015-10-26 21:53 - 2015-12-09 16:27 - 0017901 _____ () C:\Users\Dominic\AppData\Local\CDXLExtendedShim.log
2011-09-12 21:49 - 2011-10-04 12:16 - 0004608 _____ () C:\Users\Dominic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-02 14:28 - 2015-11-02 14:28 - 0000730 _____ () C:\Users\Dominic\AppData\Local\recently-used.xbel
2010-11-07 20:11 - 2015-12-04 15:34 - 0007630 _____ () C:\Users\Dominic\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Dominic\AppData\Local\Temp\DivXSetup.exe
C:\Users\Dominic\AppData\Local\Temp\i4jdel0.exe
C:\Users\Dominic\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Dominic\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Dominic\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Dominic\AppData\Local\Temp\uninst1.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-01 17:43
 
==================== End of FRST.txt ============================
 
 
Link to post
Share on other sites

I was not able to post all the logs in one post. here are the rest, starting with the addition.txt

 

FarBar Addition.txt log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Dominic (2015-12-11 00:21:40)
Running from C:\Users\Dominic\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-05-21 00:01:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1086673812-429092812-4238826206-500 - Administrator - Disabled)
Dominic (S-1-5-21-1086673812-429092812-4238826206-1000 - Administrator - Enabled) => C:\Users\Dominic
Guest (S-1-5-21-1086673812-429092812-4238826206-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1086673812-429092812-4238826206-1003 - Limited - Enabled)
RA Media Server (S-1-5-21-1086673812-429092812-4238826206-1001 - Administrator - Enabled) => C:\Users\RA Media Server
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
ACD/Labs Software in C:\Program Files (x86)\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__Program_Files_(x86)_ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{64FBA03C-575C-D688-1C80-A5773CE471F9}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BrowserProtect (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - ) <==== ATTENTION
ccc-core-static (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Chinese Simplified Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.18 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: Dell DataSafe Local Backup 2.75 x64 - Dell)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell Video Chat (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6567) - SightSpeed Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.20.10 - Creative Technology Ltd)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
Essential FTIR version 3.5 build 47 (HKLM-x32\...\Essential FTIR_is1) (Version:  - )
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
FullProf_Suite (HKLM-x32\...\FullProf_Suite) (Version: June-2015 - )
Gamry Software (HKLM-x32\...\{E52E948A-6FB6-4BD6-AAA7-98BE1D5A5356}) (Version: 6.11 - Gamry Instruments)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-1086673812-429092812-4238826206-1000\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
Integrated Webcam Driver (1.05.02.1227)   (HKLM\...\Creative OA001) (Version: 1.05.02.1227 - Creative Technology Ltd.)
iPhone Configuration Utility (HKLM-x32\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)
ITECIR (HKLM-x32\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LogMeIn (HKLM-x32\...\{921037F5-CCA7-4FC5-83AF-42CC0AF14316}) (Version: 4.1.6524 - LogMeIn, Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MATLAB Compiler Runtime 8.3 (HKLM\...\MATLAB Compiler Runtime R2014a) (Version: 8.3 - The MathWorks, Inc.)
Mendeley Desktop 1.8 (HKLM-x32\...\Mendeley Desktop) (Version: 1.8 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
NI EULA Depot (x32 Version: 2.71.128 - National Instruments) Hidden
NI LabWindows/CVI 2009 Run-Time Engine (64-bit) (Version: 9.1.0428 - National Instruments) Hidden
NI LabWindows/CVI 2009 Run-Time Engine (x32 Version: 9.1.0428 - National Instruments) Hidden
NI Logos 5.1.1 (x32 Version: 5.1.123.0 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.1.66.0 - National Instruments) Hidden
NI Logos64 5.1.1 (Version: 5.1.76.0 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.1.63.0 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.28.0 - National Instruments) Hidden
NI MAX Remote Configuration 64-bit Installer 4.6.2 (Version: 4.62.49153 - National Instruments) Hidden
NI MAX Remote Configuration Installer 4.6.2 (x32 Version: 4.62.49153 - National Instruments) Hidden
NI MDF Support (x32 Version: 2.71.128 - National Instruments) Hidden
NI TDMS (64-bit) (Version: 2.0.172.0 - National Instruments) Hidden
NI TDMS (x32 Version: 2.0.172.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 2.71.128 - National Instruments) Hidden
NI VC2005MSMs x64 (Version: 8.01.5 - National Instruments) Hidden
NI VC2005MSMs x86 (x32 Version: 8.01.5 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.100 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.100 - National Instruments) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
OriginPro 8 (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)
PerkinElmer ChemDraw Professional 15.0 (HKLM-x32\...\{F24A1FB2-22FC-4A4E-AD90-9B1196AFFF7E}) (Version: 15.0 - PerkinElmer Informatics, Inc.)
PerkinElmer ChemScript 15.0 (HKLM-x32\...\{2623D946-2CA9-4E69-A6C1-DDFA46C87EFF}) (Version: 15.0 - PerkinElmer Informatics, Inc.)
Pharos (HKLM-x32\...\Pharos) (Version:  - )
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.2.0000 - ETS)
Python 3.2 pywin32-217 (HKLM-x32\...\pywin32-py3.2) (Version:  - )
Python 3.2.2 (HKLM-x32\...\{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}) (Version: 3.2.2150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raytrix SpaceGroupViz - 2.5.2.0 (x86) (HKLM-x32\...\SpaceGroupViz 2.5.2.0) (Version: 2.5.2.0 - Raytrix)
Raytrix Visualization Engine - 6.5.9.0 (x86) (HKLM-x32\...\Visualization Engine 6.5.9.0) (Version: 6.5.9.0 - Raytrix)
RC_Vista.exe (HKLM-x32\...\RC_Vista.exe) (Version:  - )
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SpaceGroupViz (x32 Version: 2.5.2.0 - Raytrix) Hidden
Spartan Student v5.0.0 (HKLM-x32\...\Spartan Student v5) (Version:  - Wavefunction)
Spectrum Viewer 2.6.3 (HKLM-x32\...\{DF92C30E-864A-43B1-951D-78D1CA91596B}) (Version: 2.6.3 - Calipso B.V.)
Spekwin32 v1.71.6.1 (english version) (HKLM-x32\...\{87AE8051-AD42-4241-B18B-680E9BF1D13E}_is1) (Version:  - Friedrich Menges)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-1086673812-429092812-4238826206-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1086673812-429092812-4238826206-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dominic\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086673812-429092812-4238826206-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Dominic\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086673812-429092812-4238826206-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Dominic\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086673812-429092812-4238826206-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dominic\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086673812-429092812-4238826206-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dominic\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1086673812-429092812-4238826206-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Dominic\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1086673812-429092812-4238826206-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dominic\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
04-12-2015 11:57:39 Installed LogMeIn Hamachi
04-12-2015 12:41:40 Removed League of Legends
04-12-2015 14:53:17 Installed LogMeIn
08-12-2015 14:44:12 Windows Update
10-12-2015 23:44:12 Before ADW Cleaner
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:34 - 2015-12-04 12:48 - 00000767 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08DACCF8-5F56-4634-A527-5B57C9AEC09A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086673812-429092812-4238826206-1000UA => C:\Users\Dominic\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {20FC41BB-F8BE-4F35-B85C-202B6F7DA6D4} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {2D6E66CF-0520-49E9-BD23-280B95E8F91D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1086673812-429092812-4238826206-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {443642F2-7A37-4E29-9749-460BDAEB175A} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {4970D246-937A-48CF-B565-BDFA82F69CBD} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1086673812-429092812-4238826206-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {4DB73C80-11E7-4F96-84DB-1011FE9ECFA0} - System32\Tasks\{57424887-2C4C-40F7-8B39-353C37EEBCD6} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {5D95EF57-BAAD-4E0B-80C2-23491CDC7E1A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {5E6364C9-C7EF-4A71-934E-4C0CB204CE83} - System32\Tasks\{92D45728-C04B-4CFD-8158-3A482A3C3E92} => pcalua.exe -a "C:\Users\Dominic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDHTWSV8\LimeWireWin[1].exe" -d C:\Users\Dominic\Desktop
Task: {610E6C0C-E25C-4C1B-B7CB-5DBFEF5516B8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1086673812-429092812-4238826206-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7C2B48A9-31A3-4F95-AD12-60CE984072A8} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {91483A8B-D466-43D0-9DAF-B102C6A977C4} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Dominic => C:\Program Files\Windows Calendar\WinCal.exe
Task: {92387F9A-944F-4585-9FD7-A6EC50E2F265} - System32\Tasks\{73A2B45B-7911-4E24-BB37-2F4EC135D3CE} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.124.259&LastError=12002
Task: {940F4C4D-CCA3-4E98-9ABF-DA2B656F2E9D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1086673812-429092812-4238826206-1000Core => C:\Users\Dominic\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9B37312F-792B-4F22-9B7A-B6E519F6B8B8} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUns
Task: {BE2C9B15-A1BE-4718-9856-A1474E09B831} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {C5F78E4C-35A4-4FCD-A90A-40F5734EAB51} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {C9D19EFB-979F-4C79-86C2-AF2452E1DD8D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EB60AE17-31F0-4DBA-AD06-CC3F1500CDDD} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {EC39A550-2DEB-480E-BFC2-33A5B75C087A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1086673812-429092812-4238826206-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {EE4749C7-1AB9-4F27-A296-AB1554552AB9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-20] (Adobe Systems Incorporated)
Task: {F16339B7-23A8-4DFE-819B-5C1906D038BB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1086673812-429092812-4238826206-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086673812-429092812-4238826206-1000Core.job => C:\Users\Dominic\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1086673812-429092812-4238826206-1000UA.job => C:\Users\Dominic\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration.job => C:\Windows\system32\rundll32.exeFC:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-20 21:30 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2013-02-25 16:39 - 2011-04-10 23:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2008-05-19 15:47 - 2008-05-19 15:47 - 00450560 _____ () C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll
2007-09-21 12:32 - 2007-09-21 12:32 - 02035712 _____ () C:\Program Files (x86)\Common Files\Dell\apache\LIBMYSQL.dll
2015-09-30 14:47 - 2015-09-30 14:47 - 45080248 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\libcef.dll
2015-09-30 14:47 - 2015-09-30 14:47 - 26156728 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\sqlite.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2015-12-10 17:52 - 2015-12-04 15:32 - 01583432 _____ () C:\Users\Dominic\AppData\Local\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-10 17:52 - 2015-12-04 15:32 - 00081224 _____ () C:\Users\Dominic\AppData\Local\Google\Chrome\Application\47.0.2526.80\libegl.dll
2015-12-10 17:52 - 2015-12-04 15:32 - 16573256 _____ () C:\Users\Dominic\AppData\Local\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1086673812-429092812-4238826206-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dominic\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1086673812-429092812-4238826206-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 131.156.1.11 - 131.156.116.210
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellUpdate => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SBC_McciTrayApp => "C:\Program Files (x86)\SBC\update\SST.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [uDP Query User{1289CEFD-8F05-4FB9-AB02-F62A76708FAF}C:\program files (x86)\dell video chat\dellvideochat.exe] => (Allow) C:\program files (x86)\dell video chat\dellvideochat.exe
FirewallRules: [TCP Query User{ABB04EFE-14A4-4164-AE23-3D459184DFA2}C:\program files (x86)\dell video chat\dellvideochat.exe] => (Allow) C:\program files (x86)\dell video chat\dellvideochat.exe
FirewallRules: [uDP Query User{C9BA1D2E-D396-40F1-9E64-A39B2D5E6844}C:\users\dominic\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe] => (Allow) C:\users\dominic\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe
FirewallRules: [TCP Query User{A21B917C-33EA-45EF-8015-544AEF89CCD0}C:\users\dominic\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe] => (Allow) C:\users\dominic\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe
FirewallRules: [uDP Query User{97B6CFA3-1FD4-48E7-92E6-A8DFEBAC0B62}C:\users\dominic\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe] => (Allow) C:\users\dominic\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe
FirewallRules: [TCP Query User{15F352F8-7877-4198-8C58-093F789A0CB7}C:\users\dominic\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe] => (Allow) C:\users\dominic\appdata\local\abacastdistributedondemand\node\11\abacastdistributedondemand.exe
FirewallRules: [{67E2D69D-8904-42F6-92A7-65C84FFFEB59}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{183DED9E-FE2A-4AE3-B6EA-3357635D0596}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{9D7E13EC-40AA-4EE3-ABD7-2A14A5E02336}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{C2499989-E74F-40C5-A0F0-1D9E981F7EFA}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{704B0268-AD1C-425E-A285-162E15FCFDC6}] => (Allow) C:\Program Files (x86)\Common Files\Dell\VLC\vlc.exe
FirewallRules: [{897B2407-2D5F-49D3-82BF-2AC1184C8094}] => (Allow) C:\Program Files (x86)\Common Files\Dell\VLC\vlc.exe
FirewallRules: [{967CC3C3-26B6-496D-87C0-707B8C9AD9B2}] => (Allow) LPort=40094
FirewallRules: [{7E84D997-88C6-4300-9434-8FFA634CD07D}] => (Allow) LPort=40093
FirewallRules: [{FCBD2DF8-304A-4CDC-A1A1-C6846578B51C}] => (Allow) LPort=40092
FirewallRules: [{AF8018AE-3C0D-4444-B75D-9FAEAAB775B1}] => (Allow) LPort=40091
FirewallRules: [{E455B224-67B7-4CB8-AFE3-E84B337CAA6A}] => (Allow) LPort=40090
FirewallRules: [{6DA4E850-098A-41C2-9C1D-A45FE506B51D}] => (Allow) LPort=40080
FirewallRules: [{530B8E5D-6EB8-4C96-9F9F-F63405E732BE}] => (Allow) C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
FirewallRules: [{AE7EDED2-B99D-4A46-9855-55E87C42E6D8}] => (Allow) C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
FirewallRules: [{B33BA6BD-49B5-4520-B6E7-F03D10BA0BFF}] => (Allow) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
FirewallRules: [{89B39956-64A4-4FD5-8924-2183C56284FF}] => (Allow) C:\Program Files (x86)\Common Files\Dell\apache\php.exe
FirewallRules: [{9570ECEB-3F55-475B-9259-39C04D2CA2A6}] => (Allow) C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysql.exe
FirewallRules: [{79CC927A-4C36-40EB-8CA6-EEFCEF28AD39}] => (Allow) C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysql.exe
FirewallRules: [{D04AF8F8-E6F2-440E-BCB9-C3E854E0D62F}] => (Allow) C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
FirewallRules: [{884B82B6-D57C-4101-8960-CE8485DC5899}] => (Allow) C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
FirewallRules: [{51F7CD10-193B-4AAE-A73A-DE3BFD285C99}] => (Allow) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
FirewallRules: [{E889F183-1DC2-4AC8-BD31-CA6FD78CA6C1}] => (Allow) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
FirewallRules: [{DB987A06-0781-4950-B2A5-F66CF45E4641}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{2344FECE-3E44-4545-BEE2-23DEB02BDDA0}] => (Allow) svchost.exe
FirewallRules: [{17B03484-4A2B-4C76-927F-312F9AFC0244}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4E248E94-15C6-47E0-9691-74DDB5955709}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{DCDD2BB2-5101-4864-B4FC-B930E67859CC}] => (Allow) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
FirewallRules: [{B1DA25DD-2E5A-44B7-9AB7-5374814644F9}] => (Allow) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
FirewallRules: [{F99F7028-DA20-4FC0-B013-B294560245AF}] => (Allow) C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
FirewallRules: [{13B8050C-87C0-4921-A574-BDE06E46CA7A}] => (Allow) C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
FirewallRules: [{875CCBFC-B5D6-4648-8025-468D7B9335F9}] => (Allow) C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
FirewallRules: [{602394BD-2C4B-4041-B6F0-6CE0FBD5D345}] => (Allow) C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
FirewallRules: [{C2296A1D-E9CF-4A57-A1BB-306F4268D4AA}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{4E618AB1-5546-46B9-AE46-FC0BCDED95CF}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{BEF39E97-C054-4293-A013-A2133FA5BC56}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{2BBE217B-1D69-4A6B-A934-21BDD52F12DC}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{EBFCD81A-9107-4A14-B0A3-C058273CC82A}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{330739FF-2F81-43FD-81EC-38EB75D95197}] => (Allow) C:\Windows\System32\SUPDSvc2.exe
FirewallRules: [{2A1889BB-B0CA-4F50-9D40-B5FB5FCDB82B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{F099270A-CADC-427E-B6AB-FF9A491206D8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{FAC6E439-960C-445D-9199-F6A81D6599AB}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [uDP Query User{1A540238-266C-4228-B3BE-3DAB8438E945}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{32846B21-92F8-487F-AC3E-2BEF697EDF5A}] => (Allow) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
FirewallRules: [{93D41694-2199-4388-A318-626D1447A575}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{58C4F667-155C-4CA9-B6CF-50284FA7DA1E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EBA96BB-F107-4C2F-9444-96DF3B3BC96C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2F184C4-E0A0-4989-B9AA-415541C44D47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B2C8771A-B408-4C89-8D71-91E5125760C7}C:\users\dominic\appdata\local\temp\ign1341.tmp\lmiignition.exe] => (Allow) C:\users\dominic\appdata\local\temp\ign1341.tmp\lmiignition.exe
FirewallRules: [uDP Query User{968D45E2-7AF7-4F39-B7C6-D6F7C128656B}C:\users\dominic\appdata\local\temp\ign1341.tmp\lmiignition.exe] => (Allow) C:\users\dominic\appdata\local\temp\ign1341.tmp\lmiignition.exe
FirewallRules: [TCP Query User{AE983D6E-9AE8-4E06-A15B-E60EF771B0B7}C:\users\dominic\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\dominic\appdata\local\logmein client\lmiignition.exe
FirewallRules: [uDP Query User{832A7348-FD6B-439F-B44A-7034EB866354}C:\users\dominic\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\dominic\appdata\local\logmein client\lmiignition.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/10/2015 11:44:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1086673812-429092812-4238826206-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {7f0f8c1e-7749-4c67-9bb6-31af413f3c85}
 
Error: (12/10/2015 07:59:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/10/2015 07:52:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogMeInSystray.exe, version: 3.0.0.596, time stamp: 0x461e72d4
Faulting module name: LogMeInSystray.dll, version: 4.1.0.6524, time stamp: 0x565c576e
Exception code: 0x40000015
Fault offset: 0x00000000001c0c86
Faulting process id: 0xd18
Faulting application start time: 0xLogMeInSystray.exe0
Faulting application path: LogMeInSystray.exe1
Faulting module path: LogMeInSystray.exe2
Report Id: LogMeInSystray.exe3
 
Error: (12/10/2015 07:52:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program acrobatproDC_00000000000000000000000409.exe version 3.6.7.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: efc
 
Start Time: 01d133b2e289a070
 
Termination Time: 0
 
Application Path: C:\Users\Dominic\Downloads\acrobatproDC_00000000000000000000000409.exe
 
Report Id:
 
Error: (12/08/2015 07:06:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LMIIgnition.exe, version: 1.3.0.1675, time stamp: 0x565c53c6
Faulting module name: RACtrl.dll, version: 1.0.0.2063, time stamp: 0x565c5201
Exception code: 0x40000015
Fault offset: 0x00290e6f
Faulting process id: 0x1240
Faulting application start time: 0xLMIIgnition.exe0
Faulting application path: LMIIgnition.exe1
Faulting module path: LMIIgnition.exe2
Report Id: LMIIgnition.exe3
 
Error: (12/08/2015 02:44:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1086673812-429092812-4238826206-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {46224edb-2bec-48f3-b333-eea5829f103e}
 
Error: (12/07/2015 03:00:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/07/2015 01:01:16 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (12/06/2015 11:23:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/05/2015 02:08:37 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
 
System errors:
=============
Error: (12/07/2015 02:31:32 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MACBOOKAIR-8955:0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.16 did not allow the name to be claimed by
this computer.
 
Error: (12/07/2015 02:21:32 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MACBOOKAIR-8955:0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.16 did not allow the name to be claimed by
this computer.
 
Error: (12/07/2015 02:11:40 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MACBOOKAIR-8955:0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.16 did not allow the name to be claimed by
this computer.
 
Error: (12/07/2015 02:01:30 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MACBOOKAIR-8955:0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.16 did not allow the name to be claimed by
this computer.
 
Error: (12/07/2015 01:50:56 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MACBOOKAIR-8955:0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.16 did not allow the name to be claimed by
this computer.
 
Error: (12/07/2015 01:40:50 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MACBOOKAIR-8955:0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.16 did not allow the name to be claimed by
this computer.
 
Error: (12/07/2015 01:20:56 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MACBOOKAIR-8955:0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.16 did not allow the name to be claimed by
this computer.
 
Error: (12/07/2015 01:10:25 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MACBOOKAIR-8955:0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.16 did not allow the name to be claimed by
this computer.
 
Error: (12/07/2015 01:00:38 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MACBOOKAIR-8955:0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.16 did not allow the name to be claimed by
this computer.
 
Error: (12/07/2015 12:50:29 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "MACBOOKAIR-8955:0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.16 did not allow the name to be claimed by
this computer.
 
 
CodeIntegrity:
===================================
  Date: 2015-12-10 19:57:30.015
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-10 19:57:29.968
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-07 14:59:13.351
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-07 14:59:13.273
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-06 23:22:21.556
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-06 23:22:21.510
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-04 21:29:11.630
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-04 21:29:11.552
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-04 17:01:59.819
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-04 17:01:59.741
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU T9550 @ 2.66GHz
Percentage of memory in use: 58%
Total physical RAM: 8156.86 MB
Available physical RAM: 3404.21 MB
Total Virtual: 16311.89 MB
Available Virtual: 10592.44 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:193.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: CFFC1206)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
ADW Cleaner log: (please note: I accidentally closed the log of the first scan after i closed the program so this is the second scan.)
 
# AdwCleaner v5.024 - Logfile created 11/12/2015 at 01:44:57
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dominic - DOMINIC-PC
# Running from : C:\Users\Dominic\Downloads\adwcleaner_5.024.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\MyWebSearch
Folder Found : C:\Program Files (x86)\MyWebSearch
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\speedypc software
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Dominic\AppData\Local\Conduit
Folder Found : C:\Users\Dominic\AppData\Local\FileViewPro
Folder Found : C:\Users\Dominic\AppData\Local\ShdUpdate
Folder Found : C:\Users\Dominic\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dominic\AppData\LocalLow\Delta
Folder Found : C:\Users\Dominic\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Dominic\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Dominic\AppData\Roaming\Babylon
Folder Found : C:\Users\Dominic\AppData\Roaming\DriverCure
Folder Found : C:\Users\Dominic\AppData\Roaming\FinalTorrent
Folder Found : C:\Users\Dominic\AppData\Roaming\speedypc software
Folder Found : C:\Users\Dominic\AppData\Roaming\Yahoo!\Companion
Folder Found : C:\Windows\SysWOW64\BrowserProtect
 
***** [ Files ] *****
 
File Found : C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_viewpoint.com_0.localstorage
File Found : C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_viewpoint.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKCU\Software\e2d6d9b06abd43
Key Found : HKLM\SOFTWARE\e2d6d9b06abd43
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\MyWebSearch
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\speedypc software
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\FocusInteractive
Key Found : HKLM\SOFTWARE\Fun Web Products
Key Found : HKLM\SOFTWARE\MyWebSearch
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\speedypc software
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Viewpoint
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\MyWebSearch
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\.DEFAULT\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-1086673812-429092812-4238826206-1001\Software\Conduit
Key Found : HKU\S-1-5-21-1086673812-429092812-4238826206-1001\Software\AppDataLow\Toolbar
Key Found : HKU\S-1-5-21-1086673812-429092812-4238826206-1001\Software\AppDataLow\Software\Conduit
Key Found : HKU\S-1-5-21-1086673812-429092812-4238826206-1001\Software\AppDataLow\Software\Yahoo\Companion
 
***** [ Web browsers ] *****
 
[C:\Users\Dominic\AppData\Roaming\Mozilla\Firefox\Profiles\j8d0cfr8.default\prefs.js] [Preference] Found : user_pref("plugin.blocklisted.npviewpoint", true);
[C:\Users\Dominic\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : blaofbhgbmeikidhlkmjhbkbfohpgekf
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [8284 bytes] ##########
 
 
Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

remove%20outdated.jpg Uninstall some programs

We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
The list of programs to uninstall:
  • BrowserProtect
After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.

Note: If you are unable to uninstall all programs, please inform me, but continue with other steps.


FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.

fixlist.txt

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.