Jump to content

Recommended Posts

Ok, I was brought to this thread after seeking help and was told that someone would be able help me out with my computer, since I can't download the latest malwarebytes. Here are the requested logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lik (administrator) on MALIK (18-03-2016 19:37:25)
Running from C:\Users\Lik\Downloads
Loaded Profiles: Lik (Available Profiles: Lik)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\AECLSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-06] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-22] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-22] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.100.1.40 10.100.1.118 10.100.1.119
Tcpip\..\Interfaces\{7EA80F31-BDD1-43BD-9C72-F8023E16E5A6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F0ADD062-0CBF-47E4-8137-3EDE0CB7B766}: [DhcpNameServer] 10.100.1.40 10.100.1.118 10.100.1.119

Internet Explorer:
==================
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001 -> {1DB4910B-ED64-42FD-A5C4-88BAC5F61A3F} URL =
SearchScopes: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001 -> {A11B5983-C13C-4571-BBDF-F5AE3B43F37B} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001 -> {A4ACE9B8-B048-4336-84EC-F3AE819A6B79} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-22] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2014-02-22] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2014-08-08] (Webroot)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2013-08-13] (Adblock Plus)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-22] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2014-02-22] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2014-08-08] (Webroot)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2013-08-13] (Adblock Plus)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-02-22] (Webroot)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-02-22] (Webroot)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2013-08-07] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
FF Keyword.URL: hxxps://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-07-05] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF SearchPlugin: C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\searchplugins\bingp.xml [2014-05-03]
FF SearchPlugin: C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\searchplugins\yahoo-avast.xml [2014-06-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-02-16]
FF Extension: Yahoo! Toolbar - C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-01-26]
FF Extension: Webroot Password Manager - C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}.xpi [2015-08-21]
FF Extension: Adblock Plus - C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-08-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=U079DF&PC=U079
CHR Profile: C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-29]
CHR Extension: (Google Drive) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-18]
CHR Extension: (YouTube) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-12]
CHR Extension: (Google Search) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-18]
CHR Extension: (Yahoo Extension) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-08-29]
CHR Extension: (avast! SafePrice) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-29]
CHR Extension: (SiteAdvisor) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-05-12]
CHR Extension: (avast! Online Security) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-29]
CHR Extension: (Skype Click to Call) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-17]
CHR Extension: (Google Wallet) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-18]
CHR Extension: (Webroot Password Manager) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-04-11]
CHR Extension: (Gmail) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-22]
CHR HKLM-x32\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-22]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-02-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-02-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-06] (Andrea Electronics Corporation)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-22] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-22] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2013-12-06] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-22] ()
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-06] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-23] (Malwarebytes Corporation)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-18 19:37 - 2016-03-18 19:38 - 00028660 _____ C:\Users\Lik\Downloads\FRST.txt
2016-03-18 19:37 - 2016-03-18 19:37 - 00000000 ____D C:\FRST
2016-03-18 19:16 - 2016-03-18 19:16 - 02374144 _____ (Farbar) C:\Users\Lik\Downloads\FRST64.exe
2016-03-18 17:33 - 2016-03-18 17:33 - 22851472 _____ (Malwarebytes ) C:\Users\Lik\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-10 23:41 - 2016-03-10 23:41 - 11035328 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-03-09 20:26 - 2016-03-09 20:27 - 22908888 _____ (Malwarebytes ) C:\Users\Lik\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-09 00:32 - 2016-02-08 16:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 00:32 - 2016-02-08 15:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-09 00:32 - 2016-02-08 15:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 00:32 - 2016-02-08 15:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-09 00:32 - 2016-02-08 15:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-09 00:32 - 2016-02-08 15:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-09 00:32 - 2016-02-08 15:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-03-09 00:32 - 2016-02-08 15:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 00:32 - 2016-02-08 15:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-03-09 00:32 - 2016-02-08 15:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 00:32 - 2016-02-08 15:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-09 00:32 - 2016-02-08 15:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-09 00:32 - 2016-02-08 14:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-09 00:32 - 2016-02-08 14:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-09 00:32 - 2016-02-08 14:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-03-09 00:32 - 2016-02-08 13:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 00:32 - 2016-02-08 13:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-09 00:32 - 2016-02-08 13:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-09 00:32 - 2016-02-08 13:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-09 00:32 - 2016-02-08 13:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-09 00:32 - 2016-02-08 12:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-03-09 00:32 - 2016-02-08 12:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-03-09 00:32 - 2016-02-08 12:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-03-09 00:32 - 2016-02-08 12:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-09 00:32 - 2016-02-08 12:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 00:32 - 2016-02-08 12:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-09 00:32 - 2016-02-08 12:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-09 00:32 - 2016-02-08 12:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-03-09 00:32 - 2016-02-08 12:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-09 00:32 - 2016-02-08 11:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-03-09 00:30 - 2016-02-12 14:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-09 00:30 - 2016-02-12 10:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 00:30 - 2016-02-12 09:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-03-09 00:30 - 2016-02-12 09:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-03-09 00:30 - 2016-02-12 09:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-03-09 00:30 - 2016-02-12 09:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-03-09 00:30 - 2016-02-12 09:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-03-09 00:30 - 2016-02-12 09:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-03-09 00:30 - 2016-02-12 09:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-03-09 00:30 - 2016-02-12 09:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-03-09 00:30 - 2016-02-12 09:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-03-09 00:30 - 2016-02-12 09:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-03-09 00:30 - 2016-02-06 13:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 00:30 - 2016-02-05 09:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 00:30 - 2016-02-05 09:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 00:30 - 2016-02-05 09:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-03-09 00:30 - 2016-02-05 09:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-03-09 00:30 - 2016-01-05 10:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-03-09 00:30 - 2015-12-30 16:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-09 00:30 - 2015-12-20 09:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-09 00:30 - 2015-12-20 09:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-03-09 00:29 - 2016-02-05 14:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-03-09 00:29 - 2016-02-03 15:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 00:29 - 2016-02-03 15:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 00:29 - 2016-02-03 10:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 00:29 - 2016-02-03 10:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 00:29 - 2016-02-03 10:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 00:29 - 2016-01-24 13:19 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-03-09 00:29 - 2016-01-24 13:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-03-09 00:29 - 2016-01-24 13:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-03-09 00:29 - 2016-01-24 06:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-03-09 00:29 - 2016-01-24 06:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-03-09 00:29 - 2016-01-08 20:38 - 00091992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-03-09 00:29 - 2016-01-06 18:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-03-09 00:29 - 2016-01-06 18:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-03-09 00:29 - 2016-01-06 13:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-03-09 00:29 - 2016-01-06 11:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-03-09 00:27 - 2016-02-11 09:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-03-09 00:27 - 2016-02-11 09:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-03-09 00:27 - 2016-02-11 09:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-03-09 00:27 - 2016-02-11 09:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-03-09 00:27 - 2016-02-05 14:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 00:27 - 2016-02-05 14:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 00:27 - 2016-02-05 10:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 00:27 - 2016-02-05 10:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 00:27 - 2016-01-10 11:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-09 00:27 - 2016-01-10 11:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-09 00:27 - 2016-01-08 20:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-03-09 00:27 - 2016-01-08 20:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-03-09 00:27 - 2015-12-20 09:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-03-09 00:27 - 2015-11-19 09:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-03-09 00:27 - 2015-11-19 09:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-03-09 00:26 - 2016-02-06 11:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-03-09 00:26 - 2016-02-06 11:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-03-09 00:26 - 2016-02-04 13:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-03-09 00:26 - 2016-02-04 13:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 00:26 - 2016-02-04 13:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 00:26 - 2016-02-04 12:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 00:26 - 2016-02-04 12:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 00:26 - 2016-02-04 12:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 00:26 - 2016-02-04 12:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 00:26 - 2016-01-31 14:16 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 00:26 - 2016-01-15 11:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-03-09 00:26 - 2016-01-15 11:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-03-09 00:26 - 2015-12-30 15:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2016-02-23 20:04 - 2016-02-23 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-18 19:37 - 2013-08-16 18:02 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-18 18:41 - 2013-08-17 21:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-18 17:34 - 2014-06-24 05:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-18 17:34 - 2014-02-22 10:27 - 00000000 ____D C:\ProgramData\WRData
2016-03-18 17:01 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-18 16:37 - 2013-08-16 18:02 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-18 14:29 - 2014-09-24 02:15 - 00005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-18 13:04 - 2013-01-05 21:02 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3275680260-1535626414-2396526732-1001
2016-03-18 12:56 - 2012-12-15 00:25 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-03-18 12:50 - 2015-06-22 23:37 - 00004052 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-18 12:48 - 2014-10-25 21:19 - 00000000 ____D C:\Users\Lik
2016-03-18 12:47 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-14 16:42 - 2014-01-28 13:53 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 16:42 - 2014-01-28 13:53 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-11 05:00 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-10 23:42 - 2013-08-17 21:53 - 00003582 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-10 19:29 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-09 18:36 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-09 16:31 - 2013-08-22 09:44 - 00419872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-09 16:31 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-09 10:14 - 2014-12-10 10:20 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-09 02:03 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 02:02 - 2013-08-17 19:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 01:38 - 2013-08-17 19:12 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 02:00 - 2014-12-10 10:25 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 02:00 - 2014-12-10 10:25 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-27 17:53 - 2014-02-22 10:30 - 00181688 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2016-02-27 17:53 - 2014-02-22 10:30 - 00117304 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2016-02-25 21:56 - 2015-04-04 19:06 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-02-25 21:56 - 2015-04-04 19:06 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-02-24 15:50 - 2016-02-11 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-24 15:50 - 2013-08-16 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-23 20:04 - 2015-11-17 19:59 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-23 20:04 - 2014-04-14 18:59 - 00001982 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

==================== Files in the root of some directories =======

2013-11-24 01:42 - 2013-11-24 01:55 - 144752885 _____ () C:\Users\Lik\AppData\Local\ACCCx2_2_1_260.zip.aamdownload
2013-11-24 01:42 - 2013-11-24 01:55 - 0001817 _____ () C:\Users\Lik\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd
2015-09-24 19:01 - 2015-09-24 19:01 - 0000000 _____ () C:\Users\Lik\AppData\Local\{6DEF2C6A-46F2-47B2-97DF-C533648DF760}
2012-12-15 00:22 - 2012-12-15 00:22 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-12-15 00:17 - 2012-12-15 00:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-12-15 00:18 - 2012-12-15 00:20 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-12-15 00:17 - 2012-12-15 00:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-12-15 00:20 - 2012-12-15 00:22 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\Lik\AppData\Local\Temp\WRupdate145265859.exe
C:\Users\Lik\AppData\Local\Temp\WRupdate578246625.exe
C:\Users\Lik\AppData\Local\Temp\WRupdate769636406.exe
C:\Users\Lik\AppData\Local\Temp\WRupdate778408468.exe
C:\Users\Lik\AppData\Local\Temp\{6C8BE031-6E74-43C8-8F70-32928A47CB99}-44.0.2403.155_chrome_installer.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-18 13:04

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Lik (2016-03-18 19:39:06)
Running from C:\Users\Lik\Downloads
Windows 8.1 (X64) (2014-10-26 02:45:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3275680260-1535626414-2396526732-500 - Administrator - Disabled)
Guest (S-1-5-21-3275680260-1535626414-2396526732-501 - Limited - Disabled)
Lik (S-1-5-21-3275680260-1535626414-2396526732-1001 - Administrator - Enabled) => C:\Users\Lik

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{5CEBB0CE-1783-40C2-A7E1-02EE705820F0}) (Version: 1.0 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version:  - )
Canon iP2600 series User Registration (HKLM-x32\...\Canon iP2600 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.8) (Version: 5.0.0.8 - Coupons.com Incorporated)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
outobox 2013.11.12.181539 (HKLM\...\outobox) (Version: 2013.11.12.181539 - outobox) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
SafeIP (HKLM-x32\...\SAFEIP_is1) (Version:  - SafeIP)
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.8.72 - Webroot)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lik\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lik\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lik\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lik\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {13CF8A59-9DFF-4304-AE51-1A21B19C2AE9} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {3A9875AD-D3CF-415E-AA73-96CAFDD085FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3DEF1B00-5B3E-41AD-B2C6-7E0538D5B3F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3DFD3BED-4F25-4153-9DC3-ECAA8CE6B1F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {53E9AF4E-E412-4F4E-975E-7E32BD539E0E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {65B384A6-50E1-4307-BFEF-D3B26D9C6CB1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {89953AB0-60C6-418C-A62C-00C088DD6EFC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-17] (Avast Software s.r.o.)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D625E107-0D93-40C0-A775-63D162708049} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {E0D1BAE8-5846-4719-A84A-F7D01962615D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-12-15 00:20 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-08-06 20:16 - 2012-08-06 20:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
2012-08-06 20:16 - 2012-08-06 20:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
2012-07-31 20:10 - 2012-07-31 20:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2014-01-29 23:02 - 2015-06-01 21:00 - 00102912 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2015-06-22 23:36 - 2015-06-22 23:36 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-22 23:36 - 2015-06-22 23:36 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-17 19:08 - 2016-03-17 19:08 - 02856960 _____ () C:\Program Files\AVAST Software\Avast\defs\16031702\algo.dll
2016-03-18 17:07 - 2016-03-18 17:07 - 02856960 _____ () C:\Program Files\AVAST Software\Avast\defs\16031802\algo.dll
2012-12-15 00:18 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-06-22 23:36 - 2015-06-22 23:36 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-12 21:26 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2016-02-11 20:10 - 2016-02-11 20:10 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8e749780289ceb24f72730345e019061\PSIClient.ni.dll
2012-12-15 00:25 - 2012-09-12 22:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2012-12-15 00:25 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2012-12-15 00:25 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2012-12-15 00:06 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 10.100.1.40 - 10.100.1.118
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{8C7866C1-BB7F-4321-9AB1-A05B1F5FC0C9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{52E9B45A-04BF-4FA0-937A-FCE79E6B0523}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7974431C-9DF0-455C-9B4C-BA81160C66C2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C8DE0B8E-AEDE-42CA-B72F-B043C5CFD43C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [UDP Query User{D0B67969-884D-4874-9931-EF353723E552}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{C6D0D865-7DDD-430E-B056-B9DDE2D76399}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [UDP Query User{1A025F65-5F97-470A-A335-2428D6647D84}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [TCP Query User{F1622848-7666-41A5-9F63-4438511A27F0}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [{C0BB279B-3ADA-45AF-91F8-54CD32EA2B46}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{BF9F9925-F0E6-4B83-8142-EE590A7030C5}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C6D04CED-C755-45BE-A1F7-9AFB9F5DD881}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{706ECC29-39B7-426B-9AAE-A2376C88C453}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{16BAA332-2C25-4E56-8F8A-75B026EDA8C6}] => (Allow) LPort=1900
FirewallRules: [{3CC2001E-988E-4233-A9BD-D6386FB53AC9}] => (Allow) LPort=2869
FirewallRules: [{B771CEB7-66E5-46EF-86FC-C7535B6990AE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{88935700-4F4D-4F94-B7C5-8A184A723473}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{70790F82-6ACD-4DB6-90AC-BE8944928F32}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7B1EB52A-33B7-47CF-BB01-E9F9B0A63E67}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{7EA8C642-ECB0-46F2-9C75-ABC863FFC308}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{975763A0-A5D1-4182-B9F8-5C099E324650}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AE628B34-73C9-49B1-8C4F-90E67DA45B0E}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{C45C77D2-7E2A-411D-9570-C04B26816DDB}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{5C1F7F2F-8A91-4D8F-B912-8AC1CF7F389D}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{63812B3B-1569-43F4-944A-04A18525B0CE}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{B0CB9C86-576B-4FFD-AA10-D20AD77D0989}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26B962E4-A77A-4BA4-B291-DDD20F6BA751}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5039DECB-244B-4710-A9EE-800E472D596D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{14695D1A-2F27-4A5F-A9AD-BB53366A1071}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B50A6E34-5455-4FB8-B575-4A9CCBAE18FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8DCF797-DDA0-4CE4-9803-D71C93521869}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7359B0B5-FB14-4B42-9F87-990CB2E69210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-02-2016 23:29:28 Scheduled Checkpoint
04-03-2016 14:56:45 Scheduled Checkpoint
09-03-2016 01:22:47 Windows Update
17-03-2016 20:33:20 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2016 02:28:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/18/2016 02:28:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/18/2016 12:48:49 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/17/2016 06:42:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18155, time stamp: 0x5661aa1f
Faulting module name: RPCRT4.dll, version: 6.3.9600.17919, time stamp: 0x558ef5ee
Exception code: 0xc0000005
Fault offset: 0x000000000004c799
Faulting process id: 0x32c0
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (03/17/2016 06:28:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/17/2016 06:28:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/16/2016 03:36:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/16/2016 03:36:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/15/2016 10:18:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/15/2016 10:18:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (03/18/2016 01:00:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/18/2016 12:49:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Agent service failed to start due to the following error:
%%1053

Error: (03/18/2016 12:49:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.

Error: (03/18/2016 12:47:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:37:10 PM on ‎3/‎17/‎2016 was unexpected.

Error: (03/17/2016 09:03:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/17/2016 07:10:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/17/2016 06:42:53 PM) (Source: DCOM) (EventID: 10010) (User: Malik)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/17/2016 06:42:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/17/2016 04:54:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/17/2016 03:50:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 64%
Total physical RAM: 3959.09 MB
Available physical RAM: 1390.82 MB
Total Virtual: 5367.09 MB
Available Virtual: 2196.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.19 GB) (Free:348.21 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.21 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.99 GB) (Free:0.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A75C894D)

Partition: GPT.

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Hello,

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

[IMG] Uninstall some programs

We need to uninstall some unwanted/unneeded programs.
  • Press the [IMG] + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
The list of programs to uninstall:
  • Amazon Browser App
  • outobox 2013.11.12.181539
  • ScorpionSaver

After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.

 




[IMG] Fix with Farbar Recovery Scan Tool
[IMG] This fix was created for this user for use on that particular machine. [IMG]
[IMG] Running it on another one may cause damage and render the system unstable. [IMG]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
 
  • Right-click on [IMG] icon and select [IMG] Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 


[IMG] Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on [IMG] icon and select [IMG] Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.
 


[IMG] Check Disk
  • Press the [IMG] + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • Code:
    chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
Check Disk report:
  • Press the [IMG] + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

fixlist.txt

Link to post
Share on other sites

Yes, I believe the check did finish.

Anyway here are the fixlist and zoek results

createrestorepoint:
closeprocesses:
emptytemp:
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

 

 


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Lik on Sun 03/20/2016 at 17:10:15.70.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Lik\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3/20/2016 5:12:15 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\SearchProtect deleted successfully
C:\PROGRA~3\Conduit deleted successfully
C:\Users\Lik\AppData\Roaming\Google deleted successfully
C:\Users\Lik\AppData\Local\Adobe deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully
HKEY_USERS\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A11B5983-C13C-4571-BBDF-F5AE3B43F37B} deleted successfully
HKEY_USERS\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default

user.js not found
---- Lines CT3298566 removed from prefs.js ----
user_pref("CT3298566.FF19Solved", "true");
user_pref("CT3298566.UserID", "UN10607108573743729");
user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
user_pref("CT3298566.fullUserID", "UN10607108573743729.IN.20131002183955");
user_pref("CT3298566.installDate", "02/10/2013 18:39:58");
user_pref("CT3298566.installSessionId", "{FB6D4F14-4B6F-4E15-99E8-E1C70A480977}");
user_pref("CT3298566.installSp", "TRUE");
user_pref("CT3298566.installerVersion", "1.7.1.7");
user_pref("CT3298566.keyword", "true");
user_pref("CT3298566.originalHomepage", "about:home");
user_pref("CT3298566.originalSearchAddressUrl", "http://us.yhs4.search.yahoo.com/yhs/search?hspart=mcafee&hsimp=yhs-01&type=mcafee&p=");
user_pref("CT3298566.originalSearchEngine", "Secure Search");
user_pref("CT3298566.originalSearchEngineName", "Secure Search");
user_pref("CT3298566.searchRevert", "false");
user_pref("CT3298566.searchUserMode", "2");
user_pref("CT3298566.smartbar.homepage", "true");
user_pref("CT3298566.versionFromInstaller", "10.20.1.8");
user_pref("CT3298566.xpeMode", "0");
user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN10607108573743729&UM=2&UP=
user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3298566&CUI=UN10607108573743729&UM=2&SearchSource=13,http://search.condui
user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN10607108573743729&UM=
user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
user_pref("smartbar.homePageOwnerCTID", "CT3298566");
user_pref("smartbar.originalHomepage", "http://search.conduit.com/?ctid=CT3298566&CUI=UN10607108573743729&UM=2&SearchSource=13");
---- Lines outobox removed from prefs.js ----
user_pref("extensions.outobox.aul", "1391301149322");
user_pref("extensions.outobox.irl", true);
user_pref("extensions.outobox.is", "cbsluus");
user_pref("extensions.outobox.ug", "683EEB54-7DBD-42E4-AC8A-A6467048DCC7");
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.defaultengine", "Yahoo (Avast)");
user_pref("browser.search.defaultthis.engineName", "Yahoo (Avast)");
user_pref("browser.search.defaulturl", "https://search.yahoo.com/yhs/search");
user_pref("browser.search.order.1", "Yahoo (Avast)");
user_pref("browser.search.selectedEngine", "Yahoo (Avast)");
user_pref("browser.startup.homepage", "https://www.yahoo.com?fr=hp-avast&type=avastbcl");
user_pref("id_couponscom.searchengine", "Yahoo");
user_pref("keyword.URL", "https://search.yahoo.com/yhs/search");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "http://us.yhs4.search.yahoo.com/yhs/search?hspart=mcafee&hsimp=yhs-01&type=mcafee&p=");
user_pref("yahoo.ytff.alertmanager.ep", "{\"ycred\":\"1\",\"woe\":\"2478307\",\"wt\":\"\",\"wloc\":\"Raleigh\",\"woeList\":\"12769139\"}");
user_pref("yahoo.ytff.button.firstview", "none,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,");
user_pref("yahoo.ytff.cacheloader.ytff", "Sat, 06 Feb 2016 22:51:21 GMT");
user_pref("yahoo.ytff.etp.lasttiptimestamp", "Sat, 22 Aug 2015 15:03:06 GMT");
user_pref("yahoo.ytff.general.addtomy", true);
user_pref("yahoo.ytff.general.clkstrm", true);
user_pref("yahoo.ytff.general.dontshowclkstrmoffer", false);
user_pref("yahoo.ytff.general.dontshowhpoffer", true);
user_pref("yahoo.ytff.general.enableverticals", false);
user_pref("yahoo.ytff.general.installtimestamp", "1453840016979");
user_pref("yahoo.ytff.general.showWelcomePage", false);
user_pref("yahoo.ytff.general.srch", false);
user_pref("yahoo.ytff.general.u13", false);
user_pref("yahoo.ytff.install.istracked", true);
user_pref("yahoo.ytff.installer.activeVertical", "");
user_pref("yahoo.ytff.installer.country", "us");
user_pref("yahoo.ytff.installer.idateformatted", "01.26.2016-14:27:08");
user_pref("yahoo.ytff.installer.installdate", "Tue, 26 Jan 2016 20:27:08 GMT");
user_pref("yahoo.ytff.installer.language", "us");
user_pref("yahoo.ytff.installer.version", "3.2.15.20160125012922");
user_pref("yahoo.ytff.installer.version.simple", "3.2.15");
user_pref("yahoo.ytff.isFeedSignedIn", true);
user_pref("yahoo.ytff.layout.portable", "0");
user_pref("yahoo.ytff.previous.layout", "live_now,marchmad,livenow,app_tnow,mess,yma,wea,fac,fin,ebay,visi_coupon");
user_pref("yahoo.ytff.search.editboxwidth", 300);
user_pref("yahoo.ytff.search.popup_src", "http://toolbar.yahoo.com/bh/v8/search/rsa_glxy?.intl=us%26novert");
user_pref("yahoo.ytff.toolbar.bucketid", "TOOLBARDEFAULT");
user_pref("yahoo.ytff.toolbar.currentdefaulturl", "https://search.yahoo.com/yhs/search");
user_pref("yahoo.ytff.toolbar.dc", "v3_amo");
user_pref("yahoo.ytff.toolbar.deflayout", "mess,yma,wea,fac,fin,ebay,visi_coupon");
user_pref("yahoo.ytff.toolbar.ecs", "1");
user_pref("yahoo.ytff.toolbar.eshp", "0");
user_pref("yahoo.ytff.toolbar.esp", "0");
user_pref("yahoo.ytff.toolbar.frc", "msgr");
user_pref("yahoo.ytff.toolbar.lastuse", "Mon, 08 Feb 2016 06:56:40 GMT");
user_pref("yahoo.ytff.toolbar.layout", "live_now,marchmad,livenow,app_tnow,mess,yma,wea,fac,fin,ebay,visi_coupon");
user_pref("yahoo.ytff.toolbar.numfeed", 0);
user_pref("yahoo.ytff.toolbar.odc", "v3_amo");
user_pref("yahoo.ytff.toolbar.offer", "live_now");
user_pref("yahoo.ytff.toolbar.ofrc", "msgr");
user_pref("yahoo.ytff.toolbar.opc", "msgr");
user_pref("yahoo.ytff.toolbar.orignaldefaulturl", "https://search.yahoo.com/yhs/search");
user_pref("yahoo.ytff.toolbar.osc", "msgr");
user_pref("yahoo.ytff.toolbar.oversion", "3.2.15.20160125012922");
user_pref("yahoo.ytff.toolbar.pc", "msgr");
user_pref("yahoo.ytff.toolbar.sc", "msgr");
user_pref("yahoo.ytff.toolbar.tipintervalsp", 30);
user_pref("yahoo.ytff.toolbar.triggerdaysforyes.ett_spyahoo", 7);
user_pref("yahoo.ytff.toolbar.upgraded", true);
user_pref("yahoo.ytff.toolbar.yahooKeywordurlset", true);
user_pref("yahoo.ytff.toolbar.yhsimp", "A");
user_pref("yahoo.ytff.toolbar.yhspart", "A");
user_pref("yahoo.ytff.tracking.clickactivated", true);
user_pref("yahoo.ytff.tracking.searchboxactivated", true);
user_pref("yahoo.ytff.ybButtons.used", "cobrand_msgr,wlp_glxy,ultf30,yhoo_glxy_refresh,ebox_glxy_ff_new,vis_srch_glxy_sep,spr82,pres_glxy_r,clkstrm240
user_pref("yahoo.ytff.ysots", "20141360845");
user_pref("yahoo.ytffp.installer._u", "24bc1e53d14b44e3b21b524d4a8ae568");
user_pref("yahoo.ytffp.installer.nd", 8);
---- Lines smartbar removed from prefs.js ----
user_pref("smartbar.machineId", "ZF5VKB5D3+KVTEHFW3JK2FNNX2TYJOG473VGW6KKQZA6VM/H0JRRUFFPDIHSESVSIDU6GLPS7H6NH9DL0NMR5W");
---- FireFox user.js and prefs.js backups ----

prefs_20160321_0221_.backup

==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~2\SearchProtect not found
"c:\Windows\Installer\1d04e928.msi" not found
"c:\Windows\Installer\b68f4d.msi" not found
C:\Users\Lik\AppData\Roaming\PrivateTunnel deleted
C:\PROGRA~3\Yahoo! Companion deleted
C:\Users\Lik\AppData\LocalLow\Conduit deleted
C:\PROGRA~2\Mozilla Firefox\browser\nsprotector.js deleted
C:\PROGRA~2\Conduit deleted
C:\bootmenu.xml deleted
C:\SearchProtect deleted
C:\Users\Lik\AppData\Roaming\Yahoo! deleted
C:\Users\Lik\AppData\Roaming\SearchProtect deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\{8AF32939-989B-460A-8726-CA2C776032A1} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Lik\AppData\Local\Conduit deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\WINDOWS\Installer\{6E810AB6-F34E-49A3-A93F-9E503660F718} deleted
C:\Users\Lik\AppData\LocalLow\store-pp.jbs deleted
C:\Users\Lik\AppData\LocalLow\Yahoo! deleted
C:\Users\Lik\AppData\LocalLow\Yahoo! Companion deleted
C:\Users\Lik\AppData\LocalLow\Toolbar4 deleted
C:\WINDOWS\wininit.ini deleted
C:\end deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\searchplugins\bingp.xml deleted
C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\CT3298566 deleted
C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\Yahoo! Inc deleted
"C:\Users\Lik\AppData\Local\{6DEF2C6A-46F2-47B2-97DF-C533648DF760}" deleted
"C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\searchplugins\yahoo-avast.xml" deleted
"C:\PROGRA~2\Coupons\CouponPrinterService.exe" deleted
"C:\PROGRA~2\Coupons\CouponPrinterService.exe" deleted
"C:\PROGRA~2\Coupons" not deleted
"C:\PROGRA~2\Coupons" not deleted

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted
Dell Digital Delivery Service One-Time Delayed Start deleted
SystemToolsDailyTest_once deleted
tmp38F6 deleted
tmpA7AD deleted
tmpE4C9 deleted
tmpE7E2 deleted
tmpEE18 deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12/10/2015 07:20 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
- Webroot Password Manager - %ProfilePath%\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default
EE8D96E7899D12FC3AA5DB2034C0853C    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll -    Shockwave Flash
F627791AB91E01A9829A8D9B6E024D52    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll -    Shockwave Flash


==== Deleted Firefox Extensions ======================

C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[06/22/2015 11:36 PM]
fjpdnoojnohifgekbkmnfbiobhcbedka - C:\Program Files (x86)\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/22/2015 11:36 PM]
kjeghcllfecehndceplomkocgfbklffd - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx[02/22/2014 10:30 AM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/08/2016 11:47 AM]
okfhiodnpcnnnpgbjbhfebjnbagmfhab - C:\ProgramData\WRData\pkg\lpchrome.crx[02/22/2014 10:31 AM]

Yahoo Extension - Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag
avast SafePrice - Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
SiteAdvisor - Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
avast Online Security - Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Skype Click to Call - Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Webroot Password Manager - Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab

==== Chromium Fix ======================

C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fjpdnoojnohifgekbkmnfbiobhcbedka deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}"
"Search Bar"="https://www.yahoo.com?fr=hp-avast&type=avastbcl"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{1DB4910B-ED64-42FD-A5C4-88BAC5F61A3F} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{1DB4910B-ED64-42FD-A5C4-88BAC5F61A3F} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{2ADD9EC5-90A9-4D7E-A249-EEA82B703786}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{1DB4910B-ED64-42FD-A5C4-88BAC5F61A3F} - No_Url_Value
HKCU\SearchScopes\{2ADD9EC5-90A9-4D7E-A249-EEA82B703786} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes\{A4ACE9B8-B048-4336-84EC-F3AE819A6B79} - http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.8 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lik\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Lik\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Lik\AppData\Local\Mozilla\Firefox\Profiles\8mcc3fxv.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=613 folders=363 1107402196 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Lik\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

 

Link to post
Share on other sites

It's acting fine, and here is the Fixlog, sorry about hte hold up.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Lik (2016-03-20 16:38:27) Run:1
Running from C:\Users\Lik\Downloads
Loaded Profiles: Lik (Available Profiles: Lik)
Boot Mode: Normal
==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
emptytemp:
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Software\Classes\exefile => key not found.
EmptyTemp: => 2.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:45:40 ====

Link to post
Share on other sites

Since there are no more problems, we can declare this PC clean thumbs_up_smiley.gif

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.


Step 1. - Creation of system restore point and tools removal.


Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.

Tool deletes old system restore points and creates a fresh system restore point after cleaning.


Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.


Security tips - highly recommended reading:

Maintenance tips:

Additional software that I personally use and install on all my clients devices:

  • Malwarebytes' Anti-Malware (paid version highly recommended) - to scan your system from time to time in search for malware.
  • Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
  • McShield - to prevent infections spread by removable media.
  • Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
  • CryptoPrevent - tool for protection against Cryptolocker and similar ransomware infections.
  • Adblock - to surf the web without annoying ads!
  • Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.
If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation: btn_donateCC_LG.gif
Thank you!



 

Stay safe,
TwinHeadedEagle :)

Link to post
Share on other sites

I'm not sure, I clicked the helped option for when the installation pop up appeared. It then provided a link to a special installer called malwarebytes installer 2.1.8 Hotfix, but the installer also said that this type of file could be harmful to my computer depending on the site I download it from. I just wanted to know if it was safe to use.

Link to post
Share on other sites

[IMG] Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on [IMG] icon and select [IMG] Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    [IMG]
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

Link to post
Share on other sites

Ok, here they are

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lik (administrator) on MALIK (27-03-2016 14:37:21)
Running from C:\Users\Lik\Downloads
Loaded Profiles: Lik (Available Profiles: Lik)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\AECLSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-06] (CANON INC.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-22] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-22] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.100.1.40 10.100.1.118 10.100.1.119
Tcpip\..\Interfaces\{7EA80F31-BDD1-43BD-9C72-F8023E16E5A6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F0ADD062-0CBF-47E4-8137-3EDE0CB7B766}: [DhcpNameServer] 10.100.1.40 10.100.1.118 10.100.1.119

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001 -> {1DB4910B-ED64-42FD-A5C4-88BAC5F61A3F} URL =
SearchScopes: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001 -> {A4ACE9B8-B048-4336-84EC-F3AE819A6B79} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-22] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2014-02-22] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2014-08-08] (Webroot)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2013-08-13] (Adblock Plus)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-22] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2014-02-22] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2014-08-08] (Webroot)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2013-08-13] (Adblock Plus)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2014-02-22] (Webroot)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2014-02-22] (Webroot)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default
FF SearchEngineOrder.3: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-23] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-07-05] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-02-16]
FF Extension: Webroot Password Manager - C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}.xpi [2015-08-21]
FF Extension: Adblock Plus - C:\Users\Lik\AppData\Roaming\Mozilla\Firefox\Profiles\8mcc3fxv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-08-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=U079DF&PC=U079
CHR Profile: C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-26]
CHR Extension: (Google Drive) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-26]
CHR Extension: (YouTube) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-26]
CHR Extension: (Google Search) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-18]
CHR Extension: (Yahoo Extension) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2016-03-26]
CHR Extension: (Avast SafePrice) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-03-26]
CHR Extension: (SiteAdvisor) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26]
CHR Extension: (Avast Online Security) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-26]
CHR Extension: (Skype) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-26]
CHR Extension: (Webroot Password Manager) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-04-11]
CHR Extension: (Gmail) - C:\Users\Lik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-22]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-02-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-02-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-06] (Andrea Electronics Corporation)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-22] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-22] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2013-12-06] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-22] ()
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-06] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-23] (Malwarebytes Corporation)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-14] (Webroot)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-26 14:35 - 2016-03-26 14:35 - 22851472 _____ (Malwarebytes ) C:\Users\Lik\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-03-25 20:43 - 2016-03-25 20:43 - 22851472 _____ (Malwarebytes ) C:\Users\Lik\Downloads\mbam-setup-2.2.1.1043(2).exe
2016-03-24 19:12 - 2016-03-24 19:12 - 22851472 _____ (Malwarebytes ) C:\Users\Lik\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-03-21 03:25 - 2016-03-20 17:10 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-03-21 01:38 - 2016-03-21 03:25 - 00000000 ____D C:\zoek
2016-03-20 17:07 - 2016-03-21 03:26 - 00000000 ____D C:\zoek_backup
2016-03-20 17:07 - 2016-03-20 17:07 - 01309184 _____ C:\Users\Lik\Downloads\zoek.exe
2016-03-20 16:38 - 2016-03-20 16:45 - 00001083 _____ C:\Users\Lik\Downloads\Fixlog.txt
2016-03-20 16:35 - 2016-03-20 16:36 - 00046676 _____ C:\Users\Lik\Desktop\FRST.txt
2016-03-20 16:33 - 2016-03-20 16:33 - 00000264 _____ C:\Users\Lik\Desktop\fixlist.txt
2016-03-19 19:50 - 2016-03-20 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-18 19:45 - 2016-03-18 19:45 - 01706112 _____ (Malwarebytes) C:\Users\Lik\Downloads\mbam-check-2.3.2.0.exe
2016-03-18 19:45 - 2016-03-18 19:45 - 00013162 _____ C:\Users\Lik\Desktop\CheckResults.txt
2016-03-18 19:39 - 2016-03-18 19:42 - 00029146 _____ C:\Users\Lik\Downloads\Addition.txt
2016-03-18 19:37 - 2016-03-27 14:37 - 00026153 _____ C:\Users\Lik\Downloads\FRST.txt
2016-03-18 19:37 - 2016-03-27 14:37 - 00000000 ____D C:\FRST
2016-03-18 19:16 - 2016-03-18 19:16 - 02374144 _____ (Farbar) C:\Users\Lik\Downloads\FRST64.exe
2016-03-18 17:33 - 2016-03-18 17:33 - 22851472 _____ (Malwarebytes ) C:\Users\Lik\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-09 20:26 - 2016-03-09 20:27 - 22908888 _____ (Malwarebytes ) C:\Users\Lik\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-09 00:32 - 2016-02-08 16:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 00:32 - 2016-02-08 15:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-09 00:32 - 2016-02-08 15:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-09 00:32 - 2016-02-08 15:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-09 00:32 - 2016-02-08 15:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-09 00:32 - 2016-02-08 15:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-09 00:32 - 2016-02-08 15:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-03-09 00:32 - 2016-02-08 15:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 00:32 - 2016-02-08 15:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-03-09 00:32 - 2016-02-08 15:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-09 00:32 - 2016-02-08 15:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-09 00:32 - 2016-02-08 15:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-09 00:32 - 2016-02-08 14:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-09 00:32 - 2016-02-08 14:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-09 00:32 - 2016-02-08 14:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-03-09 00:32 - 2016-02-08 13:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-09 00:32 - 2016-02-08 13:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-09 00:32 - 2016-02-08 13:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-09 00:32 - 2016-02-08 13:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-09 00:32 - 2016-02-08 13:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-09 00:32 - 2016-02-08 12:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-03-09 00:32 - 2016-02-08 12:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-03-09 00:32 - 2016-02-08 12:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-03-09 00:32 - 2016-02-08 12:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-09 00:32 - 2016-02-08 12:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-09 00:32 - 2016-02-08 12:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-09 00:32 - 2016-02-08 12:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-09 00:32 - 2016-02-08 12:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-03-09 00:32 - 2016-02-08 12:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-09 00:32 - 2016-02-08 11:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-03-09 00:30 - 2016-02-12 14:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-09 00:30 - 2016-02-12 10:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 00:30 - 2016-02-12 09:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-03-09 00:30 - 2016-02-12 09:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-03-09 00:30 - 2016-02-12 09:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-03-09 00:30 - 2016-02-12 09:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-03-09 00:30 - 2016-02-12 09:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-03-09 00:30 - 2016-02-12 09:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-03-09 00:30 - 2016-02-12 09:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-03-09 00:30 - 2016-02-12 09:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-03-09 00:30 - 2016-02-12 09:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-03-09 00:30 - 2016-02-12 09:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-03-09 00:30 - 2016-02-06 13:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 00:30 - 2016-02-05 09:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 00:30 - 2016-02-05 09:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 00:30 - 2016-02-05 09:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-03-09 00:30 - 2016-02-05 09:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-03-09 00:30 - 2016-01-05 10:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-03-09 00:30 - 2015-12-30 16:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-09 00:30 - 2015-12-20 09:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-09 00:30 - 2015-12-20 09:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 00:29 - 2016-02-20 10:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-03-09 00:29 - 2016-02-05 14:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-03-09 00:29 - 2016-02-03 15:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 00:29 - 2016-02-03 15:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 00:29 - 2016-02-03 10:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 00:29 - 2016-02-03 10:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 00:29 - 2016-02-03 10:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 00:29 - 2016-01-24 13:19 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-03-09 00:29 - 2016-01-24 13:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-03-09 00:29 - 2016-01-24 13:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-03-09 00:29 - 2016-01-24 06:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-03-09 00:29 - 2016-01-24 06:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-03-09 00:29 - 2016-01-08 20:38 - 00091992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-03-09 00:29 - 2016-01-06 18:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-03-09 00:29 - 2016-01-06 18:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-03-09 00:29 - 2016-01-06 13:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-03-09 00:29 - 2016-01-06 11:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-03-09 00:27 - 2016-02-11 09:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-03-09 00:27 - 2016-02-11 09:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-03-09 00:27 - 2016-02-11 09:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-03-09 00:27 - 2016-02-11 09:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-03-09 00:27 - 2016-02-05 14:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-03-09 00:27 - 2016-02-05 14:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-03-09 00:27 - 2016-02-05 10:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 00:27 - 2016-02-05 10:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 00:27 - 2016-01-10 11:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-09 00:27 - 2016-01-10 11:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-09 00:27 - 2016-01-08 20:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-03-09 00:27 - 2016-01-08 20:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-03-09 00:27 - 2015-12-20 09:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2016-03-09 00:27 - 2015-11-19 09:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-03-09 00:27 - 2015-11-19 09:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-03-09 00:26 - 2016-02-06 11:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-03-09 00:26 - 2016-02-06 11:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-03-09 00:26 - 2016-02-04 13:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-03-09 00:26 - 2016-02-04 13:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 00:26 - 2016-02-04 13:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 00:26 - 2016-02-04 12:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 00:26 - 2016-02-04 12:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 00:26 - 2016-02-04 12:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 00:26 - 2016-02-04 12:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 00:26 - 2016-01-31 14:16 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 00:26 - 2016-01-15 11:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-03-09 00:26 - 2016-01-15 11:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-03-09 00:26 - 2015-12-30 15:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-27 14:37 - 2013-08-16 18:02 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-27 14:31 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-27 14:23 - 2012-12-15 00:25 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-03-27 14:19 - 2013-08-16 18:02 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-27 00:41 - 2013-08-17 21:53 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-26 14:36 - 2014-06-24 05:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-24 19:12 - 2014-02-22 10:27 - 00000000 ____D C:\ProgramData\WRData
2016-03-24 15:58 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-24 15:56 - 2015-04-04 19:06 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-03-24 15:56 - 2015-04-04 19:06 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-03-24 15:55 - 2014-09-24 02:15 - 00005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-24 15:33 - 2013-01-05 21:02 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3275680260-1535626414-2396526732-1001
2016-03-23 18:41 - 2013-08-17 21:53 - 00003582 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-23 18:39 - 2015-06-22 23:37 - 00004052 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-23 18:37 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-21 03:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-03-21 02:34 - 2014-05-12 21:21 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-03-20 16:45 - 2014-10-25 21:19 - 00000000 ____D C:\Users\Lik
2016-03-20 16:41 - 2013-10-02 18:40 - 00000000 ____D C:\Users\Lik\AppData\LocalLow\Temp
2016-03-20 16:09 - 2013-08-16 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-19 16:48 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-14 16:42 - 2014-01-28 13:53 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 16:42 - 2014-01-28 13:53 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-11 05:00 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-09 18:36 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-09 16:31 - 2013-08-22 09:44 - 00419872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-09 10:14 - 2014-12-10 10:20 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-09 02:03 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-09 02:02 - 2013-08-17 19:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 01:38 - 2013-08-17 19:12 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 02:00 - 2014-12-10 10:25 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 02:00 - 2014-12-10 10:25 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-27 17:53 - 2014-02-22 10:30 - 00181688 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2016-02-27 17:53 - 2014-02-22 10:30 - 00117304 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll

==================== Files in the root of some directories =======

2013-11-24 01:42 - 2013-11-24 01:55 - 144752885 _____ () C:\Users\Lik\AppData\Local\ACCCx2_2_1_260.zip.aamdownload
2013-11-24 01:42 - 2013-11-24 01:55 - 0001817 _____ () C:\Users\Lik\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd
2012-12-15 00:22 - 2012-12-15 00:22 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-12-15 00:17 - 2012-12-15 00:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-12-15 00:18 - 2012-12-15 00:20 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-12-15 00:17 - 2012-12-15 00:17 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-12-15 00:20 - 2012-12-15 00:22 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-24 15:33

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Lik (2016-03-27 14:38:40)
Running from C:\Users\Lik\Downloads
Windows 8.1 (X64) (2014-10-26 02:45:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3275680260-1535626414-2396526732-500 - Administrator - Disabled)
Guest (S-1-5-21-3275680260-1535626414-2396526732-501 - Limited - Disabled)
Lik (S-1-5-21-3275680260-1535626414-2396526732-1001 - Administrator - Enabled) => C:\Users\Lik

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{5CEBB0CE-1783-40C2-A7E1-02EE705820F0}) (Version: 1.0 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version:  - )
Canon iP2600 series User Registration (HKLM-x32\...\Canon iP2600 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
SafeIP (HKLM-x32\...\SAFEIP_is1) (Version:  - SafeIP)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.8.72 - Webroot)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lik\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lik\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lik\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3275680260-1535626414-2396526732-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lik\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {13CF8A59-9DFF-4304-AE51-1A21B19C2AE9} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {3A9875AD-D3CF-415E-AA73-96CAFDD085FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3DEF1B00-5B3E-41AD-B2C6-7E0538D5B3F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3DFD3BED-4F25-4153-9DC3-ECAA8CE6B1F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {53E9AF4E-E412-4F4E-975E-7E32BD539E0E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {65B384A6-50E1-4307-BFEF-D3B26D9C6CB1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {89953AB0-60C6-418C-A62C-00C088DD6EFC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-17] (Avast Software s.r.o.)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D625E107-0D93-40C0-A775-63D162708049} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {E0D1BAE8-5846-4719-A84A-F7D01962615D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-23] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-12-15 00:20 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-08-06 20:16 - 2012-08-06 20:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
2012-08-06 20:16 - 2012-08-06 20:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
2012-08-06 20:16 - 2012-08-06 20:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
2012-07-31 20:10 - 2012-07-31 20:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2014-01-29 23:02 - 2015-06-01 21:00 - 00102912 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2015-06-22 23:36 - 2015-06-22 23:36 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-22 23:36 - 2015-06-22 23:36 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-22 19:31 - 2016-03-22 19:31 - 02857472 _____ () C:\Program Files\AVAST Software\Avast\defs\16032201\algo.dll
2016-03-27 14:28 - 2016-03-27 14:28 - 02846208 _____ () C:\Program Files\AVAST Software\Avast\defs\16032702\algo.dll
2016-02-11 20:10 - 2016-02-11 20:10 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8e749780289ceb24f72730345e019061\PSIClient.ni.dll
2012-12-15 00:06 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-12-15 00:25 - 2012-09-12 22:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2012-12-15 00:25 - 2012-08-06 11:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2012-12-15 00:25 - 2012-08-06 11:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2012-12-15 00:18 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-06-22 23:36 - 2015-06-22 23:36 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3275680260-1535626414-2396526732-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 10.100.1.40 - 10.100.1.118
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{8C7866C1-BB7F-4321-9AB1-A05B1F5FC0C9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{52E9B45A-04BF-4FA0-937A-FCE79E6B0523}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7974431C-9DF0-455C-9B4C-BA81160C66C2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C8DE0B8E-AEDE-42CA-B72F-B043C5CFD43C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [UDP Query User{D0B67969-884D-4874-9931-EF353723E552}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{C6D0D865-7DDD-430E-B056-B9DDE2D76399}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [UDP Query User{1A025F65-5F97-470A-A335-2428D6647D84}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [TCP Query User{F1622848-7666-41A5-9F63-4438511A27F0}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [{C0BB279B-3ADA-45AF-91F8-54CD32EA2B46}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{BF9F9925-F0E6-4B83-8142-EE590A7030C5}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C6D04CED-C755-45BE-A1F7-9AFB9F5DD881}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{706ECC29-39B7-426B-9AAE-A2376C88C453}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{16BAA332-2C25-4E56-8F8A-75B026EDA8C6}] => (Allow) LPort=1900
FirewallRules: [{3CC2001E-988E-4233-A9BD-D6386FB53AC9}] => (Allow) LPort=2869
FirewallRules: [{B771CEB7-66E5-46EF-86FC-C7535B6990AE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{88935700-4F4D-4F94-B7C5-8A184A723473}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{70790F82-6ACD-4DB6-90AC-BE8944928F32}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7B1EB52A-33B7-47CF-BB01-E9F9B0A63E67}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{7EA8C642-ECB0-46F2-9C75-ABC863FFC308}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{975763A0-A5D1-4182-B9F8-5C099E324650}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AE628B34-73C9-49B1-8C4F-90E67DA45B0E}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{C45C77D2-7E2A-411D-9570-C04B26816DDB}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{5C1F7F2F-8A91-4D8F-B912-8AC1CF7F389D}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{63812B3B-1569-43F4-944A-04A18525B0CE}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{B0CB9C86-576B-4FFD-AA10-D20AD77D0989}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26B962E4-A77A-4BA4-B291-DDD20F6BA751}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5039DECB-244B-4710-A9EE-800E472D596D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{14695D1A-2F27-4A5F-A9AD-BB53366A1071}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B50A6E34-5455-4FB8-B575-4A9CCBAE18FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8DCF797-DDA0-4CE4-9803-D71C93521869}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7359B0B5-FB14-4B42-9F87-990CB2E69210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-03-2016 01:22:47 Windows Update
17-03-2016 20:33:20 Scheduled Checkpoint
19-03-2016 17:19:54 Removed Amazon Browser App
20-03-2016 16:39:04 Restore Point Created by FRST
20-03-2016 17:11:34 zoek.exe restore point
24-03-2016 15:54:48 Windows Update

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2016 03:55:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/24/2016 03:55:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/23/2016 06:40:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/23/2016 06:40:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/23/2016 06:37:32 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/21/2016 03:27:05 AM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/21/2016 02:45:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNEL32.DLL, version: 6.3.9600.17415, time stamp: 0x545049be
Exception code: 0xc0000005
Fault offset: 0x000292a6
Faulting process id: 0x10a8
Faulting application start time: 0xERUNT.exe0
Faulting application path: ERUNT.exe1
Faulting module path: ERUNT.exe2
Report Id: ERUNT.exe3
Faulting package full name: ERUNT.exe4
Faulting package-relative application ID: ERUNT.exe5

Error: (03/20/2016 04:53:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (03/20/2016 04:53:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (03/20/2016 04:47:29 PM) (Source: CirrusAudioService) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeLoadException: Could not load type 'CirrusLogicSquared.LogicSquared' from assembly 'LogicSquared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'.
   at CirrusService.ServiceContractImpl..ctor()
   at CirrusService.CirrusService.CreateServiceHost()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (03/27/2016 02:29:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/26/2016 11:20:09 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/26/2016 08:04:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/26/2016 08:04:39 PM) (Source: DCOM) (EventID: 10010) (User: Malik)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/26/2016 06:50:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/26/2016 03:59:00 PM) (Source: DCOM) (EventID: 10010) (User: Malik)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/26/2016 03:47:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/26/2016 03:16:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/26/2016 02:30:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (03/26/2016 01:38:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 66%
Total physical RAM: 3959.09 MB
Available physical RAM: 1329.61 MB
Total Virtual: 5367.09 MB
Available Virtual: 1293.51 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.19 GB) (Free:342.13 GB) NTFS
Drive w: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.21 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:7.99 GB) (Free:0.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A75C894D)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.