Jump to content

Heuristic Analysis hangs


Recommended Posts

Hi everyone,

First of all I am not computer savvy.

  1. Ran the ESET online scanner first; cleaned the system.
  2. Ran the MBAM v. 2.2.1.1043 the Heuristic Analysis stopped/hanged at certain number.
  3. After this action ran Chameleon, seemingly successfully finished (At the Command Prompt Time-out was set automatically at 1800 sec; however the MBAM finished at approx. at 2000 sec.). To be sure ran MBAM again; no luck, the same hanging with the H.A again.
  4. Ran a fresh version of MBAM as is suggested in the Advanced-Setup/MBAM Clean; no luck again with the H.A.

OS is W7 SP-1 x64 bit Pro on HP Compac dc 5800, Intel Core 2 Duo CPU

What is the solution?

Thank you

Link to post
Share on other sites

Hello and :welcome::

It sounds as if you are probably infected and/or dealing with malware remnants/damage, but we need a bit more information in order to better assist you.

Please follow the steps in this pinned topic and then please ATTACH the 3 requested logs to your next reply in this thread: Diagnostic Logs.
The 3 logs will be FRST.txt, Addition.txt and CheckResults.txt.

Thank you,

Link to post
Share on other sites

  • 3 weeks later...

Hi,

Sorry for the long delay; Frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-05-2016
Ran by My Computer (administrator) on MYCOMPUTER-PC (28-05-2016 10:37:52)
Running from C:\Users\My Computer\Downloads
Loaded Profiles: My Computer (Available Profiles: My Computer)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Duality Software) C:\Program Files\DS Clock\dsetime.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Duality Software) C:\Program Files\DS Clock\dsclock.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(brother) C:\Program Files (x86)\Brownie\brpjp04a.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [1107672 2016-04-22] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\Run: [DS Clock] => C:\Program Files\DS Clock\DSClock.exe [1349960 2011-10-10] (Duality Software)
HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\Run: [BingSvc] => C:\Users\My Computer\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\RunOnce: [BrStsW64.exe] => C:\Program Files (x86)\Brownie\BrStsW64.exe [3695928 2009-08-19] (brother)
HKU\S-1-5-21-1731626085-4270488790-50613601-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\avastSS.scr [52184 2016-05-03] (AVAST Software)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-04-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1C410630-9238-4B32-B282-797788DF0F2D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_iobitfs_16_21&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByD0BtA0DtCyEtAtD0CyDtDtAtBtN0D0Tzu0StCyCtDyBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0DyCtBzy0DyCtGtBtAyEtDtGzzyEtD0BtGtB0B0DzytGyDyDyCtAtAtByCtC0Fzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzz0DtAtAyD0AyDtG0D0AyCyDtGyE0FzytAtG0AtA0AzztGtBzzyEtD0C0CtD0F0FyBzz0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtDtCtB%26cr%3D1342941799%26a%3Dwbf_iobitfs_16_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_iobitfs_16_21&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByD0BtA0DtCyEtAtD0CyDtDtAtBtN0D0Tzu0StCyCtDyBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0DyCtBzy0DyCtGtBtAyEtDtGzzyEtD0BtGtB0B0DzytGyDyDyCtAtAtByCtC0Fzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzz0DtAtAyD0AyDtG0D0AyCyDtGyE0FzytAtG0AtA0AzztGtBzzyEtD0C0CtD0F0FyBzz0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtDtCtB%26cr%3D1342941799%26a%3Dwbf_iobitfs_16_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
HKU\S-1-5-21-1731626085-4270488790-50613601-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.canoe.com/home.html
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_iobitfs_16_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByD0BtA0DtCyEtAtD0CyDtDtAtBtN0D0Tzu0StCyCtDyBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0DyCtBzy0DyCtGtBtAyEtDtGzzyEtD0BtGtB0B0DzytGyDyDyCtAtAtByCtC0Fzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzz0DtAtAyD0AyDtG0D0AyCyDtGyE0FzytAtG0AtA0AzztGtBzzyEtD0C0CtD0F0FyBzz0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtDtCtB%26cr%3D1342941799%26a%3Dwbf_iobitfs_16_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_iobitfs_16_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByD0BtA0DtCyEtAtD0CyDtDtAtBtN0D0Tzu0StCyCtDyBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0DyCtBzy0DyCtGtBtAyEtDtGzzyEtD0BtGtB0B0DzytGyDyDyCtAtAtByCtC0Fzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzz0DtAtAyD0AyDtG0D0AyCyDtGyE0FzytAtG0AtA0AzztGtBzzyEtD0C0CtD0F0FyBzz0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtDtCtB%26cr%3D1342941799%26a%3Dwbf_iobitfs_16_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_iobitfs_16_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByD0BtA0DtCyEtAtD0CyDtDtAtBtN0D0Tzu0StCyCtDyBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0DyCtBzy0DyCtGtBtAyEtDtGzzyEtD0BtGtB0B0DzytGyDyDyCtAtAtByCtC0Fzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzz0DtAtAyD0AyDtG0D0AyCyDtGyE0FzytAtG0AtA0AzztGtBzzyEtD0C0CtD0F0FyBzz0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtDtCtB%26cr%3D1342941799%26a%3Dwbf_iobitfs_16_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1731626085-4270488790-50613601-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-14] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] ()
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKU\S-1-5-21-1731626085-4270488790-50613601-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll [2009-11-30] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll [2010-12-01] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} -  No File
Handler-x32: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll [2014-03-14] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files (x86)\TurboTax 2014\ic2014pp.dll [2014-11-22] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - C:\Program Files (x86)\TurboTax 2015\ic2015pp.dll [2016-02-10] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] ()

FireFox:
========
FF ProfilePath: C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862
FF NewTab: about:newtab
FF DefaultSearchEngine: Search Provided by Yahoo
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxp://en.canoe.com/home.html
FF Keyword.URL: user_pref("keyword.URL", true);
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1731626085-4270488790-50613601-1000: @citrixonline.com/appdetectorplugin -> C:\Users\My Computer\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-1731626085-4270488790-50613601-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-07-15]
FF Extension: NetVideoHunter - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\extensions\netvideohunter@netvideohunter.com [2015-11-11]
FF Extension: WOT - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: Tab History Menu - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\extensions\{9c491c49-071c-4039-98a5-66d3fe53b1b2}.xpi [2016-04-28]
FF Extension: DuckDuckGo Plus - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2016-04-28]
FF Extension: Nautipolis for Firefox - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\Extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi [2016-05-01]
FF Extension: YouTube High Definition - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-05-07]
FF Extension: Adblock Plus - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-20]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-09-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-14]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-03] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 DSClockSyncTime; C:\Program Files\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28736 2016-03-16] (Hewlett-Packard Company)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2382832 2016-05-17] (IBM Corp.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-03] (AVAST Software)
R2 BrPar; C:\Windows\System32\drivers\BrPar64a.sys [30528 2006-11-06] (Brother Industries Ltd.)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
S3 catchme; no ImagePath
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-04-02] (Emsisoft GmbH)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-20] (REALiX(tm))
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R0 ntcdrdrv; C:\Windows\System32\DRIVERS\ntcdrdrv.sys [25680 2011-01-06] (NoteBurn Software)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [169992 2015-07-30] (Windows (R) Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
R1 RapportCerberus_1609040; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609040.sys [1157160 2016-05-20] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-17] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-17] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-17] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-17] (IBM Corp.)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 ptktuplk; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-28 10:37 - 2016-05-28 10:38 - 00026961 _____ C:\Users\My Computer\Downloads\FRST.txt
2016-05-28 10:37 - 2016-05-28 10:37 - 00000000 ____D C:\FRST
2016-05-28 10:35 - 2016-05-28 10:35 - 01706112 _____ (Malwarebytes) C:\Users\My Computer\Downloads\mbam-check-2.3.2.0.exe
2016-05-28 10:35 - 2016-05-28 10:35 - 00001588 _____ C:\Users\My Computer\Desktop\mbam-check-2.3.2.0.exe - Shortcut.lnk
2016-05-28 10:32 - 2016-05-28 10:37 - 00001478 _____ C:\Users\My Computer\Desktop\FRST64.exe - Shortcut.lnk
2016-05-28 10:32 - 2016-05-28 10:32 - 02383872 _____ (Farbar) C:\Users\My Computer\Downloads\FRST64.exe
2016-05-26 17:51 - 2016-05-26 17:51 - 06893688 _____ (Piriform Ltd) C:\Users\My Computer\Downloads\ccsetup518.exe
2016-05-26 09:45 - 2016-05-26 09:45 - 55915216 _____ (Microsoft Corporation) C:\Users\My Computer\Downloads\IE11-Windows6.1-x64-en-us.exe
2016-05-26 09:24 - 2016-05-26 09:24 - 00001878 _____ C:\Windows\system32\cc_20160526_092433.reg
2016-05-26 09:19 - 2016-05-26 09:19 - 00001647 _____ C:\Users\My Computer\Desktop\SmartDefrag.lnk
2016-05-26 09:08 - 2016-05-26 09:13 - 00000000 ____D C:\Users\My Computer\AppData\Local\Chromium
2016-05-26 09:07 - 2016-05-26 09:07 - 00003156 _____ C:\Windows\System32\Tasks\SmartDefrag_Update
2016-05-26 09:07 - 2016-05-26 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2016-05-26 08:55 - 2016-05-26 08:55 - 10067888 _____ (IObit ) C:\Users\My Computer\Downloads\sd5_setup.exe
2016-05-22 10:01 - 2016-05-22 10:01 - 00001254 _____ C:\Windows\system32\cc_20160522_100146.reg
2016-05-21 08:36 - 2016-04-11 19:23 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-21 08:36 - 2016-04-11 19:23 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-21 08:36 - 2016-04-11 19:20 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-21 08:36 - 2016-04-11 19:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-21 08:36 - 2016-04-11 19:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-21 08:36 - 2016-04-11 19:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-21 08:36 - 2016-04-11 19:01 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-21 08:36 - 2016-04-11 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-21 08:36 - 2016-04-11 18:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-21 08:36 - 2016-04-11 18:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-21 08:36 - 2016-04-11 18:43 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-21 08:36 - 2016-04-11 18:43 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-21 08:36 - 2016-04-11 18:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-21 08:36 - 2016-04-11 18:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-21 08:36 - 2016-04-11 18:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-21 08:36 - 2016-04-09 00:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-21 08:36 - 2016-04-09 00:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-05-21 08:36 - 2016-04-09 00:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-05-21 08:36 - 2016-04-09 00:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-05-21 08:36 - 2016-04-08 23:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-21 08:36 - 2016-04-08 23:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-05-21 08:34 - 2016-04-14 10:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-05-21 08:34 - 2016-04-14 10:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-05-21 08:34 - 2016-04-14 10:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-05-21 08:34 - 2016-04-14 10:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-05-21 08:34 - 2016-04-14 10:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-05-21 08:34 - 2016-04-14 10:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-05-21 08:34 - 2016-04-14 09:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-05-21 08:34 - 2016-04-14 09:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-05-21 08:34 - 2016-04-14 09:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-05-21 08:34 - 2016-04-14 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-05-21 08:34 - 2016-04-14 09:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-05-21 08:34 - 2016-04-14 09:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-05-20 14:14 - 2016-05-20 14:14 - 09201528 _____ (IObit ) C:\Users\My Computer\Downloads\smart-defrag-setup(1).exe
2016-05-20 13:06 - 2016-05-20 13:06 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-05-20 13:06 - 2016-05-20 13:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-05-20 12:19 - 2016-05-26 14:15 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-20 12:17 - 2016-05-03 13:11 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-05-17 09:01 - 2016-05-17 09:01 - 00812688 _____ C:\Users\My Computer\Downloads\youtube-downloader_setup_full235.exe
2016-05-17 08:51 - 2016-05-17 08:51 - 07852512 _____ (cyan soft ltd. ) C:\Users\My Computer\Downloads\freevideodownloader_tiny_4.4.1-setup_cnet.exe
2016-05-16 10:34 - 2016-05-16 10:34 - 18681728 _____ (Adobe Systems Inc.) C:\Users\My Computer\Downloads\AdobeAIRInstaller(1).exe
2016-05-14 18:29 - 2016-05-14 18:29 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2016-05-11 13:02 - 2016-04-23 11:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 13:02 - 2016-04-23 10:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 13:02 - 2016-04-22 23:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 13:02 - 2016-04-22 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 13:02 - 2016-04-22 23:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 13:02 - 2016-04-22 23:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 13:02 - 2016-04-22 23:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 13:02 - 2016-04-22 23:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 13:02 - 2016-04-22 23:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 13:02 - 2016-04-22 23:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 13:02 - 2016-04-22 23:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 13:02 - 2016-04-22 22:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 13:02 - 2016-04-22 22:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 13:02 - 2016-04-22 22:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 13:02 - 2016-04-22 22:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 13:02 - 2016-04-22 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 13:02 - 2016-04-22 22:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 13:02 - 2016-04-22 22:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 13:02 - 2016-04-22 22:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 13:02 - 2016-04-22 22:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 13:02 - 2016-04-22 22:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 13:02 - 2016-04-22 22:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 13:02 - 2016-04-22 22:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 13:02 - 2016-04-22 22:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 13:02 - 2016-04-22 22:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 13:02 - 2016-04-22 22:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 13:02 - 2016-04-22 22:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 13:02 - 2016-04-22 22:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 13:02 - 2016-04-22 22:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 13:02 - 2016-04-22 22:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 13:02 - 2016-04-22 22:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 13:02 - 2016-04-22 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 13:02 - 2016-04-22 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 13:02 - 2016-04-22 22:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 13:02 - 2016-04-22 22:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 13:02 - 2016-04-22 22:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 13:02 - 2016-04-22 22:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 13:02 - 2016-04-22 22:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 13:02 - 2016-04-22 22:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 13:02 - 2016-04-22 22:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 13:02 - 2016-04-22 22:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 13:02 - 2016-04-22 22:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 13:02 - 2016-04-22 22:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 13:02 - 2016-04-22 21:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 13:02 - 2016-04-22 21:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 13:02 - 2016-04-22 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 13:02 - 2016-04-22 21:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 13:02 - 2016-04-22 21:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 13:02 - 2016-04-22 21:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 13:02 - 2016-04-22 21:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 13:02 - 2016-04-22 21:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 13:02 - 2016-04-22 21:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 13:02 - 2016-04-22 21:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 13:02 - 2016-04-22 21:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 13:02 - 2016-04-22 21:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 13:02 - 2016-04-22 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 13:02 - 2016-04-22 21:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 13:02 - 2016-04-22 21:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 13:02 - 2016-04-22 21:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 13:02 - 2016-04-22 21:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 13:02 - 2016-04-22 21:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 13:02 - 2016-04-22 21:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 13:02 - 2016-04-22 21:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 13:02 - 2016-04-22 21:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 13:02 - 2016-04-22 21:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 13:02 - 2016-04-22 21:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 09:54 - 2016-04-14 07:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 09:54 - 2016-04-14 07:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 09:54 - 2016-04-09 01:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 09:54 - 2016-04-09 01:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 09:54 - 2016-04-09 00:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 09:54 - 2016-04-09 00:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 09:54 - 2016-04-09 00:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 09:54 - 2016-04-09 00:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 09:54 - 2016-04-09 00:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 09:54 - 2016-04-08 23:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 09:54 - 2016-04-06 09:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 09:50 - 2016-04-09 01:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 09:50 - 2016-04-09 01:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 09:50 - 2016-04-09 01:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 09:50 - 2016-04-09 00:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 09:50 - 2016-04-09 00:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 09:50 - 2016-04-09 00:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 09:50 - 2016-04-09 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 09:50 - 2016-04-09 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 09:50 - 2016-04-09 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 09:50 - 2016-04-09 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 09:50 - 2016-04-09 00:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 09:50 - 2016-04-09 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 09:50 - 2016-04-09 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 09:50 - 2016-04-08 23:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 09:50 - 2016-04-08 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 09:50 - 2016-04-08 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 09:50 - 2016-04-08 23:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 09:50 - 2016-04-08 23:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 09:50 - 2016-04-08 23:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 09:50 - 2016-04-08 23:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 09:50 - 2016-04-08 23:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 09:50 - 2016-04-08 23:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 09:50 - 2016-04-08 23:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 09:50 - 2016-04-08 23:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 09:50 - 2016-04-08 23:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 09:50 - 2016-04-08 23:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 09:50 - 2016-04-08 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 09:49 - 2016-04-08 22:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 09:49 - 2016-04-08 21:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-09 10:29 - 2016-05-22 11:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-09 10:29 - 2016-05-09 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-09 10:29 - 2016-05-09 10:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-09 10:29 - 2016-05-09 10:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-09 10:29 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-09 10:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-09 10:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-09 10:13 - 2016-05-09 10:13 - 00321848 _____ (Malwarebytes Corporation) C:\Users\My Computer\Downloads\mbam-clean-2.1.1.1001.exe
2016-05-08 19:39 - 2016-05-08 19:40 - 00231977 _____ C:\Users\My Computer\Downloads\MacbethorASimplePlan.pdf
2016-05-08 15:31 - 2016-05-08 15:31 - 02870984 _____ (ESET) C:\Users\My Computer\Downloads\esetsmartinstaller_enu.exe
2016-05-08 12:31 - 2016-05-08 12:31 - 02033927 _____ C:\Users\My Computer\Downloads\MalwarebytesAntiMalwareUserGuide.pdf
2016-05-05 14:07 - 2016-05-05 14:07 - 22851472 _____ (Malwarebytes ) C:\Users\My Computer\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-05 08:27 - 2016-05-05 11:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 16:52 - 2016-03-09 13:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-05-04 16:52 - 2016-03-09 13:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-05-04 16:52 - 2016-03-09 12:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-04 16:52 - 2016-03-09 12:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-05-04 16:52 - 2016-03-09 12:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-05-04 16:52 - 2016-03-09 12:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-04 10:30 - 2016-05-04 10:30 - 03615296 _____ C:\Users\My Computer\Downloads\adwcleaner_5.115.exe
2016-05-03 13:11 - 2016-05-03 13:11 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-05-02 09:17 - 2016-05-02 09:17 - 01443733 _____ C:\Users\My Computer\Documents\Templom-1.pdf
2016-05-02 09:11 - 2016-05-02 09:11 - 01443733 _____ C:\Users\My Computer\Documents\Templom-2.pdf
2016-05-01 12:10 - 2016-05-08 12:32 - 02033947 _____ C:\Users\My Computer\Documents\MalwarebytesAntiMalwareUserGuide.pdf
2016-04-30 10:19 - 2016-05-06 13:57 - 00000000 ____D C:\Users\My Computer\Documents\My Kindle Content
2016-04-30 10:18 - 2016-05-27 12:39 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-04-30 10:18 - 2016-05-27 12:39 - 00000000 ____D C:\Users\My Computer\AppData\Local\Amazon
2016-04-30 10:18 - 2016-04-30 10:18 - 45580176 _____ (Amazon.com) C:\Users\My Computer\Downloads\KindleForPC-installer-1.15.43061.exe
2016-04-29 16:53 - 2016-04-29 16:53 - 04166248 _____ (HP Development Company, L.P. ) C:\Users\My Computer\Downloads\sp73863.exe
2016-04-29 09:38 - 2016-04-29 09:39 - 00014825 _____ C:\Users\My Computer\Downloads\#HPExpertDay.ics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-10-25 01:52 - 2013-11-24 13:09 - 00553784 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2016-05-28 10:30 - 2009-07-13 22:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-28 10:30 - 2009-07-13 22:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-28 10:07 - 2013-08-08 17:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 16:30 - 2014-08-18 16:30 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{68637A05-A33F-4431-BFA0-DDB94AFB161E}
2016-05-27 12:52 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-05-27 12:47 - 2013-06-15 11:22 - 00000000 ____D C:\Users\My Computer\AppData\Local\Audible
2016-05-27 12:43 - 2014-09-21 10:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-27 12:43 - 2014-02-18 11:17 - 00000396 _____ C:\Windows\Brownie.ini
2016-05-27 12:42 - 2013-02-18 14:00 - 00000000 ____D C:\Temp
2016-05-27 12:41 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-27 12:38 - 2015-11-25 11:40 - 00002926 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_My_Computer
2016-05-26 17:46 - 2015-04-05 12:35 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-05-26 16:07 - 2009-07-13 23:13 - 00782330 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-26 09:19 - 2015-01-16 09:37 - 00000000 ____D C:\Users\My Computer\AppData\LocalLow\Adblock Plus for IE
2016-05-26 09:07 - 2015-11-27 16:55 - 00000000 ____D C:\ProgramData\ProductData
2016-05-26 09:07 - 2015-11-25 11:40 - 00000000 ____D C:\Program Files (x86)\IObit
2016-05-26 09:07 - 2012-11-16 13:00 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\IObit
2016-05-26 03:16 - 2015-08-09 16:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-26 03:16 - 2015-08-09 16:23 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-24 14:56 - 2015-11-27 13:46 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\Skype
2016-05-24 09:46 - 2013-05-28 07:52 - 00000000 ____D C:\Users\My Computer
2016-05-23 13:11 - 2014-09-22 12:28 - 00000000 ____D C:\Users\My Computer\AppData\Local\Citrix
2016-05-22 17:09 - 2014-09-22 12:28 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-05-22 14:50 - 2013-06-05 04:17 - 00000000 ____D C:\Users\My Computer\AppData\Local\ElevatedDiagnostics
2016-05-21 11:26 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-05-21 08:49 - 2015-11-27 13:46 - 00000000 ____D C:\ProgramData\Skype
2016-05-20 13:06 - 2015-06-19 11:24 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-20 13:04 - 2015-06-14 11:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-20 12:53 - 2015-09-29 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-05-20 11:41 - 2015-04-16 03:31 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-20 11:40 - 2014-05-04 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-05-20 11:39 - 2015-12-03 09:17 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-05-20 11:38 - 2016-04-23 14:17 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-05-20 11:38 - 2015-11-27 16:55 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\ProductData
2016-05-20 11:38 - 2014-04-06 14:38 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\IrfanView
2016-05-20 11:38 - 2013-06-05 06:15 - 00000000 ____D C:\Users\My Computer\AppData\Local\Microsoft Help
2016-05-20 11:38 - 2010-11-21 01:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-05-20 11:38 - 2009-11-30 16:18 - 00000000 ____D C:\Users\My Computer\Documents\OTR
2016-05-20 11:38 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-05-20 11:28 - 2013-06-07 13:52 - 00000000 ____D C:\ProgramData\Real
2016-05-17 22:23 - 2015-09-29 10:29 - 00470056 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-05-17 22:23 - 2015-09-29 10:29 - 00215560 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-05-15 09:38 - 2013-06-07 10:37 - 00000000 ____D C:\Users\My Computer\AppData\Local\CrashDumps
2016-05-14 18:31 - 2015-03-14 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-05-12 12:07 - 2013-08-08 17:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 12:07 - 2013-06-05 06:30 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 12:07 - 2013-06-05 06:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 16:45 - 2014-04-05 10:06 - 00000000 ____D C:\Users\My Computer\Documents\Audiobooks
2016-05-11 14:03 - 2009-07-13 22:45 - 00403944 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-11 14:00 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 13:27 - 2013-08-09 12:44 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 13:16 - 2015-05-13 16:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-11 13:12 - 2013-06-04 15:05 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-05 16:15 - 2015-04-05 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-05-05 16:15 - 2015-04-05 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-05-05 15:47 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-05-05 11:05 - 2013-06-05 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-05 10:44 - 2016-04-24 09:06 - 00000000 ____D C:\Users\My Computer\AppData\LocalLow\BitTorrent
2016-05-04 10:36 - 2015-11-29 16:35 - 00000000 ____D C:\AdwCleaner
2016-05-03 13:11 - 2014-04-27 09:22 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-05-03 13:11 - 2014-01-07 11:28 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-05-03 13:11 - 2014-01-07 11:08 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-05-03 13:11 - 2014-01-07 11:08 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-05-03 13:11 - 2014-01-07 11:08 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-05-03 13:11 - 2014-01-07 11:08 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-05-03 13:11 - 2014-01-07 11:08 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-05-03 13:11 - 2014-01-07 11:08 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-05-01 09:03 - 2009-12-02 16:43 - 00000000 ____D C:\Users\My Computer\Documents\Reflect

==================== Files in the root of some directories =======

2013-06-11 14:57 - 2016-04-24 16:44 - 0038912 _____ () C:\Users\My Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 16:07 - 2015-02-12 14:39 - 0007602 _____ () C:\Users\My Computer\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-28 08:02

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-05-2016
Ran by My Computer (2016-05-28 10:38:49)
Running from C:\Users\My Computer\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-05-28 13:52:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1731626085-4270488790-50613601-500 - Administrator - Disabled)
Guest (S-1-5-21-1731626085-4270488790-50613601-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1731626085-4270488790-50613601-1002 - Limited - Enabled)
My Computer (S-1-5-21-1731626085-4270488790-50613601-1000 - Administrator - Enabled) => C:\Users\My Computer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Any Video Converter 5.6.2 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2001616126.48.56.2821354 - Audible, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software)
Brother HL-2030 (HKLM-x32\...\{0B9BA70D-519F-43D0-8ACE-60521086AE33}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite MFC-685CW (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.4.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.4.0.3 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DS Clock (HKLM\...\DS Clock_is1) (Version: 2.6.2 - Duality Software)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FinePixViewer Ver.5.4 (HKLM-x32\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.4 - FUJIFILM Corporation)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP My Display (HKLM-x32\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.3.11.29 - HP)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.3.0.138 - IObit)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0  - Millennia Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Macrium Reflect Standard Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Standard Edition (Version: 5.3.7109 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Media Go (HKLM-x32\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.20.105.05220 (HKLM-x32\...\{77B3BF4C-1376-60BA-DBE7-932199ED6219}) (Version: 2.20.105.05220 - Sony)
Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Personal Ancestral File Companion 5.7 (HKLM-x32\...\{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}) (Version: 5.7 - Intellectual Reserve Inc.)
Pivot Software (x32 Version: 9.03.004 - Portrait Displays, Inc.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.12.0927.0 -  NewspaperDirect Inc.)
QuickTax 2009 (HKLM-x32\...\{ECB9C58E-C565-4683-9599-B72290BD3B25}) (Version: 1.00.0000 - Intuit Canada)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rapport (x32 Version: 3.5.1609.57 - Trusteer) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RootsMagic 7.0.11.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.11.0 - RootsMagic, Inc.)
Sansa Updater (HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
ScanSoft PaperPort 11 (HKLM-x32\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SDK (x32 Version: 2.40.012 - Portrait Displays, Inc.) Hidden
Secunia PSI (3.0.0.2004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.2004 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.0.2 - IObit)
Sony PC Companion 2.10.297 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.297 - Sony)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.57 - Trusteer)
TurboTax 2010 (HKLM-x32\...\{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2013 (HKLM-x32\...\{1E0FF98D-4AE4-46CC-B624-E771ABD5EA11}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2014 (HKLM-x32\...\{0B69B187-4F9F-41C2-B850-735D1A323571}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2015 (HKLM-x32\...\{2A42456E-B15D-492F-B99A-53C5ABD77EC0}) (Version: 1.00.0000 - Intuit Canada)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1806FDC1-EE06-4BCC-A640-60F48561C5ED} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1731626085-4270488790-50613601-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {1BE1F039-E4EF-415E-8D3E-27A6E5F5979F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {242D5193-954B-43A3-90C5-74F5251BA7E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard)
Task: {2A90EA1E-7EBF-490B-B048-2B7D5550BAC3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1731626085-4270488790-50613601-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {2B9A1C75-6768-4535-82C0-C7B3D676E647} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1731626085-4270488790-50613601-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {32E3A5CC-0BDB-46E0-89F5-2DEE139BC256} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {35CFA068-A88F-41B6-A174-B01E13813EE3} - System32\Tasks\Uninstaller_SkipUac_My_Computer => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-25] (IObit)
Task: {3C7AF4C0-AF41-4BB5-8E54-7FB3CE310680} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {48534DBF-684B-403A-92E1-023EAD6901D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
Task: {57731E54-F0F3-491C-9400-26CDC43936DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {609D3F88-723D-418C-81B9-590480A17515} - System32\Tasks\{EBDFD766-58E5-4116-98C3-F28E20953220} => pcalua.exe -a "C:\Users\My Computer\Downloads\ZHPFix(1).exe" -d "C:\Users\My Computer\Downloads"
Task: {63874E33-3019-4F78-95F9-C49A72E90723} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {65811E1B-EF72-4BB3-B0AA-C9705508C45F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {68F11121-2850-42FF-8BD2-522219D981EF} - System32\Tasks\{B5AB8AFE-378E-4F24-8562-5F40DB880423} => pcalua.exe -a "C:\Users\My Computer\AppData\Roaming\SanDisk\Sansa Updater\Downloads\Sansa Media Converter.EXE"
Task: {6ED6176E-E50F-480F-B19E-308E0764CEBE} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {99007609-346C-4284-B795-4F73A969FC44} - System32\Tasks\{E3966967-54AA-4726-8A83-DB811C133F16} => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {AA9DD6B9-BB49-4CA2-85CC-860292192B57} - System32\Tasks\{7B3987AE-4B04-4D24-9E16-047653840A0F} => pcalua.exe -a "C:\Users\My Computer\Downloads\irfanview_plugins_435_setup.exe" -d "C:\Users\My Computer\Downloads"
Task: {B0221077-5E45-4F8B-A5C3-8F2F7DE07930} - System32\Tasks\{AA1B0BD6-93B4-47E0-AF4C-6244BB5C66C8} => pcalua.exe -a C:\Windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\NeroStartSmart.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe -d "C:\Users\My Computer\Documents" -c "C:\Users\My Computer\Documents\Christmas 2012.nrg"
Task: {B640264E-118C-468C-99CE-38B3BC6FA89B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {B7B7B631-2AD5-46A0-A2F9-FEE8FA93D89F} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-03-23] (IObit)
Task: {B9452436-EB84-4C26-A156-02DB08DCE40F} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {C1C47FAB-76D4-4630-BD49-F2BC8F4D9049} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-03] (AVAST Software)
Task: {C3FEA758-48C7-43ED-9CF6-B72D41A3E26A} - System32\Tasks\{EC8C7B12-DC5F-4308-A243-A9E146292B0E} => pcalua.exe -a "C:\Program Files (x86)\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPFix"
Task: {C4CDA663-21D5-4015-878B-96BD78224568} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1731626085-4270488790-50613601-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {CF84E0D8-4FDC-429C-BEC9-9BA919AED35E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {EC06EB90-3A24-4FD9-BBB0-B14532FD964B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1731626085-4270488790-50613601-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {F1D410A6-8DBC-4B16-B35B-469CC39A39E1} - System32\Tasks\{1EDA2AAA-A7E4-43EA-B2C8-97CEDDC37289} => pcalua.exe -a "C:\Users\My Computer\Downloads\iview437_setup.exe" -d "C:\Users\My Computer\Downloads"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-03 13:11 - 2016-05-03 13:11 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-05-03 13:11 - 2016-05-03 13:11 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-27 12:28 - 2016-05-27 12:28 - 02982040 _____ () C:\Program Files\AVAST Software\Avast\defs\16052701\algo.dll
2016-05-03 13:11 - 2016-05-03 13:11 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-05-03 13:11 - 2016-05-03 13:11 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-28 07:42 - 2016-05-28 07:42 - 02982040 _____ () C:\Program Files\AVAST Software\Avast\defs\16052800\algo.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-10-31 09:05 - 2013-10-31 09:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-12-16 17:37 - 2015-12-16 17:37 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE trusted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\newspaperdirect.com -> hxxps://secure.newspaperdirect.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12719 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-02-22 15:42 - 00450693 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    localhost127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15462 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1731626085-4270488790-50613601-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BingDesktop =>
MSCONFIG\startupreg: BingSvc => C:\Users\My Computer\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: BrMfcWnd => c:\program files (x86)\brother\brmfcmon\brmfcwnd.exe /autorun
MSCONFIG\startupreg: ControlCenter3 => c:\program files (x86)\brother\controlcenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: DT HPC => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => c:\program files (x86)\logitech\lws\webcam software\lws.exe -hide
MSCONFIG\startupreg: PaperPort PTD => c:\program files (x86)\scansoft\paperport\pptd40nt.exe
MSCONFIG\startupreg: PivotSoftware => "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
MSCONFIG\startupreg: qwupdate =>
MSCONFIG\startupreg: SansaDispatch => c:\users\my computer\appdata\roaming\sandisk\sansa updater\sansadispatch.exe
MSCONFIG\startupreg: SkyDrive =>
MSCONFIG\startupreg: Skype.exe => c:\program files (x86)\skype\phone\skype.exe
MSCONFIG\startupreg: SSBkgdUpdate => "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe" -embedding -boot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{11E2C987-E0BC-49C9-B309-14BD0A7C62EB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A66E2ABD-6366-42FB-91D8-B083F27F713C}] => (Allow) LPort=2869
FirewallRules: [{52293A83-9AB5-471A-80F6-BDA226B64C3C}] => (Allow) LPort=1900
FirewallRules: [{4B93D343-1647-4512-9F49-40BEE76A552C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C4C52A85-9EBD-4223-9B22-768AC5F02C4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{864FA479-803D-4D9D-A158-1832A0EAB72B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{043D5D7D-A10E-44D4-887C-8E323ED84FF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A8B6F7B-BD3D-431A-AA2F-236E5319EA90}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{88586E6B-92DF-47C4-9D3C-343829B1BFA2}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [UDP Query User{E4C97E88-E8CB-437A-B0A2-8793E830ED0C}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [{732E05E1-7501-4AFB-85AF-4D9D566865CB}] => (Block) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [{8A679615-550F-4F29-A614-4202440D8B62}] => (Block) C:\program files (x86)\sony\media go\mediago.exe

==================== Restore Points =========================

04-05-2016 16:52:17 Windows Update
05-05-2016 11:58:43 BitTorrent restore point
05-05-2016 14:10:25 Malwarebytes Anti-Malware version 2.2.1.1043 restore point
06-05-2016 12:43:31 Windows Update
08-05-2016 14:51:24 Malwarebytes Anti-Malware version 2.2.1.1043 restore point
10-05-2016 07:52:12 Windows Update
11-05-2016 12:44:42 Installed Rapport
11-05-2016 13:03:50 Windows Update
11-05-2016 14:19:42 Windows Update
17-05-2016 07:51:23 Windows Update
17-05-2016 16:08:01 Installed Rapport
19-05-2016 17:10:17 Trusteer Endpoint Protection restore point
19-05-2016 17:54:51 Trusteer Endpoint Protection restore point
19-05-2016 17:55:22 Removed Rapport
20-05-2016 10:36:41 Windows Update
20-05-2016 11:25:14 Restore Operation
20-05-2016 12:50:16 Installed Rapport
21-05-2016 08:09:50 Windows Update
21-05-2016 08:36:29 Windows Update
23-05-2016 13:09:37 GoToAssist Corporate restore point
23-05-2016 13:10:54 Citrix Online Launcher restore point
24-05-2016 09:07:20 Windows Update
26-05-2016 03:00:19 Windows Update
26-05-2016 09:10:45 ByteFence Anti-Malware restore point
26-05-2016 09:12:43 Chromium restore point

==================== Faulty Device Manager Devices =============

Name: NoteBurn Virtual_CD-RW SCSI CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VBoxAsw Support Driver
Description: VBoxAsw Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VBoxAswDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2016 12:42:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2016 03:34:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2016 10:53:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1464

Start Time: 01d1b76f17da7d8a

Termination Time: 16

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/26/2016 09:37:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1610

Start Time: 01d1b76414f30066

Termination Time: 16

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/26/2016 09:34:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1290

Start Time: 01d1b763e7ef9ad8

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/26/2016 08:56:48 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (05/26/2016 08:51:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/24/2016 12:43:01 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/05/24 12:43:01.961]: [00003704]: Initialize TwdsMain Class failed!

Error: (05/24/2016 12:43:01 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/05/24 12:43:01.961]: [00003704]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (05/24/2016 12:43:01 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2016/05/24 12:43:01.960]: [00003704]: GetDeviceList Failed! pStiInfo = 0x0..


System errors:
=============
Error: (05/28/2016 08:02:41 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a44\SystemRoot\System32\Config\RegBack\SOFTWARE

Error: (05/27/2016 12:42:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (05/27/2016 12:42:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%1053

Error: (05/27/2016 12:42:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.

Error: (05/27/2016 12:41:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%1053

Error: (05/27/2016 12:41:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.

Error: (05/26/2016 03:37:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (05/26/2016 03:37:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (05/26/2016 03:34:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error:
%%3

Error: (05/26/2016 03:33:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%1053


CodeIntegrity:
===================================
  Date: 2015-09-08 14:21:57.661
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-08 14:21:57.604
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-08 14:21:57.545
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-08 14:21:57.487
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-08 14:21:57.427
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-08 14:21:57.370
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-08 14:21:57.310
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-08 14:21:57.256
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 16:49:33.707
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 16:49:33.617
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 46%
Total physical RAM: 6063.3 MB
Available physical RAM: 3217.54 MB
Total Virtual: 12124.79 MB
Available Virtual: 9361.06 MB

==================== Drives ================================

Drive c: (HP Compaq dc5800) (Fixed) (Total:465.66 GB) (Free:288.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A2101D38)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

CheckResults.txt

mbam-check result log version:     2.3.2.0
========================================

User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System
Current Version and Build:         6.1.7601
Malwarebytes Anti-Malware:         2.2.1.1043
Installed On:                      2016/05/09
Malware Database:                  2016.05.22.04
Rootkit Database:                  2016.05.20.01
Remediation Database:              2016.05.20.01
IP Database:                       2016.05.20.02
Domain Database:                   2016.05.22.03
License:                           Free
Malware Protection:                0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/05/28 11:11:09

User Information for Local System:
===========================================
User Account: Administrator
    Account Level: Admin
User Account: Guest
    Account Level: Guest
User Account: HomeGroupUser$
    Account Level: Guest
User Account: My Computer
    Account Level: Admin
Total # of user entries: 4

UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    DWORD    1    Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    DWORD    2    Status: ON
    DWORD    3    Status: ON
    DWORD    4    Status: ON
    DWORD    5    Status: ON

AntiVirus Information:
===================
AntiVirus Software Installed:    "avast! Antivirus"

FireWall Information:
===================
NO 3rd Party Firewall Software Installed

AntiSpyware Information:
===================
AntiSpyware Software Installed:    "Windows Defender"
AntiSpyware Software Installed:    "avast! Antivirus"

Machine Information
===============================================
Machine ID:    ffb598f91e5b18c6ac9b904495280d598ef59d88
Installation Token:    9aHsob-uYh7EFw6_juHU
System has been up for:     22.5069 Hours
Current Date:    2016-May-28 17:11:12.560537
Date Booted:    2016-May-27 19:11:12.560537

Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    true
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware

Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\Users\My Computer\AppData\Roaming\SanDisk\Sansa Updater\Downloads\Sansa Media Converter.EXEREG_SZ        WINXPSP2
    C:\Program Files (x86)\ZHPFix\ZHPhep.exeREG_SZ        VISTARTM
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\Program Files (x86)\Memorex exPressit Label Design Studio\STCD\stcd.exeREG_SZ        ELEVATECREATEPROCESS


Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 27008     BYTES    FileVersion: 0.1.16.0    MD5: [78bff5425e044086e74e78650a359fbb]
C:\Windows\system32\drivers\mwac.sys
File Size: 64896     BYTES    FileVersion: 1.0.6.0    MD5: [452acb7a9914398d9e18cccffcf92208]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size: 192216    BYTES    FileVersion: 0.3.0.4    MD5: [78488af2ab2111d67b3c4044707a519b]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 140672    BYTES    FileVersion: 1.1.22.0    MD5: [1239597bab7eed2bb16d035af87e65d9]

--------------MBAMProtector:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMService:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
    Group                         REG_SZ        NetworkProvider
    ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
    ObjectName                    REG_SZ        NT AUTHORITY\LocalService
    ErrorControl                  REG_DWORD        1
    Start                         REG_DWORD        2
    Type                          REG_DWORD        32
    DependOnService               REG_MULTI_SZ    RpcSs

    ServiceSidType                REG_DWORD        3
    RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

    FailureActions                REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll
    ServiceDllUnloadOnStop        REG_DWORD        1
    ServiceMain                   REG_SZ        BfeServiceMain

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded              REG_DWORD        1
    DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    Group                         REG_SZ        FSFilter Infrastructure
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
    ErrorControl                  REG_DWORD        3
    Start                         REG_DWORD        0
    Tag                           REG_DWORD        1
    Type                          REG_DWORD        2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
    0                             REG_SZ        Root\LEGACY_FLTMGR\0000
    Count                         REG_DWORD        1
    NextInstance                  REG_DWORD        1


C:\Windows\system32\drivers\fltmgr.sys
File Size: 289664    BYTES    FileVersion: 6.1.7601.17514    MD5: [da6b67270fd9db3697b20fce94950741]
C:\Windows\SysWOW64\comctl32.ocx
File Size: 608448    BYTES    FileVersion: 6.0.81.5    MD5: [eb5f811c1f78005b3c147599a0cccf51]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1070232   BYTES    FileVersion: 6.1.98.46    MD5: [273676426739b02a45a0fc9349500b65]
C:\Windows\SysWOW64\olepro32.dll
File Size: 90112     BYTES    FileVersion: 6.1.7601.17514    MD5: [703ffd301ab900b047337c5d40fd6f96]


MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    LimitedMode:                                               false
    StartSilentMode:                                           false
    StartupDelay:                                              -15
ApplicationState:
    First-Run-After-Installation:                              false
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          true
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Marketing:
    LastPostScanMarketingIndex:                                0
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       3000
ScanHistory:
    Duration_Complete:                                         1822010
    Duration_Driver:                                           16125
    Duration_Filesystem:                                       425
    Duration_Heuristics:                                       1685901
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 56
    Duration_Memory:                                           40000
    Duration_PreScan:                                          38045
    Duration_Registry:                                         25527
    Duration_Sector:                                           0
    Duration_Startup:                                          31015
    ItemCount_Complete:                                        247366
    ItemCount_Driver:                                          364
    ItemCount_Filesystem:                                      49625
    ItemCount_Heuristics:                                      21864
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                2
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         38000
    ItemCount_Registry:                                        637
    ItemCount_Sector:                                          0
    ItemCount_Startup:                                         1256
    LastRemovalRequiredDOR:                                    false
    LastScanDateEpoch:                                         1463939685881
    LastScanType:                                              1 (Threat Scan)
Update:
    LastUpdate:                                                2016-05-22T17:54:44
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    7
    ProxyPassword:                                              
    ProxyPort:                                                 0
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
    CheckProgramUpdates:                          true
--------------Account:--------------
  Account Status:                                              Free
  Expiration Time:                                             2016/05/22 21:00:33
  Activation Time:                                              
  Trial Used:                                                  true
--------------Access Policies:--------------

Scheduler Queue:
================


Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

MBAMProtector Registry Values:
==============================

 

MBAMService Registry Values:
============================

 

MBAMScheduler Registry Values:
==============================

 

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    ProxyOverride    REG_SZ        *.local;192.168.*.*

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM
        PM
        :

Currently:
REG_SZ        h:mm:ss tt
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP:     Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
    (Default):                    REG_SZ        {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
    (Default):                    REG_SZ        IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
    (Default):                    REG_SZ        {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
    Version                       REG_SZ        1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    (Default):                    REG_SZ        MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
    ThreadingModel                REG_SZ        Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
    (Default):                    REG_SZ        {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
    (Default):                    REG_SZ        MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
    (Default):                    REG_SZ        MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
    (Default):                    REG_SZ        0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
    (Default):                    REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware


List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                      File Size: 922080    BYTES    FileVersion:  9.20.0.0       MD5: [14079a2411fa2bb7f78bc100c92bbcc2]
changes.txt                                 File Size: 1596      BYTES    FileVersion:  N/A            MD5: [09371a0c8bd9e9554571da257d554d3e]
cloud-enumeration.dll                       File Size: 287200    BYTES    FileVersion:  1.0.1.0        MD5: [84ac20b9327dbd4d94039be93384dad5]
cloud.dll                                   File Size: 352736    BYTES    FileVersion:  1.0.1.0        MD5: [5659790448fb136a80be407c4a0dbb50]
license.rtf                                 File Size: 38870     BYTES    FileVersion:  N/A            MD5: [ed36ea764c3a452334416713c8cf1eed]
master.conf                                 File Size: 1258      BYTES    FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                    File Size: 609760    BYTES    FileVersion:  1.0.40.0       MD5: [c4a51c1cb174066fdaf383c09f0d574b]
mbam.exe                                    File Size: 9926112   BYTES    FileVersion:  2.3.173.0      MD5: [8e98e3ec16d2641005b4748cd330fb45]
mbamcore.dll                                File Size: 2127840   BYTES    FileVersion:  1.3.24.0       MD5: [63ce66ef2b30a09308eafe29baec6a75]
mbamdor.exe                                 File Size: 55264     BYTES    FileVersion:  1.0.2.0        MD5: [297c1bdcc26adb339d4c0f0550e434d6]
mbamext.dll                                 File Size: 431072    BYTES    FileVersion:  3.1.1.0        MD5: [67a6ec1735c77c2623b49cc1f284c8a0]
mbampt.exe                                  File Size: 40928     BYTES    FileVersion:  1.0.57.0       MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b]
mbamresearch.exe                            File Size: 1949152   BYTES    FileVersion:  1.1.1.0        MD5: [e601f9ca6a72493bc8185bedda17eee8]
mbamscheduler.exe                           File Size: 1514464   BYTES    FileVersion:  3.1.7.0        MD5: [9611577752e293259c7dce19e9026362]
mbamservice.exe                             File Size: 1136608   BYTES    FileVersion:  3.2.21.0       MD5: [f1a89a34388b5626f1548d393b23ecb1]
mbamsrv.dll                                 File Size: 3863008   BYTES    FileVersion:  2.1.10.0       MD5: [a33629c51295570fe9f252a39ddcea93]
msvcp100.dll                                File Size: 422880    BYTES    FileVersion:  10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c]
msvcr100.dll                                File Size: 775648    BYTES    FileVersion:  10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c]
Qt5Core.dll                                 File Size: 4646880   BYTES    FileVersion:  5.4.1.0        MD5: [91c7c50b2a290b82604163b5a679ea24]
Qt5Gui.dll                                  File Size: 4640224   BYTES    FileVersion:  5.4.1.0        MD5: [1d59b3e632aef8e24cc1707fd411113b]
Qt5Network.dll                              File Size: 673248    BYTES    FileVersion:  5.4.1.0        MD5: [e089635a8cbed229ec30cdbe29748c08]
Qt5Widgets.dll                              File Size: 4474848   BYTES    FileVersion:  5.4.1.0        MD5: [33881dda0ccc3898facadf1e4d1df237]
unins000.dat                                File Size: 37327     BYTES    FileVersion:  N/A            MD5: [ab11ef5f49597b01e3780a168c769ca3]
unins000.exe                                File Size: 720085    BYTES    FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                               File Size: 235882    BYTES    FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.pif                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.scr                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
iexplore.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.com                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.exe                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.pif                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.scr                          File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-killer.exe                             File Size: 1504736   BYTES    FileVersion:  3.0.15.0       MD5: [b79d3c2fca170c4dd15d7316067a1fd3]
rundll32.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
svchost.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
windows.exe                                 File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
winlogon.exe                                File Size: 960480    BYTES    FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                    File Size: 29664     BYTES    FileVersion:  5.4.1.0        MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d]
qico.dll                                    File Size: 29664     BYTES    FileVersion:  5.4.1.0        MD5: [7b36d94db81b8b0dfd9323228dd96b51]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                                  File Size: 87404     BYTES    FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                                  File Size: 133911    BYTES    FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                                  File Size: 92634     BYTES    FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                                  File Size: 105193    BYTES    FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                                  File Size: 88039     BYTES    FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                                  File Size: 139276    BYTES    FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                                  File Size: 126897    BYTES    FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                                  File Size: 3081      BYTES    FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                                  File Size: 138468    BYTES    FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                                  File Size: 107794    BYTES    FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                                  File Size: 130793    BYTES    FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                                  File Size: 141996    BYTES    FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                                  File Size: 98928     BYTES    FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                                  File Size: 132359    BYTES    FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                                  File Size: 134154    BYTES    FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                                  File Size: 73762     BYTES    FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                                  File Size: 85731     BYTES    FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                                  File Size: 90799     BYTES    FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                                  File Size: 90659     BYTES    FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                                  File Size: 133514    BYTES    FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                                  File Size: 129833    BYTES    FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                                  File Size: 133827    BYTES    FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                               File Size: 136918    BYTES    FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                               File Size: 136982    BYTES    FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                                  File Size: 90458     BYTES    FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                                  File Size: 137874    BYTES    FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                                  File Size: 131080    BYTES    FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                                  File Size: 107631    BYTES    FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm                                  File Size: 88838     BYTES    FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                                  File Size: 133386    BYTES    FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                               File Size: 87797     BYTES    FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
qwindows.dll                                File Size: 929760    BYTES    FileVersion:  5.4.1.0        MD5: [6c54d2ebeaacbe9b56816536041c8281]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                               File Size: 823776    BYTES    FileVersion:  1.4.0.1001     MD5: [bbfc25590af3e45d8cca1fab95648b40]

C:\Users\My Computer\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                                 File Size: 8078      BYTES    FileVersion:  N/A            MD5: [078c21d710bb752cb565ff1d9ac04888]
akadomains.ref                              File Size: 92        BYTES    FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                                  File Size: 92        BYTES    FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref                                 File Size: 585241    BYTES    FileVersion:  N/A            MD5: [fe34d6c43f00b570bfc4602e9a1751ad]
exclusions.dat                              File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                     File Size: 226283    BYTES    FileVersion:  N/A            MD5: [62351fa6bd5515c810697dcd6a895304]
rules.ref                                   File Size: 9230910   BYTES    FileVersion:  N/A            MD5: [0279f623e58bff76c5f3bc228da45685]
swissarmy.ref                               File Size: 28238     BYTES    FileVersion:  N/A            MD5: [1501a8185b99ba62f24e1758412f7026]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                                  File Size: 4602      BYTES    FileVersion:  N/A            MD5: [d4ed6127f01278b184127b6efbd3a2d6]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 1525      BYTES    FileVersion:  N/A            MD5: [6e9c2dd4e12ec7e609bb3327cf5f4f6a]
manifest.conf                               File Size: 3403      BYTES    FileVersion:  N/A            MD5: [ef0c13614667fe520f0d96e37cf12ad6]
marketing.conf                              File Size: 6974      BYTES    FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                    File Size: 7342      BYTES    FileVersion:  N/A            MD5: [3f0416b549a41aed458dd181d12c89a2]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 2103      BYTES    FileVersion:  N/A            MD5: [c1ef4a8090bc12f72139e8b137ef2b67]
statistics.conf                             File Size: 513       BYTES    FileVersion:  N/A            MD5: [687f8f6db78a2f77d6d9ca7222b31c81]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                                  File Size: 4179      BYTES    FileVersion:  N/A            MD5: [20d9566b3cf94f1e395de8f40046fc68]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 23        BYTES    FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                               File Size: 3171      BYTES    FileVersion:  N/A            MD5: [a6e5576f7723acab40490fb9e64dfc1c]
marketing.conf                              File Size: 6974      BYTES    FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                    File Size: 6530      BYTES    FileVersion:  N/A            MD5: [9fb4acfdc11c7af48a760db4c7bfebf0]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 1724      BYTES    FileVersion:  N/A            MD5: [e27b42126b89352fdaae8f1630b9a8d8]
statistics.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2016-05-10 (15-14-41).xml          File Size: 2626      BYTES    FileVersion:  N/A            MD5: [04a33ab474f5a4bf4f9a3c8b94316a1a]
mbam-log-2016-05-11 (09-26-57).xml          File Size: 2624      BYTES    FileVersion:  N/A            MD5: [3fe1a15ef4dedf5349dad41ad74ce7a6]
mbam-log-2016-05-11 (11-11-46).xml          File Size: 2624      BYTES    FileVersion:  N/A            MD5: [f48d40f7641fbc20c2bd87dcca41c1a4]
mbam-log-2016-05-15 (09-40-47).xml          File Size: 2624      BYTES    FileVersion:  N/A            MD5: [60bab08f641fbd2e851c1094443eb7cc]
mbam-log-2016-05-17 (16-40-43).xml          File Size: 2624      BYTES    FileVersion:  N/A            MD5: [9b905b39c07d8b1a08b7ddbd9b70cd42]
mbam-log-2016-05-22 (11-54-39).xml          File Size: 2624      BYTES    FileVersion:  N/A            MD5: [635770982863744bc8c300fd3b2dd0c0]
protection-log-2016-05-09.xml               File Size: 1599      BYTES    FileVersion:  N/A            MD5: [6c2db6cfc684226382673cc6bbba6b49]
protection-log-2016-05-10.xml               File Size: 1356      BYTES    FileVersion:  N/A            MD5: [ca44ac9b1f57cfda026e613fb69bb1d4]
protection-log-2016-05-11.xml               File Size: 2348      BYTES    FileVersion:  N/A            MD5: [9b0efbe570fac272ab5cd86b46ae96f2]
protection-log-2016-05-15.xml               File Size: 1981      BYTES    FileVersion:  N/A            MD5: [4a2f4ae0d9e59816e00bda9312ceee13]
protection-log-2016-05-17.xml               File Size: 2919      BYTES    FileVersion:  N/A            MD5: [5dfe82310baea8ded79c113a0367ee5e]
protection-log-2016-05-22.xml               File Size: 2851      BYTES    FileVersion:  N/A            MD5: [0e8e46e97bc78ce6cc128091091643a2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE

Thank you

Link to post
Share on other sites

Hi:

Thanks for the logs.

I've escalated your topic to a forum staff member for review -- there are events/errors and other items in the logs for which he will be able to better advise you.

While you wait for his reply, I notice that you have IObit software on your system.  While likely NOT a direct contributor to your issue with MBAM, here is some reading about that company:

It's up to you whether or not to keep their software.  But we would be happy to assist you with removing it, if you wish.

The company behind this product was found to be stealing the MBAM database.
Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.
Please see the following links and make up your own mind if you want to keep this on your system.

 

As it is the long holiday weekend in the US, please be patient waiting for further assistance.  Someone will help you as soon as possible.

Thank you,

Edited by daledoc1
forum editor hiccup
Link to post
Share on other sites

  • Root Admin

Don't see anything nasty in the logs. Some basic general cleanup would probably help.

iObit has set itself in there as part of the search engine. Even if you keep iObit I'd personally remove all their connections from search. Uninstall Java temporarily.
Run a full disk check on the drive. Open an elevated admin command prompt by doing the following.

Click on the Start menu and type in CMD.EXE and when it shows on the Start menu right click over it and choose "Run as administrator" then type the following.

CHKDSK   C:   /R

It will say it cannot lock the drive. Press the Y key and the Enter key and then restart the computer and let it run. Depending on the speed of your computer and size of the drive it can take 10 minutes to many hours to complete the disk check. After the computer restarts back into Windows then run the following.

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then run this

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.


Next, read the following about your use of MSCONFIG

Please read the following article concerning the use of MSCONFIG
Msconfig Is Not A Startup Manager


Once all of that is done then run MBAM again and try to do a new scan and let us know how it goes.

Thanks

Ron

Edited by AdvancedSetup
Link to post
Share on other sites

Hi,

" iObit has set itself in there as part of the search engine. Even if you keep iObit I'd personally remove all their connections from search."

1. How do you remove it's connectios to search? My browsers' interfaces nowhere show any pontential search with Iobit.

2. CCleaner is not sufficient for temp. files clean?

Thanks

barsim

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.