1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] Been told I have worm infection with Koobface. Has hijacked my yahoo email and Google.

Discussion in 'Malware Removal Help' started by Gerry7371, Oct 23, 2015.

  1. Gerry7371

    Gerry7371 Registered Members

    Joined:
    Oct 22, 2015
    Messages:
    41
    Operating System:
    Windows 7
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/23/2015
    Scan Time: 2:29 AM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.10.23.01
    Rootkit Database: v2015.10.16.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Home

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 538641
    Time Elapsed: 16 min, 49 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    # AdwCleaner v5.014 - Logfile created 23/10/2015 at 10:07:05
    # Updated 18/10/2015 by Xplode
    # Database : 2015-10-18.5 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : Home - HOME-PC
    # Running from : C:\Users\Home\Downloads\AdwCleaner.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****

    [-] Service Deleted : swdumon

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
    [-] Folder Deleted : C:\Program Files (x86)\Conduit
    [-] Folder Deleted : C:\Program Files (x86)\77zip
    [-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
    [-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    [-] Folder Deleted : C:\ProgramData\Conduit
    [-] Folder Deleted : C:\Users\Home\AppData\Local\Conduit
    [-] Folder Deleted : C:\Users\Home\AppData\Local\FileTypeAssistant
    [-] Folder Deleted : C:\Users\Home\AppData\Local\Ilivid Player
    [-] Folder Deleted : C:\Users\Home\AppData\Local\NativeMessaging
    [-] Folder Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
    [-] Folder Deleted : C:\Users\Home\AppData\LocalLow\iac
    [-] Folder Deleted : C:\Users\Home\AppData\LocalLow\Yahoo!\Companion
    [-] Folder Deleted : C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    [-] Folder Deleted : C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\77zip
    [-] Folder Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\Smartbar
    [-] Folder Deleted : C:\Users\Lisa\AppData\LocalLow\AVG Secure Search
    [-] Folder Deleted : C:\Users\Lisa\AppData\LocalLow\Conduit
    [-] Folder Deleted : C:\Users\Lisa\AppData\LocalLow\wiseconvert
    [-] Folder Deleted : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
    [-] Folder Deleted : C:\Users\Lynne\AppData\LocalLow\AVG SafeGuard toolbar
    [-] Folder Deleted : C:\Users\Lynne\AppData\LocalLow\AVG Secure Search
    [-] Folder Deleted : C:\Users\Lynne\AppData\LocalLow\wiseconvert
    [-] Folder Deleted : C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\tlmc1432.default\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
    [-] Folder Deleted : C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    [-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant

    ***** [ Files ] *****

    [-] File Deleted : C:\END
    [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
    [-] File Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage
    [-] File Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage-journal
    [-] File Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bakijjialdiiboeaknfpmflphhmljfkd
    [-] File Deleted : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ieakfmpjhljbpbfpldjkddkjmmgjmgon_0.localstorage
    [-] File Deleted : C:\Users\Home\Desktop\77zip.lnk
    [-] File Deleted : C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\tlmc1432.default\user.js
    [-] File Deleted : C:\Windows\SysNative\drivers\swdumon.sys

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : Browser Manager

    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    [-] Key Deleted : HKCU\Software\5de8dd1bd3bec17
    [-] Key Deleted : HKLM\SOFTWARE\5de8dd1bd3bec17
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1
    [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\edmgmpmklgfbohogafcfobonnkogchec
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    [-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
    [-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
    [-] Key Deleted : HKU\.DEFAULT\Software\BrowserMngr
    [-] Key Deleted : HKCU\Software\BABSOLUTION
    [-] Key Deleted : HKCU\Software\Bitberry
    [-] Key Deleted : HKCU\Software\BrowserMngr
    [-] Key Deleted : HKCU\Software\Conduit
    [-] Key Deleted : HKCU\Software\FileTypeAssistant
    [-] Key Deleted : HKCU\Software\ilivid
    [-] Key Deleted : HKCU\Software\usyndication.com
    [-] Key Deleted : HKCU\Software\USyndication
    [-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
    [-] Key Deleted : HKLM\SOFTWARE\Babylon
    [-] Key Deleted : HKLM\SOFTWARE\BrowserMngr
    [-] Key Deleted : HKLM\SOFTWARE\Conduit
    [-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
    [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\77zip
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
    [!] Key Not Deleted : [x64] HKCU\Software\BABSOLUTION
    [!] Key Not Deleted : [x64] HKCU\Software\Bitberry
    [!] Key Not Deleted : [x64] HKCU\Software\BrowserMngr
    [!] Key Not Deleted : [x64] HKCU\Software\Conduit
    [!] Key Not Deleted : [x64] HKCU\Software\FileTypeAssistant
    [!] Key Not Deleted : [x64] HKCU\Software\ilivid
    [!] Key Not Deleted : [x64] HKCU\Software\usyndication.com
    [!] Key Not Deleted : [x64] HKCU\Software\USyndication
    [!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc
    [!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion
    [!] Key Not Deleted : [x64] HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect
    [!] Key Not Deleted : HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\AppDataLow\Software\Conduit
    [!] Key Not Deleted : HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5A64367A-E4DF-4510-AC7F-331E454720E5}
    [!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5A64367A-E4DF-4510-AC7F-331E454720E5}
    [!] Key Not Deleted : HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5A64367A-E4DF-4510-AC7F-331E454720E5}

    ***** [ Web browsers ] *****

    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.1000082.isPlayDisplay", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.CT3279414ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzY2ODclMjIlMkMlMjJ0aXRsZSUyMiUzQSUyMiV1MjVCQ0NoZWNrJTIwWW91ciUyMCUyOFBDJTI5JTIwRXJyb3JzJXUyNUJDJTIyJTJDJTIyYW[...]
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.CT3279414current_term.enc", "");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.CT3279414sdate.enc", "Mjg=");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.FF19Solved", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.FirstTime", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.FirstTimeFF3", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.UserID", "UN15169733465949172");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.addressBarTakeOverEnabledInHidden", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.appOptions", "{}");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.bDay_InstallDate.enc", "MjgtMTE=");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.bDay_InstallFromToolbar.enc", "eWVz");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.browser.search.defaultthis.engineName", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.countryCode", "US");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.defaultSearch", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.enableAlerts", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.enableSearchFromAddressBar", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.firstTimeDialogOpened", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.fixPageNotFoundError", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.fixPageNotFoundErrorByUser", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.fixPageNotFoundErrorInHidden", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.fullUserID", "UN15169733465949172.IN.20131204194828");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.installDate", "04/12/2013 19:48:34");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.installId", "cid3867");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.installSessionId", "{66D78986-A48B-4C92-92E6-8BDE3401C7C9}");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.installSp", "TRUE");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.installType", "conduitnsisintegration");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.installUsage", "2013-12-29T00:05:40.9578692+03:00");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.installUsageEarly", "2013-12-29T00:05:39.2859621+03:00");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.installerVersion", "1.8.1.4");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.isCheckedStartAsHidden", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.isFirstTimeToolbarLoading", "false");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.keyword", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.lastVersion", "10.23.0.822");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.openThankYouPage", "false");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.openUninstallPage", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.originalHomepage", "hxxp://mysearch.avg.com?cid={1158002B-FEFF-412A-89ED-E45185FF294B}&mid=56117b703cda47d39ce9d16c57836880-f6e92598e882dcb25b70b6e638896bc4f7fce2cb&lang=en&ds=co0[...]
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.originalSearchAddressUrl", "");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.originalSearchEngine", "AVG Secure Search");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.originalSearchEngineName", "AVG Secure Search");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.revertSettingsEnabled", "false");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.search.searchAppId", "130028910589345878");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.search.searchCount", "0");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.searchFromAddressBarEnabledByUser", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.searchInNewTabEnabledByUser", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.searchInNewTabEnabledInHidden", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.searchRevert", "false");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.searchSuggestEnabledByUser", "false");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.searchUninstallUserMode", "2");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.searchUserMode", "2");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.sendUsageEnabled", "false");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_Configuration_lastUpdate", "1388264732611");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1388264734382");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_appsMetadata_lastUpdate", "1388264734403");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1388264734489");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1388264732622");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1388264734927");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_login_10.22.5.10_lastUpdate", "1388264735298");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_login_10.23.0.822_lastUpdate", "1388264921806");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1388264734931");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_searchAPI_lastUpdate", "1388264732398");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_serviceMap_lastUpdate", "1388264731923");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_toolbarContextMenu_lastUpdate", "1388264734686");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_toolbarSettings_lastUpdate", "1388264732671");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.serviceLayer_services_translation_lastUpdate", "1388264734350");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.settingsINI", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.shouldFirstTimeDialog", "false");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.showToolbarPermission", "false");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.smartbar.CTID", "CT3279414");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.smartbar.Uninstall", "0");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.smartbar.homepage", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.smartbar.toolbarName", "appbario15 ");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.startPage", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.toolbarBornServerTime", "29-12-2013");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.toolbarCurrentServerTime", "29-12-2013");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.toolbarDisabled", "true");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.toolbarInstallDate", "04-12-2013 19:48:29");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.toolbarLoginClientTime", "Sat Dec 28 2013 16:05:35 GMT-0500 (Eastern Standard Time)");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.versionFromInstaller", "10.22.5.10");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("CT3279414.xpeMode", "0");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279414");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3279414");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3279414&CUI=UN15169733465949172&UM=2&SearchSource=13");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279414&SearchSource=2&CUI=UN15169733465949172&UM=2&q=");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3279414");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3279414");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("smartbar.machineId", "LPOXRC2DNHIBYCWCRPB0LGWBJIBGPDJGKF3Z/XWSDC59EB4GYWB5P7F9BS/XYO6XJ2WLNWQQE8IYRTTWCBOTWA");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E+x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E,x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E-x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E.:2z527.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E.x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E/x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E06CG5EL8:", "6E6D696A716E716F7270");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E06CG5EL8:.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E06CG5EL;8I:K", "247E2D2F226A74736F70777477757876242F4B49474F42357D5D5C3D");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E06CG5EL;8I:K.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E0x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E1x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E2x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E3x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E4x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E5x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E6x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E7x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E8x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E9x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E:x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E;x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E<x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E=x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E>x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E?x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7E@x305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7EAx305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7EBE3G=;D9N9=D.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7EBx305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7ECx305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7EDx305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B+7Etx305.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B-0?3G>D", "6C6E3D3E6A6E6E6E7A447376762047767E4C257B4E7B202A282153565A292D5A30295F61");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B-0?3G>D.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B-0?3G@6:5;", "");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B-0?3G@6:5;.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B-0?3GFA7EF", "2B2E2C3D");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B-0?3GFA7EF.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B-3=3ECCJA=F>.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B3=>@44I48?.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B5BA==9CJAG", "6F686C3D423E40747A4477447B7549794E7821504E");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B5BA==9CJAG.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B6B11G4C56B>F;P;ANR@P", "6E6D696A716E716F7376727173");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B9643G3/9E", "6A");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B9643G3/9E.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B;45>:BI9I7IE", "2B2E2C3D");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B;45>:BI9I7IE.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B<:222H64<", "393F352F3E");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B<:222H64<.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B<:222H64<L8DAJ", "6D70706F7673737975702A787A727D79757B79");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B<:222H64<L8DAJ.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B=+03EH8H8J?:", "4443");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B=+03EH8H8J?:.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B?+E2A52D8.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B?B0D:8AJ62<H", "6D");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9B?B0D:8AJ62<H.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9BA@0<0BI6A7GN:6@L?", "6C");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.PG_ENABLE", "74727565");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.PG_ENABLE.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414._key_cl_active", "30353934323861662D656634342D343261382D623839662D636263393663616361623231");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414._key_cl_active.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.cbfirsttime", "5361742044656320323820323031332031363A30353A343220474D542D3035303020284561737465726E205374616E646172642054696D6529");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.cbfirsttime.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appStateReportTime", "31333838323634373430343632");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appStateReportTime.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_Clarity_Active", "6F6E");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_Clarity_Active.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_CouponBuddy", "6F6E");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_CouponBuddy.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_Easytobook", "6F6E");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_Easytobook.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_Easytobook_targeted", "6F6E");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_Easytobook_targeted.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_Find-a-Pro", "6F6E");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_Find-a-Pro.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_PriceGong", "6F6E");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appState_PriceGong.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appsConfig.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appsDefaultEnabled", "6E756C6C");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_appsDefaultEnabled.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_calledSetupService", "31");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_calledSetupService.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_currentVersion", "312E31322E302E35");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_currentVersion.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_existingUsersRecoveryDone", "31");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_existingUsersRecoveryDone.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_first_time", "31");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_first_time.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_lastLoginTime", "31333838323634373430393930");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_lastLoginTime.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_localization.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_mamEnabled", "74727565");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_mamEnabled.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_migrated_from_ls", "31");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_migrated_from_ls.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_new_welcome_experience", "31");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_new_welcome_experience.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_settings1.12.0.5.storedInFile", true);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_showWelcomeGadget", "66616C7365");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_showWelcomeGadget.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_stamp", "313036385F30");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_stamp.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_userId", "62636338393364332D333261642D346431382D393530612D383130306632396362306433");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_userId.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_user_approval_interacted", "31");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_user_approval_interacted.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_welcomeDialogMode", "31");
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3279414.mam_gk_welcomeDialogMode.storedInFile", false);
    [-] [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Deleted : user_pref("valueApps.storage.mam_gk_userId", "62636338393364332D333261642D346431382D393530612D383130306632396362306433");
    [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
    [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : binkiland.com
    [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtCyCyBzztCyBtAzyyBtD0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtByBzytB0EtC0DtGyD0AtAtBtG0C0AtB0DtG0Fzy0FtBtGtB0CyD0FtD0C0CyE0DyDtBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0AtAyE0F0C0ByEtGzz0D0A0AtGyEzyyDtDtGzy0F0AyBtGtA0DyEzzzyyEtAyE0Azz0CyE2Q&cr=984440490&ir=
    [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bakijjialdiiboeaknfpmflphhmljfkd
    [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : edmgmpmklgfbohogafcfobonnkogchec
    [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
    [-] [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pmgkeimkiojpjcoiiipekfjaopchhjga
    [-] [C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [57539 bytes] ##########
    # AdwCleaner v5.014 - Logfile created 23/10/2015 at 10:01:13
    # Updated 18/10/2015 by Xplode
    # Database : 2015-10-18.5 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : Home - HOME-PC
    # Running from : C:\Users\Home\Downloads\AdwCleaner.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****

    Service Found : swdumon

    ***** [ Folders ] *****

    Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\77zip
    Folder Found : C:\Program Files (x86)\Yahoo!\Companion
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\ProgramData\Conduit
    Folder Found : C:\Users\Home\AppData\Local\Conduit
    Folder Found : C:\Users\Home\AppData\Local\FileTypeAssistant
    Folder Found : C:\Users\Home\AppData\Local\Ilivid Player
    Folder Found : C:\Users\Home\AppData\Local\NativeMessaging
    Folder Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
    Folder Found : C:\Users\Home\AppData\LocalLow\iac
    Folder Found : C:\Users\Home\AppData\LocalLow\Yahoo!\Companion
    Folder Found : C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    Folder Found : C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\77zip
    Folder Found : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\Smartbar
    Folder Found : C:\Users\Lisa\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\Lisa\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Lisa\AppData\LocalLow\wiseconvert
    Folder Found : C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec
    Folder Found : C:\Users\Lynne\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Found : C:\Users\Lynne\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\Lynne\AppData\LocalLow\wiseconvert
    Folder Found : C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\tlmc1432.default\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
    Folder Found : C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant

    ***** [ Files ] *****

    File Found : C:\END
    File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
    File Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage
    File Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage-journal
    File Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bakijjialdiiboeaknfpmflphhmljfkd
    File Found : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ieakfmpjhljbpbfpldjkddkjmmgjmgon_0.localstorage
    File Found : C:\Users\Home\Desktop\77zip.lnk
    File Found : C:\Users\Lynne\AppData\Roaming\Mozilla\Firefox\Profiles\tlmc1432.default\user.js
    File Found : C:\Windows\SysNative\drivers\swdumon.sys

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    Task Found : Browser Manager

    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
    Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    Key Found : HKCU\Software\5de8dd1bd3bec17
    Key Found : HKLM\SOFTWARE\5de8dd1bd3bec17
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\edmgmpmklgfbohogafcfobonnkogchec
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
    Key Found : HKU\.DEFAULT\Software\BrowserMngr
    Key Found : HKCU\Software\BABSOLUTION
    Key Found : HKCU\Software\Bitberry
    Key Found : HKCU\Software\BrowserMngr
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\FileTypeAssistant
    Key Found : HKCU\Software\ilivid
    Key Found : HKCU\Software\usyndication.com
    Key Found : HKCU\Software\USyndication
    Key Found : HKCU\Software\SlimWare Utilities Inc
    Key Found : HKCU\Software\Yahoo\Companion
    Key Found : HKCU\Software\Yahoo\YFriendsBar
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
    Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Found : HKLM\SOFTWARE\Babylon
    Key Found : HKLM\SOFTWARE\BrowserMngr
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
    Key Found : HKLM\SOFTWARE\Yahoo\Companion
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\77zip
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
    Key Found : [x64] HKCU\Software\BABSOLUTION
    Key Found : [x64] HKCU\Software\Bitberry
    Key Found : [x64] HKCU\Software\BrowserMngr
    Key Found : [x64] HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\FileTypeAssistant
    Key Found : [x64] HKCU\Software\ilivid
    Key Found : [x64] HKCU\Software\usyndication.com
    Key Found : [x64] HKCU\Software\USyndication
    Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
    Key Found : [x64] HKCU\Software\Yahoo\Companion
    Key Found : [x64] HKCU\Software\Yahoo\YFriendsBar
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect
    Key Found : HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\AppDataLow\Software\Conduit
    Key Found : HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\AppDataLow\Software\Yahoo\Companion
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5A64367A-E4DF-4510-AC7F-331E454720E5}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5A64367A-E4DF-4510-AC7F-331E454720E5}
    Key Found : HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5A64367A-E4DF-4510-AC7F-331E454720E5}

    ***** [ Web browsers ] *****

    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.1000082.isPlayDisplay", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.CT3279414ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzY2ODclMjIlMkMlMjJ0aXRsZSUyMiUzQSUyMiV1MjVCQ0NoZWNrJTIwWW91ciUyMCUyOFBDJTI5JTIwRXJyb3JzJXUyNUJDJTIyJTJDJTIyYW[...]
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.CT3279414current_term.enc", "");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.CT3279414sdate.enc", "Mjg=");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.FF19Solved", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.FirstTime", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.FirstTimeFF3", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.UserID", "UN15169733465949172");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.addressBarTakeOverEnabledInHidden", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.appOptions", "{}");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.bDay_InstallDate.enc", "MjgtMTE=");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.bDay_InstallFromToolbar.enc", "eWVz");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.browser.search.defaultthis.engineName", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.countryCode", "US");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.defaultSearch", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.enableAlerts", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.enableSearchFromAddressBar", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.firstTimeDialogOpened", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.fixPageNotFoundError", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.fixPageNotFoundErrorByUser", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.fixPageNotFoundErrorInHidden", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.fullUserID", "UN15169733465949172.IN.20131204194828");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.installDate", "04/12/2013 19:48:34");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.installId", "cid3867");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.installSessionId", "{66D78986-A48B-4C92-92E6-8BDE3401C7C9}");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.installSp", "TRUE");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.installType", "conduitnsisintegration");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.installUsage", "2013-12-29T00:05:40.9578692+03:00");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.installUsageEarly", "2013-12-29T00:05:39.2859621+03:00");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.installerVersion", "1.8.1.4");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.isCheckedStartAsHidden", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.isFirstTimeToolbarLoading", "false");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.keyword", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.lastVersion", "10.23.0.822");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.openThankYouPage", "false");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.openUninstallPage", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.originalHomepage", "hxxp://mysearch.avg.com?cid={1158002B-FEFF-412A-89ED-E45185FF294B}&mid=56117b703cda47d39ce9d16c57836880-f6e92598e882dcb25b70b6e638896bc4f7fce2cb&lang=en&ds=co0[...]
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.originalSearchAddressUrl", "");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.originalSearchEngine", "AVG Secure Search");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.originalSearchEngineName", "AVG Secure Search");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.revertSettingsEnabled", "false");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.search.searchAppId", "130028910589345878");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.search.searchCount", "0");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.searchFromAddressBarEnabledByUser", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.searchInNewTabEnabledByUser", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.searchInNewTabEnabledInHidden", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.searchRevert", "false");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.searchSuggestEnabledByUser", "false");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.searchUninstallUserMode", "2");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.searchUserMode", "2");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.sendUsageEnabled", "false");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_Configuration_lastUpdate", "1388264732611");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1388264734382");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_appsMetadata_lastUpdate", "1388264734403");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1388264734489");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1388264732622");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1388264734927");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_login_10.22.5.10_lastUpdate", "1388264735298");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_login_10.23.0.822_lastUpdate", "1388264921806");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1388264734931");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_searchAPI_lastUpdate", "1388264732398");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_serviceMap_lastUpdate", "1388264731923");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_toolbarContextMenu_lastUpdate", "1388264734686");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_toolbarSettings_lastUpdate", "1388264732671");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.serviceLayer_services_translation_lastUpdate", "1388264734350");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.settingsINI", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.shouldFirstTimeDialog", "false");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.showToolbarPermission", "false");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.smartbar.CTID", "CT3279414");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.smartbar.Uninstall", "0");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.smartbar.homepage", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.smartbar.toolbarName", "appbario15 ");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.startPage", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.toolbarBornServerTime", "29-12-2013");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.toolbarCurrentServerTime", "29-12-2013");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.toolbarDisabled", "true");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.toolbarInstallDate", "04-12-2013 19:48:29");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.toolbarLoginClientTime", "Sat Dec 28 2013 16:05:35 GMT-0500 (Eastern Standard Time)");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.versionFromInstaller", "10.22.5.10");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("CT3279414.xpeMode", "0");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("Smartbar.ConduitHomepagesList", "");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("Smartbar.ConduitSearchEngineList", "");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("Smartbar.ConduitSearchUrlList", "");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279414");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("smartbar.addressBarOwnerCTID", "CT3279414");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3279414&CUI=UN15169733465949172&UM=2&SearchSource=13");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279414&SearchSource=2&CUI=UN15169733465949172&UM=2&q=");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3279414");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("smartbar.homePageOwnerCTID", "CT3279414");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("smartbar.machineId", "LPOXRC2DNHIBYCWCRPB0LGWBJIBGPDJGKF3Z/XWSDC59EB4GYWB5P7F9BS/XYO6XJ2WLNWQQE8IYRTTWCBOTWA");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E+x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E,x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E-x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E.:2z527.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E.x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E/x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E06CG5EL8:", "6E6D696A716E716F7270");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E06CG5EL8:.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E06CG5EL;8I:K", "247E2D2F226A74736F70777477757876242F4B49474F42357D5D5C3D");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E06CG5EL;8I:K.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E0x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E1x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E2x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E3x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E4x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E5x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E6x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E7x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E8x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E9x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E:x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E;x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E<x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E=x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E>x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E?x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7E@x305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7EAx305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7EBE3G=;D9N9=D.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7EBx305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7ECx305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7EDx305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B+7Etx305.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B-0?3G>D", "6C6E3D3E6A6E6E6E7A447376762047767E4C257B4E7B202A282153565A292D5A30295F61");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B-0?3G>D.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B-0?3G@6:5;", "");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B-0?3G@6:5;.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B-0?3GFA7EF", "2B2E2C3D");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B-0?3GFA7EF.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B-3=3ECCJA=F>.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B3=>@44I48?.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B5BA==9CJAG", "6F686C3D423E40747A4477447B7549794E7821504E");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B5BA==9CJAG.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B6B11G4C56B>F;P;ANR@P", "6E6D696A716E716F7376727173");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B9643G3/9E", "6A");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B9643G3/9E.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B;45>:BI9I7IE", "2B2E2C3D");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B;45>:BI9I7IE.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B<:222H64<", "393F352F3E");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B<:222H64<.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B<:222H64<L8DAJ", "6D70706F7673737975702A787A727D79757B79");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B<:222H64<L8DAJ.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B=+03EH8H8J?:", "4443");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B=+03EH8H8J?:.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B?+E2A52D8.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B?B0D:8AJ62<H", "6D");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9B?B0D:8AJ62<H.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9BA@0<0BI6A7GN:6@L?", "6C");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.PG_ENABLE", "74727565");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.PG_ENABLE.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414._key_cl_active", "30353934323861662D656634342D343261382D623839662D636263393663616361623231");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414._key_cl_active.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.cbfirsttime", "5361742044656320323820323031332031363A30353A343220474D542D3035303020284561737465726E205374616E646172642054696D6529");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.cbfirsttime.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appStateReportTime", "31333838323634373430343632");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appStateReportTime.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_Clarity_Active", "6F6E");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_Clarity_Active.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_CouponBuddy", "6F6E");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_CouponBuddy.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_Easytobook", "6F6E");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_Easytobook.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_Easytobook_targeted", "6F6E");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_Easytobook_targeted.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_Find-a-Pro", "6F6E");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_Find-a-Pro.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_PriceGong", "6F6E");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appState_PriceGong.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appsConfig.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appsDefaultEnabled", "6E756C6C");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_appsDefaultEnabled.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_calledSetupService", "31");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_calledSetupService.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_currentVersion", "312E31322E302E35");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_currentVersion.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_existingUsersRecoveryDone", "31");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_existingUsersRecoveryDone.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_first_time", "31");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_first_time.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_lastLoginTime", "31333838323634373430393930");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_lastLoginTime.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_localization.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_mamEnabled", "74727565");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_mamEnabled.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_migrated_from_ls", "31");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_migrated_from_ls.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_new_welcome_experience", "31");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_new_welcome_experience.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_settings1.12.0.5.storedInFile", true);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_showWelcomeGadget", "66616C7365");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_showWelcomeGadget.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_stamp", "313036385F30");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_stamp.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_userId", "62636338393364332D333261642D346431382D393530612D383130306632396362306433");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_userId.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_user_approval_interacted", "31");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_user_approval_interacted.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_welcomeDialogMode", "31");
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.CT3279414.mam_gk_welcomeDialogMode.storedInFile", false);
    [C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\prefs.js] [Preference] Found : user_pref("valueApps.storage.mam_gk_userId", "62636338393364332D333261642D346431382D393530612D383130306632396362306433");
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.conduit.com
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : binkiland.com
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldstr_15_09&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtCyCyBzztCyBtAzyyBtD0FtN0D0Tzu0StCtCyDtDtN1L2XzutAtFyBtFyBtFtCtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtByBzytB0EtC0DtGyD0AtAtBtG0C0AtB0DtG0Fzy0FtBtGtB0CyD0FtD0C0CyE0DyDtBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0AtAyE0F0C0ByEtGzz0D0A0AtGyEzyyDtDtGzy0F0AyBtGtA0DyEzzzyyEtAyE0Azz0CyE2Q&cr=984440490&ir=
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bakijjialdiiboeaknfpmflphhmljfkd
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : edmgmpmklgfbohogafcfobonnkogchec
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ndibdjnfmopecpmkdieinmbadjfpblof
    [C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pmgkeimkiojpjcoiiipekfjaopchhjga
    [C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
    [C:\Users\Lynne\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [54889 bytes] ##########
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
    Ran by Home (administrator) on HOME-PC (23-10-2015 10:18:25)
    Running from C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7MY51CO
    Loaded Profiles: Home & UpdatusUser (Available Profiles: Home & Lynne & Lisa & UpdatusUser & DefaultAppPool)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Alcatel-Lucent) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Joyent, Inc) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe
    () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    (Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Microsoft Corporation) C:\Windows\System32\snmp.exe
    (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    (Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
    () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    (Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2009-09-04] ()
    HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe [131752 2009-09-04] (Lexmark International Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
    HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-23] (AVAST Software)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-21] (SUPERAntiSpyware)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\MountPoints2: {c7302013-e6e6-11e1-bf9d-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-23] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2012-10-07]
    ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk [2012-08-14]
    ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2015-08-06]
    ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2015-08-06]
    ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboApps WinMobile Conduit.lnk [2012-09-08]
    ShortcutTarget: TurboApps WinMobile Conduit.lnk -> c:\Users\Home\AppData\Roaming\Microsoft\Installer\{81F501F8-CB50-4BA2-A1BB-279F4BEB85D7}\_12D4935BB2BF56AE17F517.exe ()
    GroupPolicyUsers\S-1-5-21-2430930441-2580859966-3045845237-1006\User: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{804410AC-B072-42CE-9188-532F692FECDA}: [DhcpNameServer] 192.168.1.1 68.105.28.11 68.105.29.11
    Tcpip\..\Interfaces\{E4238440-9D19-4259-90B4-58597A57EFB1}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-05] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-10] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-05] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
    BHO-x32: No Name -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-10] (Oracle Corporation)
    BHO-x32: XBTBPos00 Class -> {EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8} -> C:\Program Files (x86)\Brand Thunder\IE\tbcore3.dll => No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF DefaultSearchUrl: hxxps://www.google.com/search
    FF SearchEngineOrder.1: Google
    FF SelectedSearchEngine: Binkiland
    FF Homepage: about:home
    FF Keyword.URL: hxxps://www.google.com/search
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-10] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll [2012-11-15] (Alcatel-Lucent)
    FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2430930441-2580859966-3045845237-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Home\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-22] (Citrix Online)
    FF Plugin HKU\S-1-5-21-2430930441-2580859966-3045845237-1000: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-04] (Apple Inc.)
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\bing-avast.xml [2014-06-30]
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\google-avast.xml [2014-11-15]
    FF Extension: iCloud Bookmarks - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\Extensions\firefoxdav@icloud.com [2015-05-29]
    FF Extension: Motive Extension - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\Extensions\mcciwbch@motive.com [2012-12-28] [not signed]
    FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2012-12-28] [not signed]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-23] [not signed]
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension => not found

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
    CHR Plugin: (Application Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
    CHR Plugin: (Sony Online Media Engine) - C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll (Sony)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Avast SafePrice) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-05-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23]
    CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
    R2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2012-11-15] (Alcatel-Lucent) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-23] (AVAST Software)
    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2505472 2015-10-09] (ESET)
    R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
    R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
    R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [594600 2009-08-19] ( )
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-10-05] (Alcatel-Lucent) [File not signed]
    R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-10-05] (Alcatel-Lucent) [File not signed]
    R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
    R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
    R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
    R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-23] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-23] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-23] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-23] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-23] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-23] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-23] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-23] (AVAST Software)
    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-07-30] (ESET)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-07-30] (ESET)
    R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-10-07] (ESET)
    R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-07-30] (ESET)
    R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-07-30] (ESET)
    R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-07-30] (ESET)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-23 10:12 - 2015-10-23 10:15 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
    2015-10-23 10:01 - 2015-10-23 10:07 - 00000000 ____D C:\AdwCleaner
    2015-10-23 09:58 - 2015-10-23 09:58 - 01691648 _____ C:\Users\Home\Downloads\AdwCleaner.exe
    2015-10-23 09:47 - 2015-10-23 09:47 - 00000560 _____ C:\Users\Home\Downloads\help.txt
    2015-10-23 09:36 - 2015-10-23 10:18 - 00000000 ____D C:\FRST
    2015-10-23 09:16 - 2015-10-23 09:16 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-10-23 09:15 - 2015-10-23 09:15 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
    2015-10-22 14:49 - 2015-10-23 10:10 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2015-10-22 14:47 - 2015-10-22 14:47 - 00001987 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\ProgramData\ESET
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\Program Files\ESET
    2015-10-22 14:44 - 2015-10-22 14:44 - 02837704 _____ (ESET) C:\Users\Home\Downloads\eset_smart_security_live_installer.exe
    2015-10-22 12:24 - 2015-10-22 12:46 - 00000000 ____D C:\Program Files (x86)\Citrix
    2015-10-22 12:24 - 2015-10-22 12:24 - 00000000 ____D C:\Users\Home\AppData\Local\Citrix
    2015-10-19 10:10 - 2015-10-19 10:12 - 00000000 ____D C:\Users\Home\Documents\Travelers Auto
    2015-10-17 11:38 - 2015-10-17 11:38 - 00000000 ____D C:\SUPERDelete
    2015-10-16 07:43 - 2015-10-16 07:43 - 00279608 _____ C:\Windows\Minidump\101615-31871-01.dmp
    2015-10-14 19:32 - 2015-10-14 19:32 - 00000000 ____D C:\Windows\pss
    2015-10-14 15:55 - 2015-09-18 15:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-10-14 15:55 - 2015-09-18 15:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-10-14 15:55 - 2015-09-18 15:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-10-13 21:54 - 2015-09-18 15:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-10-13 21:54 - 2015-09-18 14:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-10-13 21:54 - 2015-09-16 00:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-10-13 21:54 - 2015-09-16 00:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-10-13 21:54 - 2015-09-16 00:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-10-13 21:54 - 2015-09-16 00:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-10-13 21:54 - 2015-09-16 00:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-10-13 21:54 - 2015-09-16 00:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-10-13 21:54 - 2015-09-16 00:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-10-13 21:54 - 2015-09-16 00:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-10-13 21:54 - 2015-09-16 00:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-10-13 21:54 - 2015-09-16 00:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-10-13 21:54 - 2015-09-16 00:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-10-13 21:54 - 2015-09-15 23:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-10-13 21:54 - 2015-09-15 23:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-10-13 21:54 - 2015-09-15 23:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-10-13 21:54 - 2015-09-15 23:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-10-13 21:54 - 2015-09-15 23:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-10-13 21:54 - 2015-09-15 23:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-10-13 21:54 - 2015-09-15 23:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-10-13 21:54 - 2015-09-15 23:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-10-13 21:54 - 2015-09-15 23:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-10-13 21:54 - 2015-09-15 23:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-10-13 21:54 - 2015-09-15 23:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-10-13 21:54 - 2015-09-15 23:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-10-13 21:54 - 2015-09-15 23:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-10-13 21:54 - 2015-09-15 23:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-10-13 21:54 - 2015-09-15 23:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-10-13 21:54 - 2015-09-15 23:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-10-13 21:54 - 2015-09-15 23:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-10-13 21:54 - 2015-09-15 23:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-10-13 21:54 - 2015-09-15 23:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-10-13 21:54 - 2015-09-15 23:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-10-13 21:54 - 2015-09-15 23:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-10-13 21:54 - 2015-09-15 23:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-10-13 21:54 - 2015-09-15 23:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-10-13 21:54 - 2015-09-15 23:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-10-13 21:54 - 2015-09-15 23:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-10-13 21:54 - 2015-09-15 23:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-10-13 21:54 - 2015-09-15 23:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-10-13 21:54 - 2015-09-15 23:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-10-13 21:54 - 2015-09-15 23:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-10-13 21:54 - 2015-09-15 23:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-10-13 21:54 - 2015-09-15 23:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-10-13 21:54 - 2015-09-15 23:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-10-13 21:54 - 2015-09-15 23:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-10-13 21:54 - 2015-09-15 23:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-10-13 21:54 - 2015-09-15 22:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-10-13 21:54 - 2015-09-15 22:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-10-13 21:54 - 2015-09-15 22:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-10-13 21:54 - 2015-09-15 22:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-10-13 21:54 - 2015-09-15 22:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-10-13 21:54 - 2015-09-15 22:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-10-13 21:54 - 2015-09-15 22:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-10-13 21:54 - 2015-09-15 22:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-10-13 21:54 - 2015-09-15 22:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-10-13 21:54 - 2015-09-15 22:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-10-13 21:54 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-10-13 21:54 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-10-13 21:54 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-10-13 21:54 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-10-13 21:53 - 2015-09-28 23:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-10-13 21:53 - 2015-09-28 23:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-10-13 21:53 - 2015-09-28 23:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-10-13 21:53 - 2015-09-28 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-10-13 21:53 - 2015-09-28 23:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-10-13 21:53 - 2015-09-28 23:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-10-13 21:53 - 2015-09-28 23:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-10-13 21:53 - 2015-09-28 23:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-10-13 21:53 - 2015-09-28 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-10-13 21:53 - 2015-09-28 22:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-10-13 21:53 - 2015-09-28 22:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-10-13 21:53 - 2015-09-28 22:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-10-13 21:53 - 2015-09-28 22:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-10-13 21:53 - 2015-09-28 22:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-10-13 21:53 - 2015-09-28 21:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-10-13 21:53 - 2015-09-28 21:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-10-13 21:53 - 2015-09-28 21:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-10-13 21:53 - 2015-09-28 21:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-10-13 21:53 - 2015-09-28 21:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-10-13 21:53 - 2015-09-25 14:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-10-13 21:53 - 2015-09-25 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-10-13 21:53 - 2015-09-25 14:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-10-13 21:53 - 2015-09-25 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-10-13 21:53 - 2015-09-25 13:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-10-13 21:53 - 2015-09-15 14:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-10-13 21:53 - 2015-09-15 14:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-10-13 21:53 - 2015-09-15 14:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-10-13 21:53 - 2015-09-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-10-13 21:53 - 2015-09-15 13:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-10-13 21:53 - 2015-09-15 13:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-10-13 21:53 - 2015-09-15 13:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-10-13 21:53 - 2015-09-15 13:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-10-13 21:52 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-10-13 21:52 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-10-13 21:52 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-10-13 21:52 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-10-13 21:52 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-10-13 21:52 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-10-13 21:51 - 2015-07-18 09:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2015-10-11 12:30 - 2015-10-11 12:30 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Sun
    2015-10-11 12:30 - 2015-10-11 12:30 - 00000000 ____D C:\Users\Lisa\.oracle_jre_usage
    2015-10-07 06:16 - 2015-10-07 06:16 - 00142976 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-23 10:16 - 2009-07-14 00:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-23 10:16 - 2009-07-14 00:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-23 10:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
    2015-10-23 10:14 - 2014-09-01 12:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-10-23 10:13 - 2013-07-18 20:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-10-23 10:11 - 2013-08-22 18:57 - 00000435 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2015-10-23 10:10 - 2014-02-19 09:20 - 00000400 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
    2015-10-23 10:10 - 2014-02-14 07:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf297bb0803088.job
    2015-10-23 10:10 - 2012-08-15 14:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-10-23 10:10 - 2012-08-14 22:53 - 03544944 _____ C:\Windows\PFRO.log
    2015-10-23 10:10 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-10-23 10:10 - 2009-07-14 00:51 - 00051376 _____ C:\Windows\setupact.log
    2015-10-23 10:08 - 2012-08-14 22:36 - 01950193 _____ C:\Windows\WindowsUpdate.log
    2015-10-23 09:50 - 2013-12-27 10:49 - 00000000 ____D C:\Users\Home\AppData\Local\2206D898-65C1-4169-B64D-AD5D35991E03.aplzod
    2015-10-23 09:22 - 2012-08-15 12:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-23 09:16 - 2014-06-11 13:04 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2015-10-23 09:16 - 2013-12-27 18:50 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2015-10-23 09:16 - 2013-03-23 20:07 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2015-10-23 09:16 - 2013-03-23 20:07 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2015-10-23 09:16 - 2012-08-14 22:08 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-10-23 09:16 - 2012-08-14 22:08 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-10-23 09:16 - 2012-08-14 22:08 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-10-23 09:16 - 2012-08-14 22:08 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-10-23 09:14 - 2012-08-14 22:08 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2015-10-22 14:50 - 2014-02-02 12:09 - 00000000 ____D C:\Users\Home\AppData\Local\ESET
    2015-10-21 10:30 - 2012-08-16 11:41 - 00000000 ____D C:\Users\Home\Desktop\Resume & Cover Letters
    2015-10-21 10:29 - 2012-08-15 11:36 - 00000000 ____D C:\ProgramData\Lx_cats
    2015-10-19 10:14 - 2014-04-03 18:57 - 00000000 ____D C:\Users\Home\Documents\Travelers Hm Owners Pol
    2015-10-17 10:13 - 2013-07-18 20:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-10-17 10:13 - 2012-08-15 15:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-17 10:13 - 2012-08-15 15:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-16 07:43 - 2014-10-29 18:17 - 614066484 _____ C:\Windows\MEMORY.DMP
    2015-10-16 07:43 - 2014-10-29 18:17 - 00000000 ____D C:\Windows\Minidump
    2015-10-15 03:00 - 2014-12-11 04:16 - 00000000 ____D C:\Windows\system32\appraiser
    2015-10-15 03:00 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-10-14 20:23 - 2014-09-01 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-14 20:23 - 2014-09-01 12:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-10-14 20:23 - 2012-08-15 11:06 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-10-14 19:34 - 2013-05-28 19:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-14 19:33 - 2014-12-23 18:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-10-14 05:22 - 2012-11-02 20:46 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-10-14 04:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2015-10-14 03:16 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
    2015-10-14 03:09 - 2012-08-14 20:49 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-10-14 03:09 - 2012-08-14 20:09 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-10-11 12:30 - 2012-08-27 17:28 - 00000000 ____D C:\Users\Lisa
    2015-10-11 12:25 - 2012-08-27 17:29 - 00000000 ____D C:\Users\Lisa\AppData\Local\Google
    2015-10-11 12:23 - 2012-08-18 22:14 - 00000000 ____D C:\Users\Lynne\AppData\Local\Google
    2015-10-08 07:29 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
    2015-10-08 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-10-05 09:50 - 2014-09-01 12:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-10-05 09:50 - 2014-09-01 12:49 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-10-05 09:50 - 2012-08-15 11:06 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2015-09-26 17:59 - 2013-01-29 21:20 - 00022100 _____ C:\ProgramData\lxduJSW.log

    ==================== Files in the root of some directories =======

    2014-06-20 11:20 - 2015-02-24 14:46 - 0000131 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
    2012-09-13 18:42 - 2012-12-06 13:26 - 0005632 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-24 14:46 - 2015-02-24 14:46 - 0000010 _____ () C:\Users\Home\AppData\Local\DSI.DAT
    2012-08-17 12:59 - 2012-08-17 12:59 - 0004096 ____H () C:\Users\Home\AppData\Local\keyfile3.drm
    2012-08-15 11:35 - 2012-08-15 11:35 - 0000252 _____ () C:\ProgramData\FastPics.log
    2014-02-23 17:25 - 2014-07-08 12:13 - 0000483 _____ () C:\ProgramData\lxdu.log
    2013-02-23 11:56 - 2013-02-23 11:58 - 0000248 _____ () C:\ProgramData\lxduDiagnostics.log
    2013-01-29 21:20 - 2015-09-26 17:59 - 0022100 _____ () C:\ProgramData\lxduJSW.log
    2015-02-06 11:42 - 2015-02-06 11:42 - 0225190 _____ () C:\ProgramData\SPL1107.tmp
    2014-09-22 09:36 - 2014-09-22 09:36 - 5471854 _____ () C:\ProgramData\SPL14E.tmp
    2014-02-23 16:57 - 2014-02-23 16:57 - 2088164 _____ () C:\ProgramData\SPL1969.tmp
    2014-06-20 10:27 - 2014-06-20 10:27 - 0513379 _____ () C:\ProgramData\SPL1F43.tmp
    2014-06-05 17:59 - 2014-06-05 17:59 - 1819997 _____ () C:\ProgramData\SPL372E.tmp
    2015-01-31 10:38 - 2015-01-31 10:38 - 6887886 _____ () C:\ProgramData\SPL3BF6.tmp
    2015-01-31 15:41 - 2015-01-31 15:41 - 17780750 _____ () C:\ProgramData\SPL3F6.tmp
    2015-02-09 16:54 - 2015-02-09 16:54 - 0606599 _____ () C:\ProgramData\SPL4474.tmp
    2015-06-05 13:34 - 2015-06-05 13:34 - 0371852 _____ () C:\ProgramData\SPL558F.tmp
    2015-01-31 10:36 - 2015-01-31 10:36 - 6887886 _____ () C:\ProgramData\SPL57C7.tmp
    2015-04-01 12:04 - 2015-04-01 12:04 - 0241596 _____ () C:\ProgramData\SPL6C14.tmp
    2014-02-23 19:24 - 2014-02-23 19:24 - 2088164 _____ () C:\ProgramData\SPL736C.tmp
    2015-01-12 14:06 - 2015-01-12 14:06 - 0101442 _____ () C:\ProgramData\SPL740.tmp
    2015-05-01 10:50 - 2015-05-01 10:50 - 0521411 _____ () C:\ProgramData\SPL76B6.tmp
    2014-08-13 21:31 - 2014-08-13 21:31 - 6251160 _____ () C:\ProgramData\SPL7DD6.tmp
    2015-07-19 11:53 - 2015-07-19 11:53 - 0140631 _____ () C:\ProgramData\SPL82D5.tmp
    2015-04-06 11:34 - 2015-04-06 11:34 - 0099760 _____ () C:\ProgramData\SPL8729.tmp
    2015-03-30 10:49 - 2015-03-30 10:49 - 2496910 _____ () C:\ProgramData\SPL95D.tmp
    2015-06-03 19:37 - 2015-06-03 19:37 - 0723546 _____ () C:\ProgramData\SPL96A5.tmp
    2015-01-31 13:55 - 2015-01-31 13:55 - 17780750 _____ () C:\ProgramData\SPLB46.tmp
    2015-01-26 10:28 - 2015-01-26 10:28 - 0611143 _____ () C:\ProgramData\SPLB8F.tmp
    2014-02-23 15:47 - 2014-02-23 15:47 - 2088164 _____ () C:\ProgramData\SPLC4CF.tmp
    2012-12-21 18:42 - 2012-12-21 18:42 - 0860404 _____ () C:\ProgramData\SPLC6C7.tmp
    2014-04-29 15:16 - 2014-04-29 15:16 - 0678620 _____ () C:\ProgramData\SPLCE81.tmp
    2015-04-09 11:48 - 2015-04-09 11:48 - 0326714 _____ () C:\ProgramData\SPLD29C.tmp
    2015-03-23 10:55 - 2015-03-23 10:55 - 2815712 _____ () C:\ProgramData\SPLDCC4.tmp
    2015-06-24 10:57 - 2015-06-24 10:57 - 1565830 _____ () C:\ProgramData\SPLDED2.tmp
    2014-08-13 21:52 - 2014-08-13 21:52 - 0201922 _____ () C:\ProgramData\SPLE649.tmp
    2015-06-05 12:32 - 2015-06-05 12:32 - 0195126 _____ () C:\ProgramData\SPLE849.tmp
    2015-06-20 14:15 - 2015-06-20 14:15 - 3863779 _____ () C:\ProgramData\SPLEC13.tmp
    2015-05-10 09:33 - 2015-05-10 09:33 - 0609767 _____ () C:\ProgramData\SPLF53A.tmp
    2012-12-18 19:58 - 2012-12-18 19:58 - 0771125 _____ () C:\ProgramData\SPLF5EE.tmp
    2012-08-15 11:27 - 2012-08-15 11:27 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

    Some files in TEMP:
    ====================
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-11 00:10

    ==================== End of FRST.txt ============================

    As requested - files included. This is typing VERY slowly.
    Please help.
     
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Gerry,

    The typical signs of Koobface are not showing in the reports.... plus, MBAM would have detected it.
    AdwCleaner has removed a lot of Adware though.

    The FRST report is showing signs for concern and does need a fix script writing to remove and reset some things.

    Step 1
    It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either Avast or ESET Smart Security.


    Step 2

    This means we are unable to run a fix with FRST at the moment.
    The FRST program needs to be either on the Desktop or in the Download folder.
    We also need to see the addition.txt from FRST.

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop..... or Downloads folder.

    • Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator

      a1e30894cbd1e51d77798ccaebcd6fa0.png
    • When the tool opens click Yes to disclaimer.

      6c81f32e4cfa276b33b2c5b126a03416.png
    • Make sure that Addition.txt is selected at the bottom
    • Press Scan button.

      1b8c7ec40ba5fc57455a82d8388da693.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


    In your next reply, please submit:
    A new set of FRST reports.

    Please run FRST after removing one of the AV programs.


    Thanks.
     
  3. Gerry7371

    Gerry7371 Registered Members

    Joined:
    Oct 22, 2015
    Messages:
    41
    Operating System:
    Windows 7
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
    Ran by Home (administrator) on HOME-PC (23-10-2015 16:52:54)
    Running from C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7MY51CO
    Loaded Profiles: Home & UpdatusUser (Available Profiles: Home & Lynne & Lisa & UpdatusUser & DefaultAppPool)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Alcatel-Lucent) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Joyent, Inc) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe
    () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    (Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
    (Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
    () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    (Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
    (Microsoft Corporation) C:\Windows\System32\snmp.exe
    (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2009-09-04] ()
    HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe [131752 2009-09-04] (Lexmark International Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
    HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-21] (SUPERAntiSpyware)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\MountPoints2: {c7302013-e6e6-11e1-bf9d-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2012-10-07]
    ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk [2012-08-14]
    ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2015-08-06]
    ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2015-08-06]
    ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboApps WinMobile Conduit.lnk [2012-09-08]
    ShortcutTarget: TurboApps WinMobile Conduit.lnk -> c:\Users\Home\AppData\Roaming\Microsoft\Installer\{81F501F8-CB50-4BA2-A1BB-279F4BEB85D7}\_12D4935BB2BF56AE17F517.exe ()
    GroupPolicyUsers\S-1-5-21-2430930441-2580859966-3045845237-1006\User: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{804410AC-B072-42CE-9188-532F692FECDA}: [DhcpNameServer] 192.168.1.1 68.105.28.11 68.105.29.11
    Tcpip\..\Interfaces\{E4238440-9D19-4259-90B4-58597A57EFB1}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-10] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
    BHO-x32: No Name -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-10] (Oracle Corporation)
    BHO-x32: XBTBPos00 Class -> {EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8} -> C:\Program Files (x86)\Brand Thunder\IE\tbcore3.dll => No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF DefaultSearchUrl: hxxps://www.google.com/search
    FF SearchEngineOrder.1: Google
    FF SelectedSearchEngine: Binkiland
    FF Homepage: about:home
    FF Keyword.URL: hxxps://www.google.com/search
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-10] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll [2012-11-15] (Alcatel-Lucent)
    FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2430930441-2580859966-3045845237-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Home\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-22] (Citrix Online)
    FF Plugin HKU\S-1-5-21-2430930441-2580859966-3045845237-1000: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-04] (Apple Inc.)
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\bing-avast.xml [2014-06-30]
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\google-avast.xml [2014-11-15]
    FF Extension: iCloud Bookmarks - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\Extensions\firefoxdav@icloud.com [2015-05-29]
    FF Extension: Motive Extension - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\Extensions\mcciwbch@motive.com [2012-12-28] [not signed]
    FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2012-12-28] [not signed]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension => not found

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
    CHR Plugin: (Application Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
    CHR Plugin: (Sony Online Media Engine) - C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll (Sony)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Avast SafePrice) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-05-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23]
    CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
    R2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2012-11-15] (Alcatel-Lucent) [File not signed]
    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2505472 2015-10-09] (ESET)
    R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
    R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
    R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [594600 2009-08-19] ( )
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-10-05] (Alcatel-Lucent) [File not signed]
    R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-10-05] (Alcatel-Lucent) [File not signed]
    R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
    R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
    R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
    R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-07-30] (ESET)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-07-30] (ESET)
    R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-10-07] (ESET)
    R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-07-30] (ESET)
    R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-07-30] (ESET)
    R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-07-30] (ESET)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-23 16:49 - 2015-10-23 16:50 - 00042028 _____ C:\Users\Home\Downloads\Addition.txt
    2015-10-23 16:47 - 2015-10-23 16:50 - 00070437 _____ C:\Users\Home\Downloads\FRST.txt
    2015-10-23 16:47 - 2015-10-23 16:47 - 02196480 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
    2015-10-23 11:13 - 2015-10-23 11:13 - 00000000 ____D C:\Users\Home\AppData\Roaming\ESET
    2015-10-23 10:12 - 2015-10-23 16:38 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
    2015-10-23 10:01 - 2015-10-23 10:07 - 00000000 ____D C:\AdwCleaner
    2015-10-23 09:58 - 2015-10-23 09:58 - 01691648 _____ C:\Users\Home\Downloads\AdwCleaner.exe
    2015-10-23 09:47 - 2015-10-23 09:47 - 00000560 _____ C:\Users\Home\Downloads\help.txt
    2015-10-23 09:36 - 2015-10-23 16:52 - 00000000 ____D C:\FRST
    2015-10-22 14:49 - 2015-10-23 16:38 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2015-10-22 14:47 - 2015-10-22 14:47 - 00001987 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\ProgramData\ESET
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\Program Files\ESET
    2015-10-22 14:44 - 2015-10-22 14:44 - 02837704 _____ (ESET) C:\Users\Home\Downloads\eset_smart_security_live_installer.exe
    2015-10-22 12:24 - 2015-10-22 12:46 - 00000000 ____D C:\Program Files (x86)\Citrix
    2015-10-22 12:24 - 2015-10-22 12:24 - 00000000 ____D C:\Users\Home\AppData\Local\Citrix
    2015-10-19 10:10 - 2015-10-19 10:12 - 00000000 ____D C:\Users\Home\Documents\Travelers Auto
    2015-10-17 11:38 - 2015-10-17 11:38 - 00000000 ____D C:\SUPERDelete
    2015-10-16 07:43 - 2015-10-16 07:43 - 00279608 _____ C:\Windows\Minidump\101615-31871-01.dmp
    2015-10-14 19:32 - 2015-10-14 19:32 - 00000000 ____D C:\Windows\pss
    2015-10-14 15:55 - 2015-09-18 15:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-10-14 15:55 - 2015-09-18 15:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-10-14 15:55 - 2015-09-18 15:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-10-13 21:54 - 2015-09-18 15:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-10-13 21:54 - 2015-09-18 14:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-10-13 21:54 - 2015-09-16 00:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-10-13 21:54 - 2015-09-16 00:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-10-13 21:54 - 2015-09-16 00:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-10-13 21:54 - 2015-09-16 00:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-10-13 21:54 - 2015-09-16 00:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-10-13 21:54 - 2015-09-16 00:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-10-13 21:54 - 2015-09-16 00:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-10-13 21:54 - 2015-09-16 00:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-10-13 21:54 - 2015-09-16 00:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-10-13 21:54 - 2015-09-16 00:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-10-13 21:54 - 2015-09-16 00:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-10-13 21:54 - 2015-09-15 23:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-10-13 21:54 - 2015-09-15 23:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-10-13 21:54 - 2015-09-15 23:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-10-13 21:54 - 2015-09-15 23:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-10-13 21:54 - 2015-09-15 23:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-10-13 21:54 - 2015-09-15 23:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-10-13 21:54 - 2015-09-15 23:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-10-13 21:54 - 2015-09-15 23:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-10-13 21:54 - 2015-09-15 23:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-10-13 21:54 - 2015-09-15 23:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-10-13 21:54 - 2015-09-15 23:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-10-13 21:54 - 2015-09-15 23:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-10-13 21:54 - 2015-09-15 23:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-10-13 21:54 - 2015-09-15 23:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-10-13 21:54 - 2015-09-15 23:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-10-13 21:54 - 2015-09-15 23:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-10-13 21:54 - 2015-09-15 23:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-10-13 21:54 - 2015-09-15 23:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-10-13 21:54 - 2015-09-15 23:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-10-13 21:54 - 2015-09-15 23:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-10-13 21:54 - 2015-09-15 23:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-10-13 21:54 - 2015-09-15 23:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-10-13 21:54 - 2015-09-15 23:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-10-13 21:54 - 2015-09-15 23:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-10-13 21:54 - 2015-09-15 23:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-10-13 21:54 - 2015-09-15 23:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-10-13 21:54 - 2015-09-15 23:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-10-13 21:54 - 2015-09-15 23:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-10-13 21:54 - 2015-09-15 23:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-10-13 21:54 - 2015-09-15 23:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-10-13 21:54 - 2015-09-15 23:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-10-13 21:54 - 2015-09-15 23:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-10-13 21:54 - 2015-09-15 23:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-10-13 21:54 - 2015-09-15 23:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-10-13 21:54 - 2015-09-15 22:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-10-13 21:54 - 2015-09-15 22:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-10-13 21:54 - 2015-09-15 22:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-10-13 21:54 - 2015-09-15 22:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-10-13 21:54 - 2015-09-15 22:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-10-13 21:54 - 2015-09-15 22:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-10-13 21:54 - 2015-09-15 22:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-10-13 21:54 - 2015-09-15 22:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-10-13 21:54 - 2015-09-15 22:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-10-13 21:54 - 2015-09-15 22:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-10-13 21:54 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-10-13 21:54 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-10-13 21:54 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-10-13 21:54 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-10-13 21:53 - 2015-09-28 23:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-10-13 21:53 - 2015-09-28 23:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-10-13 21:53 - 2015-09-28 23:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-10-13 21:53 - 2015-09-28 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-10-13 21:53 - 2015-09-28 23:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-10-13 21:53 - 2015-09-28 23:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-10-13 21:53 - 2015-09-28 23:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-10-13 21:53 - 2015-09-28 23:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-10-13 21:53 - 2015-09-28 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-10-13 21:53 - 2015-09-28 22:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-10-13 21:53 - 2015-09-28 22:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-10-13 21:53 - 2015-09-28 22:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-10-13 21:53 - 2015-09-28 22:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-10-13 21:53 - 2015-09-28 22:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-10-13 21:53 - 2015-09-28 21:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-10-13 21:53 - 2015-09-28 21:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-10-13 21:53 - 2015-09-28 21:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-10-13 21:53 - 2015-09-28 21:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-10-13 21:53 - 2015-09-28 21:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-10-13 21:53 - 2015-09-25 14:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-10-13 21:53 - 2015-09-25 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-10-13 21:53 - 2015-09-25 14:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-10-13 21:53 - 2015-09-25 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-10-13 21:53 - 2015-09-25 13:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-10-13 21:53 - 2015-09-15 14:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-10-13 21:53 - 2015-09-15 14:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-10-13 21:53 - 2015-09-15 14:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-10-13 21:53 - 2015-09-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-10-13 21:53 - 2015-09-15 13:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-10-13 21:53 - 2015-09-15 13:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-10-13 21:53 - 2015-09-15 13:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-10-13 21:53 - 2015-09-15 13:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-10-13 21:52 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-10-13 21:52 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-10-13 21:52 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-10-13 21:52 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-10-13 21:52 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-10-13 21:52 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-10-13 21:51 - 2015-07-18 09:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2015-10-11 12:30 - 2015-10-11 12:30 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Sun
    2015-10-11 12:30 - 2015-10-11 12:30 - 00000000 ____D C:\Users\Lisa\.oracle_jre_usage
    2015-10-07 06:16 - 2015-10-07 06:16 - 00142976 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-23 16:46 - 2009-07-14 00:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-23 16:46 - 2009-07-14 00:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-23 16:40 - 2013-12-27 10:49 - 00000000 ____D C:\Users\Home\AppData\Local\2206D898-65C1-4169-B64D-AD5D35991E03.aplzod
    2015-10-23 16:39 - 2013-08-22 18:57 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2015-10-23 16:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
    2015-10-23 16:38 - 2014-02-14 07:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf297bb0803088.job
    2015-10-23 16:37 - 2014-02-19 09:20 - 00000400 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
    2015-10-23 16:37 - 2012-08-14 22:53 - 03915944 _____ C:\Windows\PFRO.log
    2015-10-23 16:37 - 2012-08-14 22:07 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-10-23 16:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-10-23 16:37 - 2009-07-14 00:51 - 00051432 _____ C:\Windows\setupact.log
    2015-10-23 16:35 - 2012-08-14 22:36 - 02001118 _____ C:\Windows\WindowsUpdate.log
    2015-10-23 16:30 - 2014-09-01 12:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-10-23 16:22 - 2012-08-15 12:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-23 16:13 - 2013-07-18 20:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-10-23 10:10 - 2012-08-15 14:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-10-23 10:07 - 2012-10-07 12:56 - 00000000 ____D C:\Users\Home\AppData\LocalLow\Yahoo!
    2015-10-23 10:07 - 2012-10-07 12:56 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2015-10-22 14:50 - 2014-02-02 12:09 - 00000000 ____D C:\Users\Home\AppData\Local\ESET
    2015-10-21 10:30 - 2012-08-16 11:41 - 00000000 ____D C:\Users\Home\Desktop\Resume & Cover Letters
    2015-10-21 10:29 - 2012-08-15 11:36 - 00000000 ____D C:\ProgramData\Lx_cats
    2015-10-19 10:14 - 2014-04-03 18:57 - 00000000 ____D C:\Users\Home\Documents\Travelers Hm Owners Pol
    2015-10-17 10:13 - 2013-07-18 20:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-10-17 10:13 - 2012-08-15 15:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-17 10:13 - 2012-08-15 15:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-16 07:43 - 2014-10-29 18:17 - 614066484 _____ C:\Windows\MEMORY.DMP
    2015-10-16 07:43 - 2014-10-29 18:17 - 00000000 ____D C:\Windows\Minidump
    2015-10-15 03:00 - 2014-12-11 04:16 - 00000000 ____D C:\Windows\system32\appraiser
    2015-10-15 03:00 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-10-14 20:23 - 2014-09-01 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-14 20:23 - 2014-09-01 12:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-10-14 20:23 - 2012-08-15 11:06 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-10-14 19:34 - 2013-05-28 19:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-14 19:33 - 2014-12-23 18:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-10-14 05:22 - 2012-11-02 20:46 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-10-14 04:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2015-10-14 03:16 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
    2015-10-14 03:09 - 2012-08-14 20:49 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-10-14 03:09 - 2012-08-14 20:09 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-10-11 12:30 - 2012-08-27 17:28 - 00000000 ____D C:\Users\Lisa
    2015-10-11 12:25 - 2012-08-27 17:29 - 00000000 ____D C:\Users\Lisa\AppData\Local\Google
    2015-10-11 12:23 - 2012-08-18 22:14 - 00000000 ____D C:\Users\Lynne\AppData\Local\Google
    2015-10-08 07:29 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
    2015-10-08 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-10-05 09:50 - 2014-09-01 12:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-10-05 09:50 - 2014-09-01 12:49 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-10-05 09:50 - 2012-08-15 11:06 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2015-09-26 17:59 - 2013-01-29 21:20 - 00022100 _____ C:\ProgramData\lxduJSW.log

    ==================== Files in the root of some directories =======

    2014-06-20 11:20 - 2015-02-24 14:46 - 0000131 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
    2012-09-13 18:42 - 2012-12-06 13:26 - 0005632 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-24 14:46 - 2015-02-24 14:46 - 0000010 _____ () C:\Users\Home\AppData\Local\DSI.DAT
    2012-08-17 12:59 - 2012-08-17 12:59 - 0004096 ____H () C:\Users\Home\AppData\Local\keyfile3.drm
    2012-08-15 11:35 - 2012-08-15 11:35 - 0000252 _____ () C:\ProgramData\FastPics.log
    2014-02-23 17:25 - 2014-07-08 12:13 - 0000483 _____ () C:\ProgramData\lxdu.log
    2013-02-23 11:56 - 2013-02-23 11:58 - 0000248 _____ () C:\ProgramData\lxduDiagnostics.log
    2013-01-29 21:20 - 2015-09-26 17:59 - 0022100 _____ () C:\ProgramData\lxduJSW.log
    2015-02-06 11:42 - 2015-02-06 11:42 - 0225190 _____ () C:\ProgramData\SPL1107.tmp
    2014-09-22 09:36 - 2014-09-22 09:36 - 5471854 _____ () C:\ProgramData\SPL14E.tmp
    2014-02-23 16:57 - 2014-02-23 16:57 - 2088164 _____ () C:\ProgramData\SPL1969.tmp
    2014-06-20 10:27 - 2014-06-20 10:27 - 0513379 _____ () C:\ProgramData\SPL1F43.tmp
    2014-06-05 17:59 - 2014-06-05 17:59 - 1819997 _____ () C:\ProgramData\SPL372E.tmp
    2015-01-31 10:38 - 2015-01-31 10:38 - 6887886 _____ () C:\ProgramData\SPL3BF6.tmp
    2015-01-31 15:41 - 2015-01-31 15:41 - 17780750 _____ () C:\ProgramData\SPL3F6.tmp
    2015-02-09 16:54 - 2015-02-09 16:54 - 0606599 _____ () C:\ProgramData\SPL4474.tmp
    2015-06-05 13:34 - 2015-06-05 13:34 - 0371852 _____ () C:\ProgramData\SPL558F.tmp
    2015-01-31 10:36 - 2015-01-31 10:36 - 6887886 _____ () C:\ProgramData\SPL57C7.tmp
    2015-04-01 12:04 - 2015-04-01 12:04 - 0241596 _____ () C:\ProgramData\SPL6C14.tmp
    2014-02-23 19:24 - 2014-02-23 19:24 - 2088164 _____ () C:\ProgramData\SPL736C.tmp
    2015-01-12 14:06 - 2015-01-12 14:06 - 0101442 _____ () C:\ProgramData\SPL740.tmp
    2015-05-01 10:50 - 2015-05-01 10:50 - 0521411 _____ () C:\ProgramData\SPL76B6.tmp
    2014-08-13 21:31 - 2014-08-13 21:31 - 6251160 _____ () C:\ProgramData\SPL7DD6.tmp
    2015-07-19 11:53 - 2015-07-19 11:53 - 0140631 _____ () C:\ProgramData\SPL82D5.tmp
    2015-04-06 11:34 - 2015-04-06 11:34 - 0099760 _____ () C:\ProgramData\SPL8729.tmp
    2015-03-30 10:49 - 2015-03-30 10:49 - 2496910 _____ () C:\ProgramData\SPL95D.tmp
    2015-06-03 19:37 - 2015-06-03 19:37 - 0723546 _____ () C:\ProgramData\SPL96A5.tmp
    2015-01-31 13:55 - 2015-01-31 13:55 - 17780750 _____ () C:\ProgramData\SPLB46.tmp
    2015-01-26 10:28 - 2015-01-26 10:28 - 0611143 _____ () C:\ProgramData\SPLB8F.tmp
    2014-02-23 15:47 - 2014-02-23 15:47 - 2088164 _____ () C:\ProgramData\SPLC4CF.tmp
    2012-12-21 18:42 - 2012-12-21 18:42 - 0860404 _____ () C:\ProgramData\SPLC6C7.tmp
    2014-04-29 15:16 - 2014-04-29 15:16 - 0678620 _____ () C:\ProgramData\SPLCE81.tmp
    2015-04-09 11:48 - 2015-04-09 11:48 - 0326714 _____ () C:\ProgramData\SPLD29C.tmp
    2015-03-23 10:55 - 2015-03-23 10:55 - 2815712 _____ () C:\ProgramData\SPLDCC4.tmp
    2015-06-24 10:57 - 2015-06-24 10:57 - 1565830 _____ () C:\ProgramData\SPLDED2.tmp
    2014-08-13 21:52 - 2014-08-13 21:52 - 0201922 _____ () C:\ProgramData\SPLE649.tmp
    2015-06-05 12:32 - 2015-06-05 12:32 - 0195126 _____ () C:\ProgramData\SPLE849.tmp
    2015-06-20 14:15 - 2015-06-20 14:15 - 3863779 _____ () C:\ProgramData\SPLEC13.tmp
    2015-05-10 09:33 - 2015-05-10 09:33 - 0609767 _____ () C:\ProgramData\SPLF53A.tmp
    2012-12-18 19:58 - 2012-12-18 19:58 - 0771125 _____ () C:\ProgramData\SPLF5EE.tmp
    2012-08-15 11:27 - 2012-08-15 11:27 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

    Some files in TEMP:
    ====================
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-11 00:10

    ==================== End of FRST.txt ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
    Ran by Home (2015-10-23 16:53:45)
    Running from C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7MY51CO
    Windows 7 Ultimate Service Pack 1 (X64) (2012-08-14 23:51:34)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2430930441-2580859966-3045845237-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-2430930441-2580859966-3045845237-1006 - Limited - Enabled)
    Guest (S-1-5-21-2430930441-2580859966-3045845237-501 - Limited - Disabled)
    Home (S-1-5-21-2430930441-2580859966-3045845237-1000 - Administrator - Enabled) => C:\Users\Home
    Lisa (S-1-5-21-2430930441-2580859966-3045845237-1004 - Limited - Enabled) => C:\Users\Lisa
    Lynne (S-1-5-21-2430930441-2580859966-3045845237-1003 - Limited - Enabled) => C:\Users\Lynne
    UpdatusUser (S-1-5-21-2430930441-2580859966-3045845237-1007 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ESET Smart Security 9.0.318.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ESET Smart Security 9.0.318.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    ATT Management Agent (HKLM-x32\...\ATT-ATT Management Agent) (Version: 8.2.1.6 - ATT)
    Belltech Greeting Card Designer 4.7 (HKLM-x32\...\Belltech Greeting Card Designer 4.7_is1) (Version: - Belltech Systems)
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    Bloggie Software (HKLM-x32\...\BloggieSoftware) (Version: 3.3.1.73 - Sony)
    Bloggie Software (x32 Version: 3.3.1.73 - Sony Corporation) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CallAtlanta (HKLM-x32\...\{206A595B-6ED6-4547-9293-C448139826EC}) (Version: 8.6.0 - Primerica Financial Services)
    Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dark Manor: A Hidden Object Mystery (HKLM-x32\...\BFG-Dark Manor - A Hidden Object Mystery) (Version: - )
    Dropbox (HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    ESET Smart Security (HKLM\...\{11994064-51F2-45DF-A83E-539B4BFE3F5A}) (Version: 9.0.318.0 - ESET, spol. s r.o.)
    Firefox Free Download Packages (HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Firefox Free Download Packages) (Version: - ) <==== ATTENTION
    FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
    Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    Imagic 5 (x32 Version: 5.0.2.0 - STOIK Imaging) Hidden
    Imagic 5.0 (HKLM-x32\...\{22E93747-AB1C-4809-9DFE-FE7518908A75}) (Version: 5.0.2.0 - STOIK Imaging)
    iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
    iTunes Free Download Packages (HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\iTunes Free Download Packages) (Version: - ) <==== ATTENTION
    Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
    Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
    Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Streets and Trips 2005 (HKLM-x32\...\{67E4EE98-59F4-4210-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Midnight Castle (HKLM-x32\...\BFG-Midnight Castle) (Version: - )
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    mPlayer version 1.0 (HKLM-x32\...\{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1) (Version: 1.0 - Download Freely, LLC)
    NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
    NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
    Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
    Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
    TurboApps WinMobile Conduit (HKLM-x32\...\{81F501F8-CB50-4BA2-A1BB-279F4BEB85D7}) (Version: 3.3.46 - Primerica) <==== ATTENTION
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3A78192E-E683-4231-8DB5-F9453910CEF6}) (Version: 2.15.0401 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
    WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
    WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    ZenSearch (HKLM-x32\...\ZenSearch) (Version: - ZenSearch) <==== ATTENTION

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    12-05-2015 02:33:58 Windows Update
    13-05-2015 03:00:40 Windows Update
    19-05-2015 02:50:06 Windows Update
    20-05-2015 03:00:12 Windows Update
    26-05-2015 03:55:06 Windows Update
    02-06-2015 03:30:42 Windows Update
    09-06-2015 02:27:41 Windows Update
    10-06-2015 03:00:23 Windows Update
    11-06-2015 03:00:46 Windows Update
    16-06-2015 04:40:34 Windows Update
    23-06-2015 03:12:37 Windows Update
    26-06-2015 04:32:20 Windows Update
    30-06-2015 04:31:49 Windows Update
    07-07-2015 03:50:29 Windows Update
    14-07-2015 04:33:45 Windows Update
    15-07-2015 03:00:31 Windows Update
    17-07-2015 03:00:47 Windows Update
    19-07-2015 12:37:31 WD SmartWare Installer
    19-07-2015 12:41:38 WD SmartWare Installer
    21-07-2015 04:04:47 Windows Update
    22-07-2015 03:00:10 Windows Update
    25-07-2015 14:13:58 Windows Update
    29-07-2015 03:00:53 Windows Update
    05-08-2015 18:52:43 avast! antivirus system restore point
    05-08-2015 18:52:43 WD SmartWare Installer
    05-08-2015 18:59:03 Device Driver Package Install: Avast Network Service
    05-08-2015 19:01:10 WD SmartWare Installer
    07-08-2015 05:14:21 Windows Update
    09-08-2015 19:00:25 Windows Backup
    11-08-2015 05:14:27 Windows Update
    13-08-2015 03:01:28 Windows Update
    15-08-2015 09:18:13 Windows Backup
    16-08-2015 19:00:27 Windows Backup
    18-08-2015 03:05:31 Windows Update
    19-08-2015 03:00:12 Windows Update
    22-08-2015 09:44:48 avast! antivirus system restore point
    22-08-2015 09:51:15 Windows Backup
    23-08-2015 19:00:41 Windows Backup
    25-08-2015 03:08:31 Windows Update
    28-08-2015 04:26:36 Windows Update
    30-08-2015 19:00:22 Windows Backup
    01-09-2015 04:25:10 Windows Update
    06-09-2015 19:00:25 Windows Backup
    08-09-2015 04:25:47 Windows Update
    09-09-2015 03:01:31 Windows Update
    15-09-2015 05:33:57 Windows Update
    20-09-2015 19:01:04 Windows Backup
    22-09-2015 04:13:37 Windows Update
    27-09-2015 19:01:07 Windows Backup
    29-09-2015 03:09:54 Windows Update
    04-10-2015 19:00:20 Windows Backup
    06-10-2015 12:55:01 Windows Update
    08-10-2015 03:00:11 Windows Update
    13-10-2015 03:09:33 Windows Update
    13-10-2015 18:43:58 Windows Backup
    14-10-2015 03:00:48 Windows Update
    14-10-2015 19:23:56 Windows Backup
    15-10-2015 03:00:11 Windows Update
    18-10-2015 19:01:05 Windows Backup
    20-10-2015 04:22:45 Windows Update
    23-10-2015 09:13:33 avast! antivirus system restore point
    23-10-2015 16:29:30 avast! antivirus system restore point

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0A7AE80D-A4F2-4EE1-945B-4442C6D5C447} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {1874277E-E187-47AA-8F55-5BCC8B4FDA0C} - System32\Tasks\{5AA9BAA3-C96D-41A8-AC46-187250A20081} => C:\pfs\callatl\callatl.exe [2011-05-31] ()
    Task: {1E2C82E9-E651-4ABA-B58A-89E85825798F} - System32\Tasks\{F0356419-2E7F-4463-9FFB-654DB8FB6CC8} => pcalua.exe -a "C:\Program Files (x86)\Driver Support\Driver Support\ISUninstall.exe" -d "C:\Program Files (x86)\Driver Support\Driver Support"
    Task: {211680BA-903F-425B-A897-950F00037F85} - System32\Tasks\{47C363C3-0002-4585-8E62-8A019F0EB0B8} => C:\pfs\callatl\callatl.exe [2011-05-31] ()
    Task: {23B42139-99AF-4D1E-8502-D5DC7643ECAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {277EEA91-DB3F-4B26-B9C4-9EEFB57A0465} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe [2009-09-04] (Lexmark International Inc.)
    Task: {32CB320C-EC42-484F-B8CA-2C6ED1CABA18} - System32\Tasks\GoogleUpdateTaskMachineCore1cf297bb0803088 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {3CEC0A4E-A824-45C6-B8B3-37BFAC7CFF22} - System32\Tasks\{C8E9FC3C-DF24-4617-9757-E90CDB9B4907} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {40FE8F54-0D2D-4BF0-A613-99C17DC4CD59} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
    Task: {5C35B339-5BD6-4ABA-A74B-EBDB31913916} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
    Task: {613841AC-1CA0-47A2-89A2-EBD211021B3F} - System32\Tasks\{6EC61D7C-966E-4261-A450-EA95E74D7410} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {624DFA88-71BE-442F-8ABD-037ABDB1BF54} - \HDNINSTSCHD -> No File <==== ATTENTION
    Task: {68D7A089-C232-4CF8-8F9E-9B99BCD9DDAF} - System32\Tasks\{AFB52532-2837-4902-970A-8519EEE4A891} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {6F105218-9498-4E92-AEF3-86686BA274D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
    Task: {8EDCC535-D22E-4D69-A523-B8590BF50F34} - \UPDTEXE4_WDR -> No File <==== ATTENTION
    Task: {9F702AB4-45E8-445D-A184-91F3B868B668} - \IE_ERR4WDR -> No File <==== ATTENTION
    Task: {AA509B71-43CB-423B-8DDE-0648769FE0A1} - System32\Tasks\{0108DE2A-B46B-47AF-8EA0-0AA42F16550C} => pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1B4VEP9Z\microsoft net framework setup.exe" -d C:\Users\Home\Desktop
    Task: {ACAD40F2-F41C-4200-B201-9DD96538FBD2} - System32\Tasks\{DADB6DB3-906A-4C35-85FE-4A08C97EEEEF} => C:\pfs\callatl\callatl.exe [2011-05-31] ()
    Task: {B8DF2FBF-0B5B-40D5-A1A1-0AD5E406CF7A} - System32\Tasks\{84BC2D11-AF9A-49AF-8126-94245D2F1A72} => pcalua.exe -a D:\Setup.EXE -d D:\
    Task: {BD5B47D3-65C3-4524-B1F1-D3867DE18CFE} - System32\Tasks\ZenSearch\Updater\ZenSearch updater => C:\Program Files (x86)\ZenSearch Updater\updater.exe <==== ATTENTION
    Task: {C04D79D3-0B52-475C-B9AF-73098C5AAA38} - \Binkiland casi -> No File <==== ATTENTION
    Task: {CB74A49F-42EC-4955-BE33-40FB82D1318D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
    Task: {D31C2EC0-2A91-43BF-9FD0-22A95C0E62EF} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer A1PCCleaner\updater.exe
    Task: {F477F341-82E9-4CA8-9CAE-ADD70AC05BCC} - \boosterpop -> No File <==== ATTENTION
    Task: {FB5CE51F-F131-4B16-96B8-5B9056100DF8} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer A1PCCleaner\Popialert.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf297bb0803088.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-04-12 03:02 - 2013-01-31 05:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2012-08-15 11:27 - 2009-10-16 16:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-05-06 13:07 - 2011-05-06 13:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    2011-05-06 12:58 - 2011-05-06 12:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    2012-08-15 11:34 - 2009-09-04 03:51 - 00676520 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    2012-08-14 20:12 - 2011-01-04 15:34 - 04545024 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
    2009-02-25 14:18 - 2009-02-25 14:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
    2012-08-14 20:12 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    2012-10-18 17:31 - 2012-10-18 17:31 - 00240640 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
    2012-10-18 17:31 - 2012-10-18 17:31 - 00246784 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
    2012-10-18 17:30 - 2012-10-18 17:30 - 00233984 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
    2012-07-12 19:37 - 2012-07-12 19:37 - 01380864 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\libxmljs\build\Release\libxmljs.node
    2012-06-26 16:40 - 2012-06-26 16:40 - 00068096 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
    2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
    2011-05-06 13:07 - 2011-05-06 13:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
    2011-05-06 13:02 - 2011-05-06 13:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
    2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
    2010-10-26 00:06 - 2010-10-26 00:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
    2010-10-26 08:34 - 2010-10-26 08:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
    2010-10-26 00:37 - 2010-10-26 00:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
    2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
    2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
    2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
    2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
    2012-08-15 11:34 - 2009-09-04 03:23 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
    2012-08-15 11:34 - 2009-09-04 03:15 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
    2012-08-15 11:34 - 2009-08-19 12:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll
    2012-08-15 11:34 - 2009-09-04 03:23 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
    2012-08-15 11:34 - 2009-09-04 03:24 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
    2012-08-15 11:34 - 2009-09-04 03:15 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
    2012-08-15 11:34 - 2009-09-04 03:23 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\iptk.dll
    2012-08-15 11:34 - 2007-09-06 02:11 - 00151552 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduptp.dll
    2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-08-14 20:12 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
    2012-08-14 20:12 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
    2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
    2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
    2011-05-26 20:18 - 2011-05-26 20:18 - 00136536 _____ () C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
    2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:0168CC60
    AlternateDataStreams: C:\ProgramData\TEMP:0474F714
    AlternateDataStreams: C:\ProgramData\TEMP:10CB85CA
    AlternateDataStreams: C:\ProgramData\TEMP:234E9CC5
    AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:2F360FB3
    AlternateDataStreams: C:\ProgramData\TEMP:32289BE8
    AlternateDataStreams: C:\ProgramData\TEMP:32EA849C
    AlternateDataStreams: C:\ProgramData\TEMP:371060CE
    AlternateDataStreams: C:\ProgramData\TEMP:3F266659
    AlternateDataStreams: C:\ProgramData\TEMP:48862C37
    AlternateDataStreams: C:\ProgramData\TEMP:4CD3F344
    AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
    AlternateDataStreams: C:\ProgramData\TEMP:7BFFC6A9
    AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
    AlternateDataStreams: C:\ProgramData\TEMP:8866C899
    AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB
    AlternateDataStreams: C:\ProgramData\TEMP:9725F1BC
    AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7
    AlternateDataStreams: C:\ProgramData\TEMP:9EDA68BD
    AlternateDataStreams: C:\ProgramData\TEMP:A6F28514
    AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
    AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4
    AlternateDataStreams: C:\ProgramData\TEMP:BACC4A79
    AlternateDataStreams: C:\ProgramData\TEMP:BCF55336
    AlternateDataStreams: C:\ProgramData\TEMP:C5340FA1
    AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
    AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
    AlternateDataStreams: C:\ProgramData\TEMP:F3A185AE
    AlternateDataStreams: C:\ProgramData\TEMP:F5D01D7C
    AlternateDataStreams: C:\ProgramData\TEMP:F7F4DC88
    AlternateDataStreams: C:\ProgramData\TEMP:FBD274CF

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk => C:\Windows\pss\Bloggie Watcher Utility.lnk.CommonStartup

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{7C5A5338-F72E-4938-AB6F-7706E28E6B04}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [{0057456E-9E5A-4244-9928-12DACBF1D78B}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [{390F61A7-E5B8-42EA-BEA2-42A191F32286}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdupswx.exe
    FirewallRules: [{CC9332FB-640F-4D0A-812B-826910443719}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdupswx.exe
    FirewallRules: [{FD2F00EB-CD95-4EF2-97EF-254CFE786D5C}] => (Allow) C:\Windows\system32\lxducoms.exe
    FirewallRules: [{BA47EA29-A587-453F-9025-1B34D82726AB}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdupswx.exe
    FirewallRules: [{0C9305D1-0DAF-4241-A1D1-42619520581B}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdutime.exe
    FirewallRules: [{870F275F-28CD-4EB7-B6F4-D997264FA7EE}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [TCP Query User{7C38D15E-84D1-4D28-8A4C-CA4E523F223C}C:\pfs\callatl\rteng9.exe] => (Allow) C:\pfs\callatl\rteng9.exe
    FirewallRules: [UDP Query User{673F1310-9AD0-4BBC-B18F-442BE39FD5D0}C:\pfs\callatl\rteng9.exe] => (Allow) C:\pfs\callatl\rteng9.exe
    FirewallRules: [{43BB817B-AF40-4422-8791-285F3F98BD49}] => (Allow) LPort=24726
    FirewallRules: [{5162AECD-D2BC-4F1A-9816-20CBEDB3FC05}] => (Allow) LPort=24727
    FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    FirewallRules: [{9098D532-612F-48C8-8923-1E3C7FB50CA5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{EF8E9E04-7982-4CCB-80A6-EFB2EB8BD028}] => (Allow) LPort=2869
    FirewallRules: [{0CC53702-174F-451C-8754-5997103EF2DF}] => (Allow) LPort=1900
    FirewallRules: [{1C67F0BD-A6CF-4AF1-9C51-F64C46E12843}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{E4321035-5060-4F12-AB74-4734C39EAE05}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{E19D36B9-7470-41BC-9FBB-1ED310B2E079}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{9A3D4681-4B61-49DC-BC38-3438BDBFDAD2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{B4A5EBA3-A393-4148-A340-2008967A237D}] => (Allow) C:\Windows\System32\lxducoms.exe
    FirewallRules: [{50E938A2-E085-4DC8-96BB-ACA67F97F453}] => (Allow) C:\Windows\System32\lxducoms.exe
    FirewallRules: [{E0B1A189-5525-4205-AFBB-58E8E667FE25}] => (Allow) C:\Windows\system32\lxducoms.exe
    FirewallRules: [{F3EB8F2B-D946-4F08-9E36-E3F94FDE1D17}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdupswx.exe
    FirewallRules: [{3E1C8699-E24C-4403-BC74-9EF40A3D0AA6}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdutime.exe
    FirewallRules: [{DF51830B-9048-4CCF-AF8C-D0554A4CC193}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [{3B4207E0-01D3-4368-BE3C-C49E51564088}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{08001908-4762-452D-AB52-C18E72304B05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AE9276AA-379C-4E49-9FE4-83A02CB8AAA6}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
    FirewallRules: [{F9C46B0D-D164-4001-9D95-D0CAFC758517}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{49223DC9-851E-470E-8B52-2FDE85E595FA}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{2BF6E7AD-07E0-4940-9AF7-B508E31D41C5}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [TCP Query User{BDB580B7-29BA-4760-9824-BFF21B37F786}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [UDP Query User{32485362-4667-4865-AAFE-7136AC0060E1}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [{7A83E206-95DC-4333-A1B8-596BDF527B91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{EAB418D6-FC30-4F0C-AB5D-F1CC297188D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{346D5A04-EB43-479C-AA00-B0BD10C342CA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{43AFECE6-6716-4A97-AFA8-DBE995CA25BE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{2900925A-1891-4398-B332-91A01E0E6628}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{CF7F4196-0DFC-43CA-908E-B8C14D27460E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{56CBB2DC-6156-48E1-BB3E-C7B962CD3EF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6800E130-FC92-44D8-BAA5-0762B3116440}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E6AFB813-1AD6-4FCB-995C-1431FAD9F978}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{DBBA8ACB-8333-40DC-9C1B-796A00E10D8E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Unknown Device
    Description: Unknown Device
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: (Standard USB Host Controller)
    Service:
    Problem: : Windows has stopped this device because it has reported problems. (Code 43)
    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/23/2015 10:13:50 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
    Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

    Error: (10/23/2015 10:13:50 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
    Description: The Windows Search Service cannot open the Jet property store.

    Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f))

    Error: (10/23/2015 10:13:49 AM) (Source: ESENT) (EventID: 485) (User: )
    Description: Windows (4740) Windows: An attempt to delete the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).

    Error: (10/23/2015 10:13:39 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: Windows (4740) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (10/23/2015 10:12:22 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (10/23/2015 10:12:22 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (10/23/2015 10:12:22 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (10/23/2015 10:12:22 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (10/23/2015 10:12:22 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)

    Error: (10/23/2015 10:12:19 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


    System errors:
    =============
    Error: (10/23/2015 04:40:40 PM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume K: encountered a non-retryable error and could not start. The data contains the error code.

    Error: (10/23/2015 04:39:13 PM) (Source: ipnathlp) (EventID: 30013) (User: )
    Description: 192.168.1.66192.168.137.0255.255.255.0

    Error: (10/23/2015 04:39:13 PM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (10/23/2015 04:38:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The VBoxAsw Support Driver service failed to start due to the following error:
    %%3

    Error: (10/23/2015 04:38:40 PM) (Source: SNMP) (EventID: 1500) (User: )
    Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Error: (10/23/2015 04:24:49 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
    Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

    Error: (10/23/2015 10:14:21 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (10/23/2015 10:13:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (10/23/2015 10:13:51 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Windows Search service terminated with service-specific error %%-2147217025.

    Error: (10/23/2015 10:13:39 AM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume K: encountered a non-retryable error and could not start. The data contains the error code.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
    Percentage of memory in use: 57%
    Total physical RAM: 3839.23 MB
    Available physical RAM: 1637.79 MB
    Total Virtual: 7676.68 MB
    Available Virtual: 4894.59 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:698.54 GB) (Free:269.72 GB) NTFS
    Drive e: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
    Drive k: (My Passport) (Fixed) (Total:297.44 GB) (Free:0 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7FB1FA54)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 297.4 GB) (Disk ID: 00035F28)
    Partition 1: (Not Active) - (Size=297.4 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    as requested
     
  4. Gerry7371

    Gerry7371 Registered Members

    Joined:
    Oct 22, 2015
    Messages:
    41
    Operating System:
    Windows 7
    latest download
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
    Ran by Home (administrator) on HOME-PC (23-10-2015 17:06:17)
    Running from C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7MY51CO
    Loaded Profiles: Home & UpdatusUser (Available Profiles: Home & Lynne & Lisa & UpdatusUser & DefaultAppPool)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Alcatel-Lucent) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Joyent, Inc) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe
    () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    (Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
    (Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
    () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    (Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
    (Microsoft Corporation) C:\Windows\System32\snmp.exe
    (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_226_ActiveX.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.209.28.0.exe
    (Microsoft Corporation) C:\c278e65048b0c5d227406f\MpMiniSigStub.exe
    (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2009-09-04] ()
    HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe [131752 2009-09-04] (Lexmark International Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
    HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-21] (SUPERAntiSpyware)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\MountPoints2: {c7302013-e6e6-11e1-bf9d-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2012-10-07]
    ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk [2012-08-14]
    ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2015-08-06]
    ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2015-08-06]
    ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboApps WinMobile Conduit.lnk [2012-09-08]
    ShortcutTarget: TurboApps WinMobile Conduit.lnk -> c:\Users\Home\AppData\Roaming\Microsoft\Installer\{81F501F8-CB50-4BA2-A1BB-279F4BEB85D7}\_12D4935BB2BF56AE17F517.exe ()
    GroupPolicyUsers\S-1-5-21-2430930441-2580859966-3045845237-1006\User: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{804410AC-B072-42CE-9188-532F692FECDA}: [DhcpNameServer] 192.168.1.1 68.105.28.11 68.105.29.11
    Tcpip\..\Interfaces\{E4238440-9D19-4259-90B4-58597A57EFB1}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-10] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
    BHO-x32: No Name -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-10] (Oracle Corporation)
    BHO-x32: XBTBPos00 Class -> {EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8} -> C:\Program Files (x86)\Brand Thunder\IE\tbcore3.dll => No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF DefaultSearchUrl: hxxps://www.google.com/search
    FF SearchEngineOrder.1: Google
    FF SelectedSearchEngine: Binkiland
    FF Homepage: about:home
    FF Keyword.URL: hxxps://www.google.com/search
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-10] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll [2012-11-15] (Alcatel-Lucent)
    FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2430930441-2580859966-3045845237-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Home\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-22] (Citrix Online)
    FF Plugin HKU\S-1-5-21-2430930441-2580859966-3045845237-1000: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-04] (Apple Inc.)
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\bing-avast.xml [2014-06-30]
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\google-avast.xml [2014-11-15]
    FF Extension: iCloud Bookmarks - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\Extensions\firefoxdav@icloud.com [2015-05-29]
    FF Extension: Motive Extension - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\Extensions\mcciwbch@motive.com [2012-12-28] [not signed]
    FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2012-12-28] [not signed]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension => not found

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
    CHR Plugin: (Application Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
    CHR Plugin: (Sony Online Media Engine) - C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll (Sony)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Avast SafePrice) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-05-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23]
    CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
    R2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2012-11-15] (Alcatel-Lucent) [File not signed]
    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2505472 2015-10-09] (ESET)
    R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
    R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
    R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [594600 2009-08-19] ( )
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-10-05] (Alcatel-Lucent) [File not signed]
    R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-10-05] (Alcatel-Lucent) [File not signed]
    R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
    R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
    R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
    R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-07-30] (ESET)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-07-30] (ESET)
    R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-10-07] (ESET)
    R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-07-30] (ESET)
    R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-07-30] (ESET)
    R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-07-30] (ESET)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-23 16:49 - 2015-10-23 16:50 - 00042028 _____ C:\Users\Home\Downloads\Addition.txt
    2015-10-23 16:47 - 2015-10-23 16:50 - 00070437 _____ C:\Users\Home\Downloads\FRST.txt
    2015-10-23 16:47 - 2015-10-23 16:47 - 02196480 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
    2015-10-23 11:13 - 2015-10-23 11:13 - 00000000 ____D C:\Users\Home\AppData\Roaming\ESET
    2015-10-23 10:12 - 2015-10-23 16:38 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
    2015-10-23 10:01 - 2015-10-23 10:07 - 00000000 ____D C:\AdwCleaner
    2015-10-23 09:58 - 2015-10-23 09:58 - 01691648 _____ C:\Users\Home\Downloads\AdwCleaner.exe
    2015-10-23 09:47 - 2015-10-23 09:47 - 00000560 _____ C:\Users\Home\Downloads\help.txt
    2015-10-23 09:36 - 2015-10-23 17:06 - 00000000 ____D C:\FRST
    2015-10-22 14:49 - 2015-10-23 16:38 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2015-10-22 14:47 - 2015-10-22 14:47 - 00001987 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\ProgramData\ESET
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\Program Files\ESET
    2015-10-22 14:44 - 2015-10-22 14:44 - 02837704 _____ (ESET) C:\Users\Home\Downloads\eset_smart_security_live_installer.exe
    2015-10-22 12:24 - 2015-10-22 12:46 - 00000000 ____D C:\Program Files (x86)\Citrix
    2015-10-22 12:24 - 2015-10-22 12:24 - 00000000 ____D C:\Users\Home\AppData\Local\Citrix
    2015-10-19 10:10 - 2015-10-19 10:12 - 00000000 ____D C:\Users\Home\Documents\Travelers Auto
    2015-10-17 11:38 - 2015-10-17 11:38 - 00000000 ____D C:\SUPERDelete
    2015-10-16 07:43 - 2015-10-16 07:43 - 00279608 _____ C:\Windows\Minidump\101615-31871-01.dmp
    2015-10-14 19:32 - 2015-10-14 19:32 - 00000000 ____D C:\Windows\pss
    2015-10-14 15:55 - 2015-09-18 15:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-10-14 15:55 - 2015-09-18 15:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-10-14 15:55 - 2015-09-18 15:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-10-13 21:54 - 2015-09-18 15:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-10-13 21:54 - 2015-09-18 14:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-10-13 21:54 - 2015-09-16 00:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-10-13 21:54 - 2015-09-16 00:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-10-13 21:54 - 2015-09-16 00:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-10-13 21:54 - 2015-09-16 00:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-10-13 21:54 - 2015-09-16 00:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-10-13 21:54 - 2015-09-16 00:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-10-13 21:54 - 2015-09-16 00:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-10-13 21:54 - 2015-09-16 00:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-10-13 21:54 - 2015-09-16 00:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-10-13 21:54 - 2015-09-16 00:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-10-13 21:54 - 2015-09-16 00:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-10-13 21:54 - 2015-09-15 23:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-10-13 21:54 - 2015-09-15 23:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-10-13 21:54 - 2015-09-15 23:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-10-13 21:54 - 2015-09-15 23:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-10-13 21:54 - 2015-09-15 23:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-10-13 21:54 - 2015-09-15 23:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-10-13 21:54 - 2015-09-15 23:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-10-13 21:54 - 2015-09-15 23:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-10-13 21:54 - 2015-09-15 23:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-10-13 21:54 - 2015-09-15 23:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-10-13 21:54 - 2015-09-15 23:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-10-13 21:54 - 2015-09-15 23:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-10-13 21:54 - 2015-09-15 23:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-10-13 21:54 - 2015-09-15 23:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-10-13 21:54 - 2015-09-15 23:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-10-13 21:54 - 2015-09-15 23:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-10-13 21:54 - 2015-09-15 23:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-10-13 21:54 - 2015-09-15 23:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-10-13 21:54 - 2015-09-15 23:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-10-13 21:54 - 2015-09-15 23:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-10-13 21:54 - 2015-09-15 23:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-10-13 21:54 - 2015-09-15 23:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-10-13 21:54 - 2015-09-15 23:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-10-13 21:54 - 2015-09-15 23:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-10-13 21:54 - 2015-09-15 23:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-10-13 21:54 - 2015-09-15 23:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-10-13 21:54 - 2015-09-15 23:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-10-13 21:54 - 2015-09-15 23:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-10-13 21:54 - 2015-09-15 23:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-10-13 21:54 - 2015-09-15 23:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-10-13 21:54 - 2015-09-15 23:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-10-13 21:54 - 2015-09-15 23:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-10-13 21:54 - 2015-09-15 23:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-10-13 21:54 - 2015-09-15 23:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-10-13 21:54 - 2015-09-15 22:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-10-13 21:54 - 2015-09-15 22:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-10-13 21:54 - 2015-09-15 22:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-10-13 21:54 - 2015-09-15 22:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-10-13 21:54 - 2015-09-15 22:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-10-13 21:54 - 2015-09-15 22:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-10-13 21:54 - 2015-09-15 22:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-10-13 21:54 - 2015-09-15 22:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-10-13 21:54 - 2015-09-15 22:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-10-13 21:54 - 2015-09-15 22:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-10-13 21:54 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-10-13 21:54 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-10-13 21:54 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-10-13 21:54 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-10-13 21:53 - 2015-09-28 23:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-10-13 21:53 - 2015-09-28 23:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-10-13 21:53 - 2015-09-28 23:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-10-13 21:53 - 2015-09-28 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-10-13 21:53 - 2015-09-28 23:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-10-13 21:53 - 2015-09-28 23:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-10-13 21:53 - 2015-09-28 23:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-10-13 21:53 - 2015-09-28 23:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-10-13 21:53 - 2015-09-28 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-10-13 21:53 - 2015-09-28 22:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-10-13 21:53 - 2015-09-28 22:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-10-13 21:53 - 2015-09-28 22:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-10-13 21:53 - 2015-09-28 22:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-10-13 21:53 - 2015-09-28 22:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-10-13 21:53 - 2015-09-28 21:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-10-13 21:53 - 2015-09-28 21:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-10-13 21:53 - 2015-09-28 21:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-10-13 21:53 - 2015-09-28 21:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-10-13 21:53 - 2015-09-28 21:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-10-13 21:53 - 2015-09-25 14:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-10-13 21:53 - 2015-09-25 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-10-13 21:53 - 2015-09-25 14:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-10-13 21:53 - 2015-09-25 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-10-13 21:53 - 2015-09-25 13:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-10-13 21:53 - 2015-09-15 14:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-10-13 21:53 - 2015-09-15 14:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-10-13 21:53 - 2015-09-15 14:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-10-13 21:53 - 2015-09-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-10-13 21:53 - 2015-09-15 13:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-10-13 21:53 - 2015-09-15 13:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-10-13 21:53 - 2015-09-15 13:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-10-13 21:53 - 2015-09-15 13:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-10-13 21:52 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-10-13 21:52 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-10-13 21:52 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-10-13 21:52 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-10-13 21:52 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-10-13 21:52 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-10-13 21:51 - 2015-07-18 09:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2015-10-11 12:30 - 2015-10-11 12:30 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Sun
    2015-10-11 12:30 - 2015-10-11 12:30 - 00000000 ____D C:\Users\Lisa\.oracle_jre_usage
    2015-10-07 06:16 - 2015-10-07 06:16 - 00142976 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-23 17:06 - 2012-08-14 22:36 - 02056795 _____ C:\Windows\WindowsUpdate.log
    2015-10-23 16:46 - 2009-07-14 00:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-23 16:46 - 2009-07-14 00:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-23 16:40 - 2013-12-27 10:49 - 00000000 ____D C:\Users\Home\AppData\Local\2206D898-65C1-4169-B64D-AD5D35991E03.aplzod
    2015-10-23 16:39 - 2013-08-22 18:57 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2015-10-23 16:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
    2015-10-23 16:38 - 2014-02-14 07:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf297bb0803088.job
    2015-10-23 16:37 - 2014-02-19 09:20 - 00000400 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
    2015-10-23 16:37 - 2012-08-14 22:53 - 03915944 _____ C:\Windows\PFRO.log
    2015-10-23 16:37 - 2012-08-14 22:07 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-10-23 16:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-10-23 16:37 - 2009-07-14 00:51 - 00051432 _____ C:\Windows\setupact.log
    2015-10-23 16:30 - 2014-09-01 12:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-10-23 16:22 - 2012-08-15 12:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-23 16:13 - 2013-07-18 20:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-10-23 10:10 - 2012-08-15 14:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-10-23 10:07 - 2012-10-07 12:56 - 00000000 ____D C:\Users\Home\AppData\LocalLow\Yahoo!
    2015-10-23 10:07 - 2012-10-07 12:56 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2015-10-22 14:50 - 2014-02-02 12:09 - 00000000 ____D C:\Users\Home\AppData\Local\ESET
    2015-10-21 10:30 - 2012-08-16 11:41 - 00000000 ____D C:\Users\Home\Desktop\Resume & Cover Letters
    2015-10-21 10:29 - 2012-08-15 11:36 - 00000000 ____D C:\ProgramData\Lx_cats
    2015-10-19 10:14 - 2014-04-03 18:57 - 00000000 ____D C:\Users\Home\Documents\Travelers Hm Owners Pol
    2015-10-17 10:13 - 2013-07-18 20:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-10-17 10:13 - 2012-08-15 15:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-17 10:13 - 2012-08-15 15:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-16 07:43 - 2014-10-29 18:17 - 614066484 _____ C:\Windows\MEMORY.DMP
    2015-10-16 07:43 - 2014-10-29 18:17 - 00000000 ____D C:\Windows\Minidump
    2015-10-15 03:00 - 2014-12-11 04:16 - 00000000 ____D C:\Windows\system32\appraiser
    2015-10-15 03:00 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-10-14 20:23 - 2014-09-01 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-14 20:23 - 2014-09-01 12:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-10-14 20:23 - 2012-08-15 11:06 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-10-14 19:34 - 2013-05-28 19:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-14 19:33 - 2014-12-23 18:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-10-14 05:22 - 2012-11-02 20:46 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-10-14 04:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2015-10-14 03:16 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
    2015-10-14 03:09 - 2012-08-14 20:49 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-10-14 03:09 - 2012-08-14 20:09 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-10-11 12:30 - 2012-08-27 17:28 - 00000000 ____D C:\Users\Lisa
    2015-10-11 12:25 - 2012-08-27 17:29 - 00000000 ____D C:\Users\Lisa\AppData\Local\Google
    2015-10-11 12:23 - 2012-08-18 22:14 - 00000000 ____D C:\Users\Lynne\AppData\Local\Google
    2015-10-08 07:29 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
    2015-10-08 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-10-05 09:50 - 2014-09-01 12:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-10-05 09:50 - 2014-09-01 12:49 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-10-05 09:50 - 2012-08-15 11:06 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2015-09-26 17:59 - 2013-01-29 21:20 - 00022100 _____ C:\ProgramData\lxduJSW.log

    ==================== Files in the root of some directories =======

    2014-06-20 11:20 - 2015-02-24 14:46 - 0000131 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
    2012-09-13 18:42 - 2012-12-06 13:26 - 0005632 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-24 14:46 - 2015-02-24 14:46 - 0000010 _____ () C:\Users\Home\AppData\Local\DSI.DAT
    2012-08-17 12:59 - 2012-08-17 12:59 - 0004096 ____H () C:\Users\Home\AppData\Local\keyfile3.drm
    2012-08-15 11:35 - 2012-08-15 11:35 - 0000252 _____ () C:\ProgramData\FastPics.log
    2014-02-23 17:25 - 2014-07-08 12:13 - 0000483 _____ () C:\ProgramData\lxdu.log
    2013-02-23 11:56 - 2013-02-23 11:58 - 0000248 _____ () C:\ProgramData\lxduDiagnostics.log
    2013-01-29 21:20 - 2015-09-26 17:59 - 0022100 _____ () C:\ProgramData\lxduJSW.log
    2015-02-06 11:42 - 2015-02-06 11:42 - 0225190 _____ () C:\ProgramData\SPL1107.tmp
    2014-09-22 09:36 - 2014-09-22 09:36 - 5471854 _____ () C:\ProgramData\SPL14E.tmp
    2014-02-23 16:57 - 2014-02-23 16:57 - 2088164 _____ () C:\ProgramData\SPL1969.tmp
    2014-06-20 10:27 - 2014-06-20 10:27 - 0513379 _____ () C:\ProgramData\SPL1F43.tmp
    2014-06-05 17:59 - 2014-06-05 17:59 - 1819997 _____ () C:\ProgramData\SPL372E.tmp
    2015-01-31 10:38 - 2015-01-31 10:38 - 6887886 _____ () C:\ProgramData\SPL3BF6.tmp
    2015-01-31 15:41 - 2015-01-31 15:41 - 17780750 _____ () C:\ProgramData\SPL3F6.tmp
    2015-02-09 16:54 - 2015-02-09 16:54 - 0606599 _____ () C:\ProgramData\SPL4474.tmp
    2015-06-05 13:34 - 2015-06-05 13:34 - 0371852 _____ () C:\ProgramData\SPL558F.tmp
    2015-01-31 10:36 - 2015-01-31 10:36 - 6887886 _____ () C:\ProgramData\SPL57C7.tmp
    2015-04-01 12:04 - 2015-04-01 12:04 - 0241596 _____ () C:\ProgramData\SPL6C14.tmp
    2014-02-23 19:24 - 2014-02-23 19:24 - 2088164 _____ () C:\ProgramData\SPL736C.tmp
    2015-01-12 14:06 - 2015-01-12 14:06 - 0101442 _____ () C:\ProgramData\SPL740.tmp
    2015-05-01 10:50 - 2015-05-01 10:50 - 0521411 _____ () C:\ProgramData\SPL76B6.tmp
    2014-08-13 21:31 - 2014-08-13 21:31 - 6251160 _____ () C:\ProgramData\SPL7DD6.tmp
    2015-07-19 11:53 - 2015-07-19 11:53 - 0140631 _____ () C:\ProgramData\SPL82D5.tmp
    2015-04-06 11:34 - 2015-04-06 11:34 - 0099760 _____ () C:\ProgramData\SPL8729.tmp
    2015-03-30 10:49 - 2015-03-30 10:49 - 2496910 _____ () C:\ProgramData\SPL95D.tmp
    2015-06-03 19:37 - 2015-06-03 19:37 - 0723546 _____ () C:\ProgramData\SPL96A5.tmp
    2015-01-31 13:55 - 2015-01-31 13:55 - 17780750 _____ () C:\ProgramData\SPLB46.tmp
    2015-01-26 10:28 - 2015-01-26 10:28 - 0611143 _____ () C:\ProgramData\SPLB8F.tmp
    2014-02-23 15:47 - 2014-02-23 15:47 - 2088164 _____ () C:\ProgramData\SPLC4CF.tmp
    2012-12-21 18:42 - 2012-12-21 18:42 - 0860404 _____ () C:\ProgramData\SPLC6C7.tmp
    2014-04-29 15:16 - 2014-04-29 15:16 - 0678620 _____ () C:\ProgramData\SPLCE81.tmp
    2015-04-09 11:48 - 2015-04-09 11:48 - 0326714 _____ () C:\ProgramData\SPLD29C.tmp
    2015-03-23 10:55 - 2015-03-23 10:55 - 2815712 _____ () C:\ProgramData\SPLDCC4.tmp
    2015-06-24 10:57 - 2015-06-24 10:57 - 1565830 _____ () C:\ProgramData\SPLDED2.tmp
    2014-08-13 21:52 - 2014-08-13 21:52 - 0201922 _____ () C:\ProgramData\SPLE649.tmp
    2015-06-05 12:32 - 2015-06-05 12:32 - 0195126 _____ () C:\ProgramData\SPLE849.tmp
    2015-06-20 14:15 - 2015-06-20 14:15 - 3863779 _____ () C:\ProgramData\SPLEC13.tmp
    2015-05-10 09:33 - 2015-05-10 09:33 - 0609767 _____ () C:\ProgramData\SPLF53A.tmp
    2012-12-18 19:58 - 2012-12-18 19:58 - 0771125 _____ () C:\ProgramData\SPLF5EE.tmp
    2012-08-15 11:27 - 2012-08-15 11:27 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

    Some files in TEMP:
    ====================
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-11 00:10


    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
    Ran by Home (2015-10-23 17:08:05)
    Running from C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7MY51CO
    Windows 7 Ultimate Service Pack 1 (X64) (2012-08-14 23:51:34)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2430930441-2580859966-3045845237-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-2430930441-2580859966-3045845237-1006 - Limited - Enabled)
    Guest (S-1-5-21-2430930441-2580859966-3045845237-501 - Limited - Disabled)
    Home (S-1-5-21-2430930441-2580859966-3045845237-1000 - Administrator - Enabled) => C:\Users\Home
    Lisa (S-1-5-21-2430930441-2580859966-3045845237-1004 - Limited - Enabled) => C:\Users\Lisa
    Lynne (S-1-5-21-2430930441-2580859966-3045845237-1003 - Limited - Enabled) => C:\Users\Lynne
    UpdatusUser (S-1-5-21-2430930441-2580859966-3045845237-1007 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ESET Smart Security 9.0.318.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ESET Smart Security 9.0.318.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    ATT Management Agent (HKLM-x32\...\ATT-ATT Management Agent) (Version: 8.2.1.6 - ATT)
    Belltech Greeting Card Designer 4.7 (HKLM-x32\...\Belltech Greeting Card Designer 4.7_is1) (Version: - Belltech Systems)
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    Bloggie Software (HKLM-x32\...\BloggieSoftware) (Version: 3.3.1.73 - Sony)
    Bloggie Software (x32 Version: 3.3.1.73 - Sony Corporation) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CallAtlanta (HKLM-x32\...\{206A595B-6ED6-4547-9293-C448139826EC}) (Version: 8.6.0 - Primerica Financial Services)
    Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dark Manor: A Hidden Object Mystery (HKLM-x32\...\BFG-Dark Manor - A Hidden Object Mystery) (Version: - )
    Dropbox (HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    ESET Smart Security (HKLM\...\{11994064-51F2-45DF-A83E-539B4BFE3F5A}) (Version: 9.0.318.0 - ESET, spol. s r.o.)
    Firefox Free Download Packages (HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Firefox Free Download Packages) (Version: - ) <==== ATTENTION
    FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
    Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    Imagic 5 (x32 Version: 5.0.2.0 - STOIK Imaging) Hidden
    Imagic 5.0 (HKLM-x32\...\{22E93747-AB1C-4809-9DFE-FE7518908A75}) (Version: 5.0.2.0 - STOIK Imaging)
    iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
    iTunes Free Download Packages (HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\iTunes Free Download Packages) (Version: - ) <==== ATTENTION
    Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
    Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
    Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Streets and Trips 2005 (HKLM-x32\...\{67E4EE98-59F4-4210-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Midnight Castle (HKLM-x32\...\BFG-Midnight Castle) (Version: - )
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    mPlayer version 1.0 (HKLM-x32\...\{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1) (Version: 1.0 - Download Freely, LLC)
    NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
    NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
    Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
    Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
    TurboApps WinMobile Conduit (HKLM-x32\...\{81F501F8-CB50-4BA2-A1BB-279F4BEB85D7}) (Version: 3.3.46 - Primerica) <==== ATTENTION
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3A78192E-E683-4231-8DB5-F9453910CEF6}) (Version: 2.15.0401 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
    WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
    WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    ZenSearch (HKLM-x32\...\ZenSearch) (Version: - ZenSearch) <==== ATTENTION

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    13-05-2015 03:00:40 Windows Update
    19-05-2015 02:50:06 Windows Update
    20-05-2015 03:00:12 Windows Update
    26-05-2015 03:55:06 Windows Update
    02-06-2015 03:30:42 Windows Update
    09-06-2015 02:27:41 Windows Update
    10-06-2015 03:00:23 Windows Update
    11-06-2015 03:00:46 Windows Update
    16-06-2015 04:40:34 Windows Update
    23-06-2015 03:12:37 Windows Update
    26-06-2015 04:32:20 Windows Update
    30-06-2015 04:31:49 Windows Update
    07-07-2015 03:50:29 Windows Update
    14-07-2015 04:33:45 Windows Update
    15-07-2015 03:00:31 Windows Update
    17-07-2015 03:00:47 Windows Update
    19-07-2015 12:37:31 WD SmartWare Installer
    19-07-2015 12:41:38 WD SmartWare Installer
    21-07-2015 04:04:47 Windows Update
    22-07-2015 03:00:10 Windows Update
    25-07-2015 14:13:58 Windows Update
    29-07-2015 03:00:53 Windows Update
    05-08-2015 18:52:43 avast! antivirus system restore point
    05-08-2015 18:52:43 WD SmartWare Installer
    05-08-2015 18:59:03 Device Driver Package Install: Avast Network Service
    05-08-2015 19:01:10 WD SmartWare Installer
    07-08-2015 05:14:21 Windows Update
    09-08-2015 19:00:25 Windows Backup
    11-08-2015 05:14:27 Windows Update
    13-08-2015 03:01:28 Windows Update
    15-08-2015 09:18:13 Windows Backup
    16-08-2015 19:00:27 Windows Backup
    18-08-2015 03:05:31 Windows Update
    19-08-2015 03:00:12 Windows Update
    22-08-2015 09:44:48 avast! antivirus system restore point
    22-08-2015 09:51:15 Windows Backup
    23-08-2015 19:00:41 Windows Backup
    25-08-2015 03:08:31 Windows Update
    28-08-2015 04:26:36 Windows Update
    30-08-2015 19:00:22 Windows Backup
    01-09-2015 04:25:10 Windows Update
    06-09-2015 19:00:25 Windows Backup
    08-09-2015 04:25:47 Windows Update
    09-09-2015 03:01:31 Windows Update
    15-09-2015 05:33:57 Windows Update
    20-09-2015 19:01:04 Windows Backup
    22-09-2015 04:13:37 Windows Update
    27-09-2015 19:01:07 Windows Backup
    29-09-2015 03:09:54 Windows Update
    04-10-2015 19:00:20 Windows Backup
    06-10-2015 12:55:01 Windows Update
    08-10-2015 03:00:11 Windows Update
    13-10-2015 03:09:33 Windows Update
    13-10-2015 18:43:58 Windows Backup
    14-10-2015 03:00:48 Windows Update
    14-10-2015 19:23:56 Windows Backup
    15-10-2015 03:00:11 Windows Update
    18-10-2015 19:01:05 Windows Backup
    20-10-2015 04:22:45 Windows Update
    23-10-2015 09:13:33 avast! antivirus system restore point
    23-10-2015 16:29:30 avast! antivirus system restore point
    23-10-2015 17:05:38 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0A7AE80D-A4F2-4EE1-945B-4442C6D5C447} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {1874277E-E187-47AA-8F55-5BCC8B4FDA0C} - System32\Tasks\{5AA9BAA3-C96D-41A8-AC46-187250A20081} => C:\pfs\callatl\callatl.exe [2011-05-31] ()
    Task: {1E2C82E9-E651-4ABA-B58A-89E85825798F} - System32\Tasks\{F0356419-2E7F-4463-9FFB-654DB8FB6CC8} => pcalua.exe -a "C:\Program Files (x86)\Driver Support\Driver Support\ISUninstall.exe" -d "C:\Program Files (x86)\Driver Support\Driver Support"
    Task: {211680BA-903F-425B-A897-950F00037F85} - System32\Tasks\{47C363C3-0002-4585-8E62-8A019F0EB0B8} => C:\pfs\callatl\callatl.exe [2011-05-31] ()
    Task: {23B42139-99AF-4D1E-8502-D5DC7643ECAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {277EEA91-DB3F-4B26-B9C4-9EEFB57A0465} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe [2009-09-04] (Lexmark International Inc.)
    Task: {32CB320C-EC42-484F-B8CA-2C6ED1CABA18} - System32\Tasks\GoogleUpdateTaskMachineCore1cf297bb0803088 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {3CEC0A4E-A824-45C6-B8B3-37BFAC7CFF22} - System32\Tasks\{C8E9FC3C-DF24-4617-9757-E90CDB9B4907} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {40FE8F54-0D2D-4BF0-A613-99C17DC4CD59} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
    Task: {5C35B339-5BD6-4ABA-A74B-EBDB31913916} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
    Task: {613841AC-1CA0-47A2-89A2-EBD211021B3F} - System32\Tasks\{6EC61D7C-966E-4261-A450-EA95E74D7410} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {624DFA88-71BE-442F-8ABD-037ABDB1BF54} - \HDNINSTSCHD -> No File <==== ATTENTION
    Task: {68D7A089-C232-4CF8-8F9E-9B99BCD9DDAF} - System32\Tasks\{AFB52532-2837-4902-970A-8519EEE4A891} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {6F105218-9498-4E92-AEF3-86686BA274D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
    Task: {8EDCC535-D22E-4D69-A523-B8590BF50F34} - \UPDTEXE4_WDR -> No File <==== ATTENTION
    Task: {9F702AB4-45E8-445D-A184-91F3B868B668} - \IE_ERR4WDR -> No File <==== ATTENTION
    Task: {AA509B71-43CB-423B-8DDE-0648769FE0A1} - System32\Tasks\{0108DE2A-B46B-47AF-8EA0-0AA42F16550C} => pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1B4VEP9Z\microsoft net framework setup.exe" -d C:\Users\Home\Desktop
    Task: {ACAD40F2-F41C-4200-B201-9DD96538FBD2} - System32\Tasks\{DADB6DB3-906A-4C35-85FE-4A08C97EEEEF} => C:\pfs\callatl\callatl.exe [2011-05-31] ()
    Task: {B8DF2FBF-0B5B-40D5-A1A1-0AD5E406CF7A} - System32\Tasks\{84BC2D11-AF9A-49AF-8126-94245D2F1A72} => pcalua.exe -a D:\Setup.EXE -d D:\
    Task: {BD5B47D3-65C3-4524-B1F1-D3867DE18CFE} - System32\Tasks\ZenSearch\Updater\ZenSearch updater => C:\Program Files (x86)\ZenSearch Updater\updater.exe <==== ATTENTION
    Task: {C04D79D3-0B52-475C-B9AF-73098C5AAA38} - \Binkiland casi -> No File <==== ATTENTION
    Task: {CB74A49F-42EC-4955-BE33-40FB82D1318D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
    Task: {D31C2EC0-2A91-43BF-9FD0-22A95C0E62EF} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer A1PCCleaner\updater.exe
    Task: {F477F341-82E9-4CA8-9CAE-ADD70AC05BCC} - \boosterpop -> No File <==== ATTENTION
    Task: {FB5CE51F-F131-4B16-96B8-5B9056100DF8} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer A1PCCleaner\Popialert.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf297bb0803088.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-04-12 03:02 - 2013-01-31 05:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2012-08-15 11:27 - 2009-10-16 16:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-05-06 13:07 - 2011-05-06 13:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    2011-05-06 12:58 - 2011-05-06 12:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    2012-08-15 11:34 - 2009-09-04 03:51 - 00676520 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    2012-08-14 20:12 - 2011-01-04 15:34 - 04545024 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
    2009-02-25 14:18 - 2009-02-25 14:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
    2012-08-14 20:12 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    2012-10-18 17:31 - 2012-10-18 17:31 - 00240640 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
    2012-10-18 17:31 - 2012-10-18 17:31 - 00246784 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
    2012-10-18 17:30 - 2012-10-18 17:30 - 00233984 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
    2012-07-12 19:37 - 2012-07-12 19:37 - 01380864 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\libxmljs\build\Release\libxmljs.node
    2012-06-26 16:40 - 2012-06-26 16:40 - 00068096 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
    2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
    2011-05-06 13:07 - 2011-05-06 13:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
    2011-05-06 13:02 - 2011-05-06 13:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
    2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
    2010-10-26 00:06 - 2010-10-26 00:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
    2010-10-26 08:34 - 2010-10-26 08:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
    2010-10-26 00:37 - 2010-10-26 00:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
    2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
    2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
    2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
    2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
    2012-08-15 11:34 - 2009-09-04 03:23 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
    2012-08-15 11:34 - 2009-09-04 03:15 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
    2012-08-15 11:34 - 2009-08-19 12:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll
    2012-08-15 11:34 - 2009-09-04 03:23 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
    2012-08-15 11:34 - 2009-09-04 03:24 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
    2012-08-15 11:34 - 2009-09-04 03:15 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
    2012-08-15 11:34 - 2009-09-04 03:23 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\iptk.dll
    2012-08-15 11:34 - 2007-09-06 02:11 - 00151552 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduptp.dll
    2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-08-14 20:12 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
    2012-08-14 20:12 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
    2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
    2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
    2011-05-26 20:18 - 2011-05-26 20:18 - 00136536 _____ () C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
    2015-07-14 18:20 - 2015-07-14 18:20 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:0168CC60
    AlternateDataStreams: C:\ProgramData\TEMP:0474F714
    AlternateDataStreams: C:\ProgramData\TEMP:10CB85CA
    AlternateDataStreams: C:\ProgramData\TEMP:234E9CC5
    AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:2F360FB3
    AlternateDataStreams: C:\ProgramData\TEMP:32289BE8
    AlternateDataStreams: C:\ProgramData\TEMP:32EA849C
    AlternateDataStreams: C:\ProgramData\TEMP:371060CE
    AlternateDataStreams: C:\ProgramData\TEMP:3F266659
    AlternateDataStreams: C:\ProgramData\TEMP:48862C37
    AlternateDataStreams: C:\ProgramData\TEMP:4CD3F344
    AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
    AlternateDataStreams: C:\ProgramData\TEMP:7BFFC6A9
    AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
    AlternateDataStreams: C:\ProgramData\TEMP:8866C899
    AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB
    AlternateDataStreams: C:\ProgramData\TEMP:9725F1BC
    AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7
    AlternateDataStreams: C:\ProgramData\TEMP:9EDA68BD
    AlternateDataStreams: C:\ProgramData\TEMP:A6F28514
    AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
    AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4
    AlternateDataStreams: C:\ProgramData\TEMP:BACC4A79
    AlternateDataStreams: C:\ProgramData\TEMP:BCF55336
    AlternateDataStreams: C:\ProgramData\TEMP:C5340FA1
    AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
    AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
    AlternateDataStreams: C:\ProgramData\TEMP:F3A185AE
    AlternateDataStreams: C:\ProgramData\TEMP:F5D01D7C
    AlternateDataStreams: C:\ProgramData\TEMP:F7F4DC88
    AlternateDataStreams: C:\ProgramData\TEMP:FBD274CF

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk => C:\Windows\pss\Bloggie Watcher Utility.lnk.CommonStartup

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{7C5A5338-F72E-4938-AB6F-7706E28E6B04}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [{0057456E-9E5A-4244-9928-12DACBF1D78B}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [{390F61A7-E5B8-42EA-BEA2-42A191F32286}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdupswx.exe
    FirewallRules: [{CC9332FB-640F-4D0A-812B-826910443719}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdupswx.exe
    FirewallRules: [{FD2F00EB-CD95-4EF2-97EF-254CFE786D5C}] => (Allow) C:\Windows\system32\lxducoms.exe
    FirewallRules: [{BA47EA29-A587-453F-9025-1B34D82726AB}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdupswx.exe
    FirewallRules: [{0C9305D1-0DAF-4241-A1D1-42619520581B}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdutime.exe
    FirewallRules: [{870F275F-28CD-4EB7-B6F4-D997264FA7EE}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [TCP Query User{7C38D15E-84D1-4D28-8A4C-CA4E523F223C}C:\pfs\callatl\rteng9.exe] => (Allow) C:\pfs\callatl\rteng9.exe
    FirewallRules: [UDP Query User{673F1310-9AD0-4BBC-B18F-442BE39FD5D0}C:\pfs\callatl\rteng9.exe] => (Allow) C:\pfs\callatl\rteng9.exe
    FirewallRules: [{43BB817B-AF40-4422-8791-285F3F98BD49}] => (Allow) LPort=24726
    FirewallRules: [{5162AECD-D2BC-4F1A-9816-20CBEDB3FC05}] => (Allow) LPort=24727
    FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    FirewallRules: [{9098D532-612F-48C8-8923-1E3C7FB50CA5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{EF8E9E04-7982-4CCB-80A6-EFB2EB8BD028}] => (Allow) LPort=2869
    FirewallRules: [{0CC53702-174F-451C-8754-5997103EF2DF}] => (Allow) LPort=1900
    FirewallRules: [{1C67F0BD-A6CF-4AF1-9C51-F64C46E12843}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{E4321035-5060-4F12-AB74-4734C39EAE05}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{E19D36B9-7470-41BC-9FBB-1ED310B2E079}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{9A3D4681-4B61-49DC-BC38-3438BDBFDAD2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{B4A5EBA3-A393-4148-A340-2008967A237D}] => (Allow) C:\Windows\System32\lxducoms.exe
    FirewallRules: [{50E938A2-E085-4DC8-96BB-ACA67F97F453}] => (Allow) C:\Windows\System32\lxducoms.exe
    FirewallRules: [{E0B1A189-5525-4205-AFBB-58E8E667FE25}] => (Allow) C:\Windows\system32\lxducoms.exe
    FirewallRules: [{F3EB8F2B-D946-4F08-9E36-E3F94FDE1D17}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdupswx.exe
    FirewallRules: [{3E1C8699-E24C-4403-BC74-9EF40A3D0AA6}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdutime.exe
    FirewallRules: [{DF51830B-9048-4CCF-AF8C-D0554A4CC193}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [{3B4207E0-01D3-4368-BE3C-C49E51564088}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{08001908-4762-452D-AB52-C18E72304B05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AE9276AA-379C-4E49-9FE4-83A02CB8AAA6}] => (Allow) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
    FirewallRules: [{F9C46B0D-D164-4001-9D95-D0CAFC758517}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{49223DC9-851E-470E-8B52-2FDE85E595FA}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{2BF6E7AD-07E0-4940-9AF7-B508E31D41C5}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [TCP Query User{BDB580B7-29BA-4760-9824-BFF21B37F786}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [UDP Query User{32485362-4667-4865-AAFE-7136AC0060E1}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [{7A83E206-95DC-4333-A1B8-596BDF527B91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{EAB418D6-FC30-4F0C-AB5D-F1CC297188D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{346D5A04-EB43-479C-AA00-B0BD10C342CA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{43AFECE6-6716-4A97-AFA8-DBE995CA25BE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{2900925A-1891-4398-B332-91A01E0E6628}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{CF7F4196-0DFC-43CA-908E-B8C14D27460E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{56CBB2DC-6156-48E1-BB3E-C7B962CD3EF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6800E130-FC92-44D8-BAA5-0762B3116440}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E6AFB813-1AD6-4FCB-995C-1431FAD9F978}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{DBBA8ACB-8333-40DC-9C1B-796A00E10D8E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Unknown Device
    Description: Unknown Device
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: (Standard USB Host Controller)
    Service:
    Problem: : Windows has stopped this device because it has reported problems. (Code 43)
    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/23/2015 10:13:50 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
    Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

    Error: (10/23/2015 10:13:50 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
    Description: The Windows Search Service cannot open the Jet property store.

    Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f))

    Error: (10/23/2015 10:13:49 AM) (Source: ESENT) (EventID: 485) (User: )
    Description: Windows (4740) Windows: An attempt to delete the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).

    Error: (10/23/2015 10:13:39 AM) (Source: ESENT) (EventID: 490) (User: )
    Description: Windows (4740) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (10/23/2015 10:12:22 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (10/23/2015 10:12:22 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (10/23/2015 10:12:22 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (10/23/2015 10:12:22 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (10/23/2015 10:12:22 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    Element not found. (HRESULT : 0x80070490) (0x80070490)

    Error: (10/23/2015 10:12:19 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.JetPropStore> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


    System errors:
    =============
    Error: (10/23/2015 04:40:40 PM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume K: encountered a non-retryable error and could not start. The data contains the error code.

    Error: (10/23/2015 04:39:13 PM) (Source: ipnathlp) (EventID: 30013) (User: )
    Description: 192.168.1.66192.168.137.0255.255.255.0

    Error: (10/23/2015 04:39:13 PM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (10/23/2015 04:38:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The VBoxAsw Support Driver service failed to start due to the following error:
    %%3

    Error: (10/23/2015 04:38:40 PM) (Source: SNMP) (EventID: 1500) (User: )
    Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Error: (10/23/2015 04:24:49 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
    Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

    Error: (10/23/2015 10:14:21 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (10/23/2015 10:13:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (10/23/2015 10:13:51 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Windows Search service terminated with service-specific error %%-2147217025.

    Error: (10/23/2015 10:13:39 AM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume K: encountered a non-retryable error and could not start. The data contains the error code.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
    Percentage of memory in use: 73%
    Total physical RAM: 3839.23 MB
    Available physical RAM: 1027.15 MB
    Total Virtual: 7676.68 MB
    Available Virtual: 3819.57 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:698.54 GB) (Free:274.05 GB) NTFS
    Drive e: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
    Drive k: (My Passport) (Fixed) (Total:297.44 GB) (Free:0 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7FB1FA54)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 297.4 GB) (Disk ID: 00035F28)
    Partition 1: (Not Active) - (Size=297.4 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    Sorry!
     
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Gerry,

    Sorry, but it's still the same.
    Let me explain where you are going wrong........

    When the download comes up. Don't click on Run..... Click the drop down arrow and select Save.

    07658d74dacfb427efb4bdf7bc52f9df.png

    Then Save As......

    0acd8ed43a58402fe4f837f9e021f629.png

    When the Download folder comes up ( it'll probably be the default) .... click Save.

    41b0904aa011b70a0df0fb3b8e6abd3d.png

    Then go to the Download folder to run the tool.
    The easiest way is.... after the download has completed, this will pop up to tell you the tool has been saved.
    Click to open the Download folder....

    59af803c65e3b802e4ece40212bff96d.png

    Then click to run FRST.

    501907e858c68df63cd20eccc891ce43.png

    My screen shots may look slightly different from your system as I'm using Win10 to take these pics.
    But the steps are the same.


    Before you run FRST again......
    FRST is flagging these up as a warning:
    I recommend you uninstall them.
     
  6. Gerry7371

    Gerry7371 Registered Members

    Joined:
    Oct 22, 2015
    Messages:
    41
    Operating System:
    Windows 7
    Did as you asked and removed programs / files. Here's the results

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-10-2015
    Ran by Home (administrator) on HOME-PC (24-10-2015 09:29:19)
    Running from C:\Users\Home\Downloads
    Loaded Profiles: Home & UpdatusUser (Available Profiles: Home & Lynne & Lisa & UpdatusUser & DefaultAppPool)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Alcatel-Lucent) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Joyent, Inc) C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\node.exe
    () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    (Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
    (Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
    () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    (Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
    (Microsoft Corporation) C:\Windows\System32\snmp.exe
    (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_226_ActiveX.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2009-09-04] ()
    HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe [131752 2009-09-04] (Lexmark International Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
    HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-21] (SUPERAntiSpyware)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\RunOnce: [ZS_cleanuptmp] => "C:\Windows\system32\cmd.exe" /c rmdir /q /s "C:\Users\Home\AppData\Local\Temp\ZenSearch" <===== ATTENTION
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\MountPoints2: {c7302013-e6e6-11e1-bf9d-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2012-10-07]
    ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk [2012-08-14]
    ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2015-08-06]
    ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2015-08-06]
    ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
    GroupPolicyUsers\S-1-5-21-2430930441-2580859966-3045845237-1006\User: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{804410AC-B072-42CE-9188-532F692FECDA}: [DhcpNameServer] 192.168.1.1 68.105.28.11 68.105.29.11
    Tcpip\..\Interfaces\{E4238440-9D19-4259-90B4-58597A57EFB1}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?q={searchTerms}
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-10] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
    BHO-x32: No Name -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-10] (Oracle Corporation)
    BHO-x32: XBTBPos00 Class -> {EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8} -> C:\Program Files (x86)\Brand Thunder\IE\tbcore3.dll => No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-19] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-19] (Google Inc.)
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF DefaultSearchUrl: hxxps://www.google.com/search
    FF SearchEngineOrder.1: Google
    FF SelectedSearchEngine: Binkiland
    FF Homepage: about:home
    FF Keyword.URL: hxxps://www.google.com/search
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-10] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-10] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll [2012-11-15] (Alcatel-Lucent)
    FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2430930441-2580859966-3045845237-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Home\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-22] (Citrix Online)
    FF Plugin HKU\S-1-5-21-2430930441-2580859966-3045845237-1000: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-04] (Apple Inc.)
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\bing-avast.xml [2014-06-30]
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\google-avast.xml [2014-11-15]
    FF Extension: iCloud Bookmarks - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\Extensions\firefoxdav@icloud.com [2015-05-29]
    FF Extension: Motive Extension - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\Extensions\mcciwbch@motive.com [2012-12-28] [not signed]
    FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2012-12-28] [not signed]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension => not found

    Chrome:
    =======
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
    CHR Plugin: (Application Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
    CHR Plugin: (Sony Online Media Engine) - C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll (Sony)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Avast SafePrice) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-05-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-23]
    CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
    R2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2012-11-15] (Alcatel-Lucent) [File not signed]
    R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2505472 2015-10-09] (ESET)
    R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
    R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
    R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [594600 2009-08-19] ( )
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-10-05] (Alcatel-Lucent) [File not signed]
    R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-10-05] (Alcatel-Lucent) [File not signed]
    R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
    R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
    R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [129536 2009-11-13] (WDC) [File not signed]
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
    R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-07-30] (ESET)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-07-30] (ESET)
    R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-10-07] (ESET)
    R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-07-30] (ESET)
    R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-07-30] (ESET)
    R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-07-30] (ESET)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-24 09:16 - 2015-10-24 09:16 - 02196480 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
    2015-10-24 09:13 - 2015-10-24 09:13 - 02196480 _____ (Farbar) C:\Users\Home\Downloads\FRST64 (2).exe
    2015-10-23 17:23 - 2015-10-23 17:23 - 02196480 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
    2015-10-23 17:21 - 2015-10-23 17:22 - 02196480 _____ (Farbar) C:\Users\Home\Downloads\FRST64 (1).exe
    2015-10-23 16:49 - 2015-10-23 16:50 - 00042028 _____ C:\Users\Home\Downloads\Addition.txt
    2015-10-23 16:47 - 2015-10-24 09:29 - 00026432 _____ C:\Users\Home\Downloads\FRST.txt
    2015-10-23 11:13 - 2015-10-23 11:13 - 00000000 ____D C:\Users\Home\AppData\Roaming\ESET
    2015-10-23 10:12 - 2015-10-23 16:38 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
    2015-10-23 10:01 - 2015-10-23 10:07 - 00000000 ____D C:\AdwCleaner
    2015-10-23 09:58 - 2015-10-23 09:58 - 01691648 _____ C:\Users\Home\Downloads\AdwCleaner.exe
    2015-10-23 09:47 - 2015-10-23 09:47 - 00000560 _____ C:\Users\Home\Downloads\help.txt
    2015-10-23 09:36 - 2015-10-24 09:29 - 00000000 ____D C:\FRST
    2015-10-22 14:49 - 2015-10-23 16:38 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2015-10-22 14:47 - 2015-10-22 14:47 - 00001987 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\ProgramData\ESET
    2015-10-22 14:47 - 2015-10-22 14:47 - 00000000 ____D C:\Program Files\ESET
    2015-10-22 14:44 - 2015-10-22 14:44 - 02837704 _____ (ESET) C:\Users\Home\Downloads\eset_smart_security_live_installer.exe
    2015-10-22 12:24 - 2015-10-22 12:46 - 00000000 ____D C:\Program Files (x86)\Citrix
    2015-10-22 12:24 - 2015-10-22 12:24 - 00000000 ____D C:\Users\Home\AppData\Local\Citrix
    2015-10-19 10:10 - 2015-10-19 10:12 - 00000000 ____D C:\Users\Home\Documents\Travelers Auto
    2015-10-17 11:38 - 2015-10-17 11:38 - 00000000 ____D C:\SUPERDelete
    2015-10-16 07:43 - 2015-10-16 07:43 - 00279608 _____ C:\Windows\Minidump\101615-31871-01.dmp
    2015-10-14 19:32 - 2015-10-14 19:32 - 00000000 ____D C:\Windows\pss
    2015-10-14 15:55 - 2015-09-18 15:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-10-14 15:55 - 2015-09-18 15:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-10-14 15:55 - 2015-09-18 15:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-10-14 15:55 - 2015-09-18 15:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-10-13 21:54 - 2015-09-18 15:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-10-13 21:54 - 2015-09-18 14:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-10-13 21:54 - 2015-09-16 00:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-10-13 21:54 - 2015-09-16 00:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-10-13 21:54 - 2015-09-16 00:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-10-13 21:54 - 2015-09-16 00:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-10-13 21:54 - 2015-09-16 00:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-10-13 21:54 - 2015-09-16 00:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-10-13 21:54 - 2015-09-16 00:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-10-13 21:54 - 2015-09-16 00:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-10-13 21:54 - 2015-09-16 00:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-10-13 21:54 - 2015-09-16 00:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-10-13 21:54 - 2015-09-16 00:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-10-13 21:54 - 2015-09-16 00:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-10-13 21:54 - 2015-09-16 00:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-10-13 21:54 - 2015-09-15 23:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-10-13 21:54 - 2015-09-15 23:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-10-13 21:54 - 2015-09-15 23:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-10-13 21:54 - 2015-09-15 23:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-10-13 21:54 - 2015-09-15 23:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-10-13 21:54 - 2015-09-15 23:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-10-13 21:54 - 2015-09-15 23:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-10-13 21:54 - 2015-09-15 23:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-10-13 21:54 - 2015-09-15 23:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-10-13 21:54 - 2015-09-15 23:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-10-13 21:54 - 2015-09-15 23:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-10-13 21:54 - 2015-09-15 23:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-10-13 21:54 - 2015-09-15 23:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-10-13 21:54 - 2015-09-15 23:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-10-13 21:54 - 2015-09-15 23:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-10-13 21:54 - 2015-09-15 23:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-10-13 21:54 - 2015-09-15 23:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-10-13 21:54 - 2015-09-15 23:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-10-13 21:54 - 2015-09-15 23:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-10-13 21:54 - 2015-09-15 23:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-10-13 21:54 - 2015-09-15 23:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-10-13 21:54 - 2015-09-15 23:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-10-13 21:54 - 2015-09-15 23:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-10-13 21:54 - 2015-09-15 23:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-10-13 21:54 - 2015-09-15 23:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-10-13 21:54 - 2015-09-15 23:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-10-13 21:54 - 2015-09-15 23:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-10-13 21:54 - 2015-09-15 23:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-10-13 21:54 - 2015-09-15 23:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-10-13 21:54 - 2015-09-15 23:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-10-13 21:54 - 2015-09-15 23:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-10-13 21:54 - 2015-09-15 23:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-10-13 21:54 - 2015-09-15 23:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-10-13 21:54 - 2015-09-15 23:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-10-13 21:54 - 2015-09-15 22:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-10-13 21:54 - 2015-09-15 22:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-10-13 21:54 - 2015-09-15 22:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-10-13 21:54 - 2015-09-15 22:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-10-13 21:54 - 2015-09-15 22:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-10-13 21:54 - 2015-09-15 22:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-10-13 21:54 - 2015-09-15 22:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-10-13 21:54 - 2015-09-15 22:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-10-13 21:54 - 2015-09-15 22:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-10-13 21:54 - 2015-09-15 22:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-10-13 21:54 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-10-13 21:54 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-10-13 21:54 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-10-13 21:54 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-10-13 21:53 - 2015-09-28 23:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-10-13 21:53 - 2015-09-28 23:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-10-13 21:53 - 2015-09-28 23:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-10-13 21:53 - 2015-09-28 23:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-10-13 21:53 - 2015-09-28 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-10-13 21:53 - 2015-09-28 23:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-10-13 21:53 - 2015-09-28 23:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-10-13 21:53 - 2015-09-28 23:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-10-13 21:53 - 2015-09-28 23:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-10-13 21:53 - 2015-09-28 23:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-10-13 21:53 - 2015-09-28 23:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-10-13 21:53 - 2015-09-28 22:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-10-13 21:53 - 2015-09-28 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-10-13 21:53 - 2015-09-28 22:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-10-13 21:53 - 2015-09-28 22:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-10-13 21:53 - 2015-09-28 22:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-10-13 21:53 - 2015-09-28 22:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-10-13 21:53 - 2015-09-28 22:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-10-13 21:53 - 2015-09-28 22:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-10-13 21:53 - 2015-09-28 21:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-10-13 21:53 - 2015-09-28 21:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-10-13 21:53 - 2015-09-28 21:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-10-13 21:53 - 2015-09-28 21:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-10-13 21:53 - 2015-09-28 21:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-28 21:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-10-13 21:53 - 2015-09-25 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-10-13 21:53 - 2015-09-25 14:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-10-13 21:53 - 2015-09-25 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-10-13 21:53 - 2015-09-25 14:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-10-13 21:53 - 2015-09-25 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-10-13 21:53 - 2015-09-25 13:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-10-13 21:53 - 2015-09-25 13:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-10-13 21:53 - 2015-09-15 14:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-10-13 21:53 - 2015-09-15 14:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-10-13 21:53 - 2015-09-15 14:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-10-13 21:53 - 2015-09-15 14:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-10-13 21:53 - 2015-09-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-10-13 21:53 - 2015-09-15 13:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-10-13 21:53 - 2015-09-15 13:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-10-13 21:53 - 2015-09-15 13:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-10-13 21:53 - 2015-09-15 13:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-10-13 21:52 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-10-13 21:52 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-10-13 21:52 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-10-13 21:52 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-10-13 21:52 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-10-13 21:52 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-10-13 21:52 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-10-13 21:51 - 2015-07-18 09:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2015-10-13 21:51 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2015-10-11 12:30 - 2015-10-11 12:30 - 00000000 ____D C:\Users\Lisa\AppData\Roaming\Sun
    2015-10-11 12:30 - 2015-10-11 12:30 - 00000000 ____D C:\Users\Lisa\.oracle_jre_usage
    2015-10-07 06:16 - 2015-10-07 06:16 - 00142976 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-24 09:28 - 2013-12-27 10:49 - 00000000 ____D C:\Users\Home\AppData\Local\2206D898-65C1-4169-B64D-AD5D35991E03.aplzod
    2015-10-24 09:22 - 2012-08-15 12:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-24 09:15 - 2014-09-01 12:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-10-24 09:13 - 2013-07-18 20:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-10-24 08:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
    2015-10-24 07:22 - 2014-02-14 07:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf297bb0803088.job
    2015-10-24 05:19 - 2012-08-14 22:36 - 02070868 _____ C:\Windows\WindowsUpdate.log
    2015-10-24 02:06 - 2009-07-14 00:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-24 02:06 - 2009-07-14 00:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-23 16:39 - 2013-08-22 18:57 - 00000434 _____ C:\Windows\system32\Drivers\etc\hosts.ics
    2015-10-23 16:37 - 2012-08-14 22:53 - 03915944 _____ C:\Windows\PFRO.log
    2015-10-23 16:37 - 2012-08-14 22:07 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-10-23 16:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-10-23 16:37 - 2009-07-14 00:51 - 00051432 _____ C:\Windows\setupact.log
    2015-10-23 10:10 - 2012-08-15 14:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-10-23 10:07 - 2012-10-07 12:56 - 00000000 ____D C:\Users\Home\AppData\LocalLow\Yahoo!
    2015-10-23 10:07 - 2012-10-07 12:56 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2015-10-22 14:50 - 2014-02-02 12:09 - 00000000 ____D C:\Users\Home\AppData\Local\ESET
    2015-10-21 10:30 - 2012-08-16 11:41 - 00000000 ____D C:\Users\Home\Desktop\Resume & Cover Letters
    2015-10-21 10:29 - 2012-08-15 11:36 - 00000000 ____D C:\ProgramData\Lx_cats
    2015-10-19 10:14 - 2014-04-03 18:57 - 00000000 ____D C:\Users\Home\Documents\Travelers Hm Owners Pol
    2015-10-17 10:13 - 2013-07-18 20:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-10-17 10:13 - 2012-08-15 15:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-17 10:13 - 2012-08-15 15:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-16 07:43 - 2014-10-29 18:17 - 614066484 _____ C:\Windows\MEMORY.DMP
    2015-10-16 07:43 - 2014-10-29 18:17 - 00000000 ____D C:\Windows\Minidump
    2015-10-15 03:00 - 2014-12-11 04:16 - 00000000 ____D C:\Windows\system32\appraiser
    2015-10-15 03:00 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-10-14 20:23 - 2014-09-01 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-14 20:23 - 2014-09-01 12:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-10-14 20:23 - 2012-08-15 11:06 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-10-14 19:34 - 2013-05-28 19:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-14 19:33 - 2014-12-23 18:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-10-14 05:22 - 2012-11-02 20:46 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-10-14 04:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2015-10-14 03:16 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
    2015-10-14 03:09 - 2012-08-14 20:49 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-10-14 03:09 - 2012-08-14 20:09 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-10-11 12:30 - 2012-08-27 17:28 - 00000000 ____D C:\Users\Lisa
    2015-10-11 12:25 - 2012-08-27 17:29 - 00000000 ____D C:\Users\Lisa\AppData\Local\Google
    2015-10-11 12:23 - 2012-08-18 22:14 - 00000000 ____D C:\Users\Lynne\AppData\Local\Google
    2015-10-08 07:29 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
    2015-10-08 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-10-05 09:50 - 2014-09-01 12:49 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-10-05 09:50 - 2014-09-01 12:49 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-10-05 09:50 - 2012-08-15 11:06 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2015-09-26 17:59 - 2013-01-29 21:20 - 00022100 _____ C:\ProgramData\lxduJSW.log

    ==================== Files in the root of some directories =======

    2014-06-20 11:20 - 2015-02-24 14:46 - 0000131 _____ () C:\Users\Home\AppData\Roaming\WB.CFG
    2012-09-13 18:42 - 2012-12-06 13:26 - 0005632 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-24 14:46 - 2015-02-24 14:46 - 0000010 _____ () C:\Users\Home\AppData\Local\DSI.DAT
    2012-08-17 12:59 - 2012-08-17 12:59 - 0004096 ____H () C:\Users\Home\AppData\Local\keyfile3.drm
    2012-08-15 11:35 - 2012-08-15 11:35 - 0000252 _____ () C:\ProgramData\FastPics.log
    2014-02-23 17:25 - 2014-07-08 12:13 - 0000483 _____ () C:\ProgramData\lxdu.log
    2013-02-23 11:56 - 2013-02-23 11:58 - 0000248 _____ () C:\ProgramData\lxduDiagnostics.log
    2013-01-29 21:20 - 2015-09-26 17:59 - 0022100 _____ () C:\ProgramData\lxduJSW.log
    2015-02-06 11:42 - 2015-02-06 11:42 - 0225190 _____ () C:\ProgramData\SPL1107.tmp
    2014-09-22 09:36 - 2014-09-22 09:36 - 5471854 _____ () C:\ProgramData\SPL14E.tmp
    2014-02-23 16:57 - 2014-02-23 16:57 - 2088164 _____ () C:\ProgramData\SPL1969.tmp
    2014-06-20 10:27 - 2014-06-20 10:27 - 0513379 _____ () C:\ProgramData\SPL1F43.tmp
    2014-06-05 17:59 - 2014-06-05 17:59 - 1819997 _____ () C:\ProgramData\SPL372E.tmp
    2015-01-31 10:38 - 2015-01-31 10:38 - 6887886 _____ () C:\ProgramData\SPL3BF6.tmp
    2015-01-31 15:41 - 2015-01-31 15:41 - 17780750 _____ () C:\ProgramData\SPL3F6.tmp
    2015-02-09 16:54 - 2015-02-09 16:54 - 0606599 _____ () C:\ProgramData\SPL4474.tmp
    2015-06-05 13:34 - 2015-06-05 13:34 - 0371852 _____ () C:\ProgramData\SPL558F.tmp
    2015-01-31 10:36 - 2015-01-31 10:36 - 6887886 _____ () C:\ProgramData\SPL57C7.tmp
    2015-04-01 12:04 - 2015-04-01 12:04 - 0241596 _____ () C:\ProgramData\SPL6C14.tmp
    2014-02-23 19:24 - 2014-02-23 19:24 - 2088164 _____ () C:\ProgramData\SPL736C.tmp
    2015-01-12 14:06 - 2015-01-12 14:06 - 0101442 _____ () C:\ProgramData\SPL740.tmp
    2015-05-01 10:50 - 2015-05-01 10:50 - 0521411 _____ () C:\ProgramData\SPL76B6.tmp
    2014-08-13 21:31 - 2014-08-13 21:31 - 6251160 _____ () C:\ProgramData\SPL7DD6.tmp
    2015-07-19 11:53 - 2015-07-19 11:53 - 0140631 _____ () C:\ProgramData\SPL82D5.tmp
    2015-04-06 11:34 - 2015-04-06 11:34 - 0099760 _____ () C:\ProgramData\SPL8729.tmp
    2015-03-30 10:49 - 2015-03-30 10:49 - 2496910 _____ () C:\ProgramData\SPL95D.tmp
    2015-06-03 19:37 - 2015-06-03 19:37 - 0723546 _____ () C:\ProgramData\SPL96A5.tmp
    2015-01-31 13:55 - 2015-01-31 13:55 - 17780750 _____ () C:\ProgramData\SPLB46.tmp
    2015-01-26 10:28 - 2015-01-26 10:28 - 0611143 _____ () C:\ProgramData\SPLB8F.tmp
    2014-02-23 15:47 - 2014-02-23 15:47 - 2088164 _____ () C:\ProgramData\SPLC4CF.tmp
    2012-12-21 18:42 - 2012-12-21 18:42 - 0860404 _____ () C:\ProgramData\SPLC6C7.tmp
    2014-04-29 15:16 - 2014-04-29 15:16 - 0678620 _____ () C:\ProgramData\SPLCE81.tmp
    2015-04-09 11:48 - 2015-04-09 11:48 - 0326714 _____ () C:\ProgramData\SPLD29C.tmp
    2015-03-23 10:55 - 2015-03-23 10:55 - 2815712 _____ () C:\ProgramData\SPLDCC4.tmp
    2015-06-24 10:57 - 2015-06-24 10:57 - 1565830 _____ () C:\ProgramData\SPLDED2.tmp
    2014-08-13 21:52 - 2014-08-13 21:52 - 0201922 _____ () C:\ProgramData\SPLE649.tmp
    2015-06-05 12:32 - 2015-06-05 12:32 - 0195126 _____ () C:\ProgramData\SPLE849.tmp
    2015-06-20 14:15 - 2015-06-20 14:15 - 3863779 _____ () C:\ProgramData\SPLEC13.tmp
    2015-05-10 09:33 - 2015-05-10 09:33 - 0609767 _____ () C:\ProgramData\SPLF53A.tmp
    2012-12-18 19:58 - 2012-12-18 19:58 - 0771125 _____ () C:\ProgramData\SPLF5EE.tmp
    2012-08-15 11:27 - 2012-08-15 11:27 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

    Some files in TEMP:
    ====================
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-23 17:42


    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-10-2015
    Ran by Home (2015-10-24 09:30:10)
    Running from C:\Users\Home\Downloads
    Windows 7 Ultimate Service Pack 1 (X64) (2012-08-14 23:51:34)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2430930441-2580859966-3045845237-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-2430930441-2580859966-3045845237-1006 - Limited - Enabled)
    Guest (S-1-5-21-2430930441-2580859966-3045845237-501 - Limited - Disabled)
    Home (S-1-5-21-2430930441-2580859966-3045845237-1000 - Administrator - Enabled) => C:\Users\Home
    Lisa (S-1-5-21-2430930441-2580859966-3045845237-1004 - Limited - Enabled) => C:\Users\Lisa
    Lynne (S-1-5-21-2430930441-2580859966-3045845237-1003 - Limited - Enabled) => C:\Users\Lynne
    UpdatusUser (S-1-5-21-2430930441-2580859966-3045845237-1007 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ESET Smart Security 9.0.318.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ESET Smart Security 9.0.318.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    ATT Management Agent (HKLM-x32\...\ATT-ATT Management Agent) (Version: 8.2.1.6 - ATT)
    Belltech Greeting Card Designer 4.7 (HKLM-x32\...\Belltech Greeting Card Designer 4.7_is1) (Version: - Belltech Systems)
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    Bloggie Software (HKLM-x32\...\BloggieSoftware) (Version: 3.3.1.73 - Sony)
    Bloggie Software (x32 Version: 3.3.1.73 - Sony Corporation) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CallAtlanta (HKLM-x32\...\{206A595B-6ED6-4547-9293-C448139826EC}) (Version: 8.6.0 - Primerica Financial Services)
    Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dark Manor: A Hidden Object Mystery (HKLM-x32\...\BFG-Dark Manor - A Hidden Object Mystery) (Version: - )
    Dropbox (HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    ESET Smart Security (HKLM\...\{11994064-51F2-45DF-A83E-539B4BFE3F5A}) (Version: 9.0.318.0 - ESET, spol. s r.o.)
    FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
    Imagic 5 (x32 Version: 5.0.2.0 - STOIK Imaging) Hidden
    Imagic 5.0 (HKLM-x32\...\{22E93747-AB1C-4809-9DFE-FE7518908A75}) (Version: 5.0.2.0 - STOIK Imaging)
    iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
    Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
    Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
    Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Streets and Trips 2005 (HKLM-x32\...\{67E4EE98-59F4-4210-89A6-A20AF5BEC689}) (Version: 12.00.07.1200 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Midnight Castle (HKLM-x32\...\BFG-Midnight Castle) (Version: - )
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    mPlayer version 1.0 (HKLM-x32\...\{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1) (Version: 1.0 - Download Freely, LLC)
    NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
    NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
    NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
    Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
    Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1012 - SUPERAntiSpyware.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3A78192E-E683-4231-8DB5-F9453910CEF6}) (Version: 2.15.0401 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
    WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
    WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    19-05-2015 02:50:06 Windows Update
    20-05-2015 03:00:12 Windows Update
    26-05-2015 03:55:06 Windows Update
    02-06-2015 03:30:42 Windows Update
    09-06-2015 02:27:41 Windows Update
    10-06-2015 03:00:23 Windows Update
    11-06-2015 03:00:46 Windows Update
    16-06-2015 04:40:34 Windows Update
    23-06-2015 03:12:37 Windows Update
    26-06-2015 04:32:20 Windows Update
    30-06-2015 04:31:49 Windows Update
    07-07-2015 03:50:29 Windows Update
    14-07-2015 04:33:45 Windows Update
    15-07-2015 03:00:31 Windows Update
    17-07-2015 03:00:47 Windows Update
    19-07-2015 12:37:31 WD SmartWare Installer
    19-07-2015 12:41:38 WD SmartWare Installer
    21-07-2015 04:04:47 Windows Update
    22-07-2015 03:00:10 Windows Update
    25-07-2015 14:13:58 Windows Update
    29-07-2015 03:00:53 Windows Update
    05-08-2015 18:52:43 avast! antivirus system restore point
    05-08-2015 18:52:43 WD SmartWare Installer
    05-08-2015 18:59:03 Device Driver Package Install: Avast Network Service
    05-08-2015 19:01:10 WD SmartWare Installer
    07-08-2015 05:14:21 Windows Update
    09-08-2015 19:00:25 Windows Backup
    11-08-2015 05:14:27 Windows Update
    13-08-2015 03:01:28 Windows Update
    15-08-2015 09:18:13 Windows Backup
    16-08-2015 19:00:27 Windows Backup
    18-08-2015 03:05:31 Windows Update
    19-08-2015 03:00:12 Windows Update
    22-08-2015 09:44:48 avast! antivirus system restore point
    22-08-2015 09:51:15 Windows Backup
    23-08-2015 19:00:41 Windows Backup
    25-08-2015 03:08:31 Windows Update
    28-08-2015 04:26:36 Windows Update
    30-08-2015 19:00:22 Windows Backup
    01-09-2015 04:25:10 Windows Update
    06-09-2015 19:00:25 Windows Backup
    08-09-2015 04:25:47 Windows Update
    09-09-2015 03:01:31 Windows Update
    15-09-2015 05:33:57 Windows Update
    20-09-2015 19:01:04 Windows Backup
    22-09-2015 04:13:37 Windows Update
    27-09-2015 19:01:07 Windows Backup
    29-09-2015 03:09:54 Windows Update
    04-10-2015 19:00:20 Windows Backup
    06-10-2015 12:55:01 Windows Update
    08-10-2015 03:00:11 Windows Update
    13-10-2015 03:09:33 Windows Update
    13-10-2015 18:43:58 Windows Backup
    14-10-2015 03:00:48 Windows Update
    14-10-2015 19:23:56 Windows Backup
    15-10-2015 03:00:11 Windows Update
    18-10-2015 19:01:05 Windows Backup
    20-10-2015 04:22:45 Windows Update
    23-10-2015 09:13:33 avast! antivirus system restore point
    23-10-2015 16:29:30 avast! antivirus system restore point
    23-10-2015 17:05:38 Windows Update
    24-10-2015 09:25:04 Removed TurboApps WinMobile Conduit

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0A7AE80D-A4F2-4EE1-945B-4442C6D5C447} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {1874277E-E187-47AA-8F55-5BCC8B4FDA0C} - System32\Tasks\{5AA9BAA3-C96D-41A8-AC46-187250A20081} => C:\pfs\callatl\callatl.exe [2011-05-31] ()
    Task: {1E2C82E9-E651-4ABA-B58A-89E85825798F} - System32\Tasks\{F0356419-2E7F-4463-9FFB-654DB8FB6CC8} => pcalua.exe -a "C:\Program Files (x86)\Driver Support\Driver Support\ISUninstall.exe" -d "C:\Program Files (x86)\Driver Support\Driver Support"
    Task: {211680BA-903F-425B-A897-950F00037F85} - System32\Tasks\{47C363C3-0002-4585-8E62-8A019F0EB0B8} => C:\pfs\callatl\callatl.exe [2011-05-31] ()
    Task: {23B42139-99AF-4D1E-8502-D5DC7643ECAA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {277EEA91-DB3F-4B26-B9C4-9EEFB57A0465} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe [2009-09-04] (Lexmark International Inc.)
    Task: {32CB320C-EC42-484F-B8CA-2C6ED1CABA18} - System32\Tasks\GoogleUpdateTaskMachineCore1cf297bb0803088 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {3CEC0A4E-A824-45C6-B8B3-37BFAC7CFF22} - System32\Tasks\{C8E9FC3C-DF24-4617-9757-E90CDB9B4907} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {5C35B339-5BD6-4ABA-A74B-EBDB31913916} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
    Task: {613841AC-1CA0-47A2-89A2-EBD211021B3F} - System32\Tasks\{6EC61D7C-966E-4261-A450-EA95E74D7410} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {624DFA88-71BE-442F-8ABD-037ABDB1BF54} - \HDNINSTSCHD -> No File <==== ATTENTION
    Task: {68D7A089-C232-4CF8-8F9E-9B99BCD9DDAF} - System32\Tasks\{AFB52532-2837-4902-970A-8519EEE4A891} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation)
    Task: {6F105218-9498-4E92-AEF3-86686BA274D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
    Task: {8EDCC535-D22E-4D69-A523-B8590BF50F34} - \UPDTEXE4_WDR -> No File <==== ATTENTION
    Task: {9F702AB4-45E8-445D-A184-91F3B868B668} - \IE_ERR4WDR -> No File <==== ATTENTION
    Task: {AA509B71-43CB-423B-8DDE-0648769FE0A1} - System32\Tasks\{0108DE2A-B46B-47AF-8EA0-0AA42F16550C} => pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1B4VEP9Z\microsoft net framework setup.exe" -d C:\Users\Home\Desktop
    Task: {ACAD40F2-F41C-4200-B201-9DD96538FBD2} - System32\Tasks\{DADB6DB3-906A-4C35-85FE-4A08C97EEEEF} => C:\pfs\callatl\callatl.exe [2011-05-31] ()
    Task: {B8DF2FBF-0B5B-40D5-A1A1-0AD5E406CF7A} - System32\Tasks\{84BC2D11-AF9A-49AF-8126-94245D2F1A72} => pcalua.exe -a D:\Setup.EXE -d D:\
    Task: {BD5B47D3-65C3-4524-B1F1-D3867DE18CFE} - System32\Tasks\ZenSearch\Updater\ZenSearch updater => C:\Program Files (x86)\ZenSearch Updater\updater.exe <==== ATTENTION
    Task: {C04D79D3-0B52-475C-B9AF-73098C5AAA38} - \Binkiland casi -> No File <==== ATTENTION
    Task: {CB74A49F-42EC-4955-BE33-40FB82D1318D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
    Task: {D31C2EC0-2A91-43BF-9FD0-22A95C0E62EF} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer A1PCCleaner\updater.exe
    Task: {F477F341-82E9-4CA8-9CAE-ADD70AC05BCC} - \boosterpop -> No File <==== ATTENTION
    Task: {FB5CE51F-F131-4B16-96B8-5B9056100DF8} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer A1PCCleaner\Popialert.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf297bb0803088.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-04-12 03:02 - 2013-01-31 05:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2012-08-15 11:27 - 2009-10-16 16:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-05-06 13:07 - 2011-05-06 13:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
    2011-05-06 12:58 - 2011-05-06 12:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
    2012-08-15 11:34 - 2009-09-04 03:51 - 00676520 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    2012-08-14 20:12 - 2011-01-04 15:34 - 04545024 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    2009-08-19 15:49 - 2009-08-19 15:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
    2009-02-25 14:18 - 2009-02-25 14:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
    2012-08-14 20:12 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    2012-10-18 17:31 - 2012-10-18 17:31 - 00240640 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
    2012-10-18 17:31 - 2012-10-18 17:31 - 00246784 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
    2012-10-18 17:30 - 2012-10-18 17:30 - 00233984 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
    2012-07-12 19:37 - 2012-07-12 19:37 - 01380864 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\libxmljs\build\Release\libxmljs.node
    2012-06-26 16:40 - 2012-06-26 16:40 - 00068096 _____ () C:\Program Files (x86)\ATT\8.2.1.6\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
    2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
    2011-05-06 13:07 - 2011-05-06 13:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
    2011-05-06 13:02 - 2011-05-06 13:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
    2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
    2010-10-26 00:06 - 2010-10-26 00:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
    2010-10-26 08:34 - 2010-10-26 08:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
    2010-10-26 00:37 - 2010-10-26 00:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
    2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
    2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
    2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
    2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
    2012-08-15 11:34 - 2009-09-04 03:23 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
    2012-08-15 11:34 - 2009-09-04 03:15 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
    2012-08-15 11:34 - 2009-08-19 12:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll
    2012-08-15 11:34 - 2009-09-04 03:23 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
    2012-08-15 11:34 - 2009-09-04 03:24 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
    2012-08-15 11:34 - 2009-09-04 03:15 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
    2012-08-15 11:34 - 2009-09-04 03:23 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\iptk.dll
    2012-08-15 11:34 - 2007-09-06 02:11 - 00151552 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduptp.dll
    2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-08-14 20:12 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
    2012-08-14 20:12 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:0168CC60
    AlternateDataStreams: C:\ProgramData\TEMP:0474F714
    AlternateDataStreams: C:\ProgramData\TEMP:10CB85CA
    AlternateDataStreams: C:\ProgramData\TEMP:234E9CC5
    AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:2F360FB3
    AlternateDataStreams: C:\ProgramData\TEMP:32289BE8
    AlternateDataStreams: C:\ProgramData\TEMP:32EA849C
    AlternateDataStreams: C:\ProgramData\TEMP:371060CE
    AlternateDataStreams: C:\ProgramData\TEMP:3F266659
    AlternateDataStreams: C:\ProgramData\TEMP:48862C37
    AlternateDataStreams: C:\ProgramData\TEMP:4CD3F344
    AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
    AlternateDataStreams: C:\ProgramData\TEMP:7BFFC6A9
    AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
    AlternateDataStreams: C:\ProgramData\TEMP:8866C899
    AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB
    AlternateDataStreams: C:\ProgramData\TEMP:9725F1BC
    AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7
    AlternateDataStreams: C:\ProgramData\TEMP:9EDA68BD
    AlternateDataStreams: C:\ProgramData\TEMP:A6F28514
    AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
    AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4
    AlternateDataStreams: C:\ProgramData\TEMP:BACC4A79
    AlternateDataStreams: C:\ProgramData\TEMP:BCF55336
    AlternateDataStreams: C:\ProgramData\TEMP:C5340FA1
    AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
    AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
    AlternateDataStreams: C:\ProgramData\TEMP:F3A185AE
    AlternateDataStreams: C:\ProgramData\TEMP:F5D01D7C
    AlternateDataStreams: C:\ProgramData\TEMP:F7F4DC88
    AlternateDataStreams: C:\ProgramData\TEMP:FBD274CF

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bloggie Watcher Utility.lnk => C:\Windows\pss\Bloggie Watcher Utility.lnk.CommonStartup

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{7C5A5338-F72E-4938-AB6F-7706E28E6B04}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [{0057456E-9E5A-4244-9928-12DACBF1D78B}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [{390F61A7-E5B8-42EA-BEA2-42A191F32286}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdupswx.exe
    FirewallRules: [{CC9332FB-640F-4D0A-812B-826910443719}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdupswx.exe
    FirewallRules: [{FD2F00EB-CD95-4EF2-97EF-254CFE786D5C}] => (Allow) C:\Windows\system32\lxducoms.exe
    FirewallRules: [{BA47EA29-A587-453F-9025-1B34D82726AB}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdupswx.exe
    FirewallRules: [{0C9305D1-0DAF-4241-A1D1-42619520581B}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdutime.exe
    FirewallRules: [{870F275F-28CD-4EB7-B6F4-D997264FA7EE}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [TCP Query User{7C38D15E-84D1-4D28-8A4C-CA4E523F223C}C:\pfs\callatl\rteng9.exe] => (Allow) C:\pfs\callatl\rteng9.exe
    FirewallRules: [UDP Query User{673F1310-9AD0-4BBC-B18F-442BE39FD5D0}C:\pfs\callatl\rteng9.exe] => (Allow) C:\pfs\callatl\rteng9.exe
    FirewallRules: [{43BB817B-AF40-4422-8791-285F3F98BD49}] => (Allow) LPort=24726
    FirewallRules: [{5162AECD-D2BC-4F1A-9816-20CBEDB3FC05}] => (Allow) LPort=24727
    FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    FirewallRules: [{9098D532-612F-48C8-8923-1E3C7FB50CA5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{EF8E9E04-7982-4CCB-80A6-EFB2EB8BD028}] => (Allow) LPort=2869
    FirewallRules: [{0CC53702-174F-451C-8754-5997103EF2DF}] => (Allow) LPort=1900
    FirewallRules: [{1C67F0BD-A6CF-4AF1-9C51-F64C46E12843}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{E4321035-5060-4F12-AB74-4734C39EAE05}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{E19D36B9-7470-41BC-9FBB-1ED310B2E079}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{9A3D4681-4B61-49DC-BC38-3438BDBFDAD2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{B4A5EBA3-A393-4148-A340-2008967A237D}] => (Allow) C:\Windows\System32\lxducoms.exe
    FirewallRules: [{50E938A2-E085-4DC8-96BB-ACA67F97F453}] => (Allow) C:\Windows\System32\lxducoms.exe
    FirewallRules: [{E0B1A189-5525-4205-AFBB-58E8E667FE25}] => (Allow) C:\Windows\system32\lxducoms.exe
    FirewallRules: [{F3EB8F2B-D946-4F08-9E36-E3F94FDE1D17}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdupswx.exe
    FirewallRules: [{3E1C8699-E24C-4403-BC74-9EF40A3D0AA6}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdutime.exe
    FirewallRules: [{DF51830B-9048-4CCF-AF8C-D0554A4CC193}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
    FirewallRules: [{3B4207E0-01D3-4368-BE3C-C49E51564088}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{08001908-4762-452D-AB52-C18E72304B05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F9C46B0D-D164-4001-9D95-D0CAFC758517}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{49223DC9-851E-470E-8B52-2FDE85E595FA}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [{2BF6E7AD-07E0-4940-9AF7-B508E31D41C5}] => (Allow) C:\Program Files (x86)\File Type Assistant\TSAssist.exe
    FirewallRules: [TCP Query User{BDB580B7-29BA-4760-9824-BFF21B37F786}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [UDP Query User{32485362-4667-4865-AAFE-7136AC0060E1}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [{7A83E206-95DC-4333-A1B8-596BDF527B91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{EAB418D6-FC30-4F0C-AB5D-F1CC297188D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{346D5A04-EB43-479C-AA00-B0BD10C342CA}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{43AFECE6-6716-4A97-AFA8-DBE995CA25BE}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{2900925A-1891-4398-B332-91A01E0E6628}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{CF7F4196-0DFC-43CA-908E-B8C14D27460E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{56CBB2DC-6156-48E1-BB3E-C7B962CD3EF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6800E130-FC92-44D8-BAA5-0762B3116440}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E6AFB813-1AD6-4FCB-995C-1431FAD9F978}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{DBBA8ACB-8333-40DC-9C1B-796A00E10D8E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Unknown Device
    Description: Unknown Device
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: (Standard USB Host Controller)
    Service:
    Problem: : Windows has stopped this device because it has reported problems. (Code 43)
    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/24/2015 09:22:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: handle_resolve_request bad interfaceIndex 24

    Error: (10/24/2015 09:22:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: handle_resolve_request bad interfaceIndex 23

    Error: (10/24/2015 09:22:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: handle_resolve_request bad interfaceIndex 22

    Error: (10/24/2015 09:22:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: handle_resolve_request bad interfaceIndex 21

    Error: (10/24/2015 09:22:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: handle_resolve_request bad interfaceIndex 20

    Error: (10/24/2015 09:22:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: handle_resolve_request bad interfaceIndex 19

    Error: (10/24/2015 09:22:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: handle_resolve_request bad interfaceIndex 18

    Error: (10/24/2015 09:22:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: handle_resolve_request bad interfaceIndex 17

    Error: (10/24/2015 09:22:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: handle_resolve_request bad interfaceIndex 16

    Error: (10/24/2015 09:22:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: handle_resolve_request bad interfaceIndex 15


    System errors:
    =============
    Error: (10/24/2015 06:36:40 AM) (Source: ipnathlp) (EventID: 31004) (User: )
    Description: 0

    Error: (10/24/2015 12:01:10 AM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/24/2015 12:01:07 AM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/24/2015 12:01:04 AM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/23/2015 11:23:37 PM) (Source: ipnathlp) (EventID: 31004) (User: )
    Description: 0

    Error: (10/23/2015 06:02:11 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/23/2015 06:02:09 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/23/2015 06:02:06 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/23/2015 04:40:40 PM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume K: encountered a non-retryable error and could not start. The data contains the error code.

    Error: (10/23/2015 04:39:13 PM) (Source: ipnathlp) (EventID: 30013) (User: )
    Description: 192.168.1.66192.168.137.0255.255.255.0


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz
    Percentage of memory in use: 69%
    Total physical RAM: 3839.23 MB
    Available physical RAM: 1173.81 MB
    Total Virtual: 7676.68 MB
    Available Virtual: 4358 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:698.54 GB) (Free:274.72 GB) NTFS
    Drive e: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
    Drive k: (My Passport) (Fixed) (Total:297.44 GB) (Free:0 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7FB1FA54)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 297.4 GB) (Disk ID: 00035F28)
    Partition 1: (Not Active) - (Size=297.4 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Gerry

    That's what I wanted, thanks.
    Ok, we have some work to do now.

    Step 1
    Recommendation.
    SuperAntiSpyware doesn't need to start when Windows starts.
    You can start it manually when you need to do a scan.

    To change this:
    Restart SuperAntiSpyware...
    Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'.
    Then click Close. and then Close on the next screen to exit the program.

    Step 2
    This will conflict with Eset.
    In fact Eset should have disabled WD when it installed.

    • Click Start >> Control Panel >> Windows Defender or launch from the system tray icon.
    • Click on Tools & Settings >> Options.
    • Under Real-time protection options, uncheck the "Real-time protection" check box.
    • Click Save.
    • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.

    Step 3
    You have another conflict here:

    2 software Firewalls running can seriously hamper your system

    How to turn off Windows Firewall:
    Start ... Control Panel ...click on 'Classic View'.
    now select Windows Firewall.
    When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok

    Step 4
    Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Home\Downloads.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.

    Step 5

    This could be an indication that your Hard Drive might be starting to fail.
    We'll run a checkdisc just incase it's a simple fix....... but you should make sure that you have everything backed up just in case the Hard Drive does fail.

    You can do this by running the Scandisk utility within Windows.
    • Click Start >> Computer
    • Right click on your main drive (usually 'C')
    • Select Properties
    • Click on the Tools tab
    • Under Error Checking.. Click Check Now
    • Tick the options that you require ( I recommend that you tick both options )
    • Click Start
    • On the screen that comes up.. Click Yes then OK
    • Now restart your computer.
    Note: Be patient. Analyzing the drive can be a lengthy process

    That should be enough for now.

    In your next reply, please submit:
    Fixlog.txt from FRST

    and let me know if the system is running any better now.


    Thanks.
     

    Attached Files:

  8. Gerry7371

    Gerry7371 Registered Members

    Joined:
    Oct 22, 2015
    Messages:
    41
    Operating System:
    Windows 7
    As Requested - will my yahoo e-mail work now? also how do I fix my iphone as I believe it picked up the virus and transmitted it to my pc. or is that another issue?

    Fix result of Farbar Recovery Scan Tool (x64) Version:24-10-2015
    Ran by Home (2015-10-24 12:27:36) Run:1
    Running from C:\Users\Home\Downloads
    Loaded Profiles: Home & UpdatusUser (Available Profiles: Home & Lynne & Lisa & UpdatusUser & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\...\RunOnce: [ZS_cleanuptmp] => "C:\Windows\system32\cmd.exe" /c rmdir /q /s "C:\Users\Home\AppData\Local\Temp\ZenSearch" <===== ATTENTION
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    GroupPolicyUsers\S-1-5-21-2430930441-2580859966-3045845237-1006\User: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-2430930441-2580859966-3045845237-1000 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL =
    BHO-x32: No Name -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> No File
    BHO-x32: XBTBPos00 Class -> {EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8} -> C:\Program Files (x86)\Brand Thunder\IE\tbcore3.dll => No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    FF SelectedSearchEngine: Binkiland
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\bing-avast.xml [2014-06-30]
    FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\google-avast.xml [2014-11-15]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
    FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension => not found
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
    CHR Plugin: (Application Manager) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
    CHR Extension: (Avast SafePrice) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-05-29]
    S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2015-10-23 16:37 - 2012-08-14 22:07 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-02-06 11:42 - 2015-02-06 11:42 - 0225190 _____ () C:\ProgramData\SPL1107.tmp
    2014-09-22 09:36 - 2014-09-22 09:36 - 5471854 _____ () C:\ProgramData\SPL14E.tmp
    2014-02-23 16:57 - 2014-02-23 16:57 - 2088164 _____ () C:\ProgramData\SPL1969.tmp
    2014-06-20 10:27 - 2014-06-20 10:27 - 0513379 _____ () C:\ProgramData\SPL1F43.tmp
    2014-06-05 17:59 - 2014-06-05 17:59 - 1819997 _____ () C:\ProgramData\SPL372E.tmp
    2015-01-31 10:38 - 2015-01-31 10:38 - 6887886 _____ () C:\ProgramData\SPL3BF6.tmp
    2015-01-31 15:41 - 2015-01-31 15:41 - 17780750 _____ () C:\ProgramData\SPL3F6.tmp
    2015-02-09 16:54 - 2015-02-09 16:54 - 0606599 _____ () C:\ProgramData\SPL4474.tmp
    2015-06-05 13:34 - 2015-06-05 13:34 - 0371852 _____ () C:\ProgramData\SPL558F.tmp
    2015-01-31 10:36 - 2015-01-31 10:36 - 6887886 _____ () C:\ProgramData\SPL57C7.tmp
    2015-04-01 12:04 - 2015-04-01 12:04 - 0241596 _____ () C:\ProgramData\SPL6C14.tmp
    2014-02-23 19:24 - 2014-02-23 19:24 - 2088164 _____ () C:\ProgramData\SPL736C.tmp
    2015-01-12 14:06 - 2015-01-12 14:06 - 0101442 _____ () C:\ProgramData\SPL740.tmp
    2015-05-01 10:50 - 2015-05-01 10:50 - 0521411 _____ () C:\ProgramData\SPL76B6.tmp
    2014-08-13 21:31 - 2014-08-13 21:31 - 6251160 _____ () C:\ProgramData\SPL7DD6.tmp
    2015-07-19 11:53 - 2015-07-19 11:53 - 0140631 _____ () C:\ProgramData\SPL82D5.tmp
    2015-04-06 11:34 - 2015-04-06 11:34 - 0099760 _____ () C:\ProgramData\SPL8729.tmp
    2015-03-30 10:49 - 2015-03-30 10:49 - 2496910 _____ () C:\ProgramData\SPL95D.tmp
    2015-06-03 19:37 - 2015-06-03 19:37 - 0723546 _____ () C:\ProgramData\SPL96A5.tmp
    2015-01-31 13:55 - 2015-01-31 13:55 - 17780750 _____ () C:\ProgramData\SPLB46.tmp
    2015-01-26 10:28 - 2015-01-26 10:28 - 0611143 _____ () C:\ProgramData\SPLB8F.tmp
    2014-02-23 15:47 - 2014-02-23 15:47 - 2088164 _____ () C:\ProgramData\SPLC4CF.tmp
    2012-12-21 18:42 - 2012-12-21 18:42 - 0860404 _____ () C:\ProgramData\SPLC6C7.tmp
    2014-04-29 15:16 - 2014-04-29 15:16 - 0678620 _____ () C:\ProgramData\SPLCE81.tmp
    2015-04-09 11:48 - 2015-04-09 11:48 - 0326714 _____ () C:\ProgramData\SPLD29C.tmp
    2015-03-23 10:55 - 2015-03-23 10:55 - 2815712 _____ () C:\ProgramData\SPLDCC4.tmp
    2015-06-24 10:57 - 2015-06-24 10:57 - 1565830 _____ () C:\ProgramData\SPLDED2.tmp
    2014-08-13 21:52 - 2014-08-13 21:52 - 0201922 _____ () C:\ProgramData\SPLE649.tmp
    2015-06-05 12:32 - 2015-06-05 12:32 - 0195126 _____ () C:\ProgramData\SPLE849.tmp
    2015-06-20 14:15 - 2015-06-20 14:15 - 3863779 _____ () C:\ProgramData\SPLEC13.tmp
    2015-05-10 09:33 - 2015-05-10 09:33 - 0609767 _____ () C:\ProgramData\SPLF53A.tmp
    2012-12-18 19:58 - 2012-12-18 19:58 - 0771125 _____ () C:\ProgramData\SPLF5EE.tmp
    Task: {1E2C82E9-E651-4ABA-B58A-89E85825798F} - System32\Tasks\{F0356419-2E7F-4463-9FFB-654DB8FB6CC8} => pcalua.exe -a "C:\Program Files (x86)\Driver Support\Driver Support\ISUninstall.exe" -d "C:\Program Files (x86)\Driver Support\Driver Support"
    Task: {5C35B339-5BD6-4ABA-A74B-EBDB31913916} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
    Task: {624DFA88-71BE-442F-8ABD-037ABDB1BF54} - \HDNINSTSCHD -> No File <==== ATTENTION
    Task: {8EDCC535-D22E-4D69-A523-B8590BF50F34} - \UPDTEXE4_WDR -> No File <==== ATTENTION
    Task: {9F702AB4-45E8-445D-A184-91F3B868B668} - \IE_ERR4WDR -> No File <==== ATTENTION
    Task: {AA509B71-43CB-423B-8DDE-0648769FE0A1} - System32\Tasks\{0108DE2A-B46B-47AF-8EA0-0AA42F16550C} => pcalua.exe -a "C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1B4VEP9Z\microsoft net framework setup.exe" -d C:\Users\Home\Desktop
    Task: {B8DF2FBF-0B5B-40D5-A1A1-0AD5E406CF7A} - System32\Tasks\{84BC2D11-AF9A-49AF-8126-94245D2F1A72} => pcalua.exe -a D:\Setup.EXE -d D:\
    Task: {BD5B47D3-65C3-4524-B1F1-D3867DE18CFE} - System32\Tasks\ZenSearch\Updater\ZenSearch updater => C:\Program Files (x86)\ZenSearch Updater\updater.exe <==== ATTENTION
    Task: {C04D79D3-0B52-475C-B9AF-73098C5AAA38} - \Binkiland casi -> No File <==== ATTENTION
    Task: {F477F341-82E9-4CA8-9CAE-ADD70AC05BCC} - \boosterpop -> No File <==== ATTENTION
    Task: {D31C2EC0-2A91-43BF-9FD0-22A95C0E62EF} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer A1PCCleaner\updater.exe
    Task: {FB5CE51F-F131-4B16-96B8-5B9056100DF8} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer A1PCCleaner\Popialert.exe
    AlternateDataStreams: C:\ProgramData\TEMP:0168CC60
    AlternateDataStreams: C:\ProgramData\TEMP:0474F714
    AlternateDataStreams: C:\ProgramData\TEMP:10CB85CA
    AlternateDataStreams: C:\ProgramData\TEMP:234E9CC5
    AlternateDataStreams: C:\ProgramData\TEMP:2AC146B9
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:2F360FB3
    AlternateDataStreams: C:\ProgramData\TEMP:32289BE8
    AlternateDataStreams: C:\ProgramData\TEMP:32EA849C
    AlternateDataStreams: C:\ProgramData\TEMP:371060CE
    AlternateDataStreams: C:\ProgramData\TEMP:3F266659
    AlternateDataStreams: C:\ProgramData\TEMP:48862C37
    AlternateDataStreams: C:\ProgramData\TEMP:4CD3F344
    AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3
    AlternateDataStreams: C:\ProgramData\TEMP:7BFFC6A9
    AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
    AlternateDataStreams: C:\ProgramData\TEMP:8866C899
    AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB
    AlternateDataStreams: C:\ProgramData\TEMP:9725F1BC
    AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7
    AlternateDataStreams: C:\ProgramData\TEMP:9EDA68BD
    AlternateDataStreams: C:\ProgramData\TEMP:A6F28514
    AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
    AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4
    AlternateDataStreams: C:\ProgramData\TEMP:BACC4A79
    AlternateDataStreams: C:\ProgramData\TEMP:BCF55336
    AlternateDataStreams: C:\ProgramData\TEMP:C5340FA1
    AlternateDataStreams: C:\ProgramData\TEMP:E47BBD7B
    AlternateDataStreams: C:\ProgramData\TEMP:F2E92DCD
    AlternateDataStreams: C:\ProgramData\TEMP:F3A185AE
    AlternateDataStreams: C:\ProgramData\TEMP:F5D01D7C
    AlternateDataStreams: C:\ProgramData\TEMP:F7F4DC88
    AlternateDataStreams: C:\ProgramData\TEMP:FBD274CF
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:

    *****************

    HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ZS_cleanuptmp => value removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2430930441-2580859966-3045845237-1006\User => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    "HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Google" => key removed successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => key removed successfully
    HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully
    HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found.
    "HKU\S-1-5-21-2430930441-2580859966-3045845237-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D}" => key removed successfully
    HKCR\CLSID\{EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{D2C5E510-BE6D-42CC-9F61-E4F939078474} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
    Firefox SelectedSearchEngine removed successfully
    C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\bing-avast.xml => moved successfully
    C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\searchplugins\google-avast.xml => moved successfully
    HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
    HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
    HKU\.DEFAULT\Software\Mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} => value removed successfully
    C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => not found.
    C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => not found.
    C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => not found.
    C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll => not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => not found.
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => not found.
    C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
    C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
    C:\Windows\SysWOW64\npDeployJava1.dll => not found.
    C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => moved successfully
    AvastVBoxSvc => service removed successfully
    MREMPR5 => service removed successfully
    MRENDIS5 => service removed successfully
    Synth3dVsc => service removed successfully
    tsusbhub => service removed successfully
    VBoxAswDrv => service removed successfully
    VGPU => service removed successfully
    C:\ProgramData\AVAST Software => moved successfully
    C:\ProgramData\SPL1107.tmp => moved successfully
    C:\ProgramData\SPL14E.tmp => moved successfully
    C:\ProgramData\SPL1969.tmp => moved successfully
    C:\ProgramData\SPL1F43.tmp => moved successfully
    C:\ProgramData\SPL372E.tmp => moved successfully
    C:\ProgramData\SPL3BF6.tmp => moved successfully
    C:\ProgramData\SPL3F6.tmp => moved successfully
    C:\ProgramData\SPL4474.tmp => moved successfully
    C:\ProgramData\SPL558F.tmp => moved successfully
    C:\ProgramData\SPL57C7.tmp => moved successfully
    C:\ProgramData\SPL6C14.tmp => moved successfully
    C:\ProgramData\SPL736C.tmp => moved successfully
    C:\ProgramData\SPL740.tmp => moved successfully
    C:\ProgramData\SPL76B6.tmp => moved successfully
    C:\ProgramData\SPL7DD6.tmp => moved successfully
    C:\ProgramData\SPL82D5.tmp => moved successfully
    C:\ProgramData\SPL8729.tmp => moved successfully
    C:\ProgramData\SPL95D.tmp => moved successfully
    C:\ProgramData\SPL96A5.tmp => moved successfully
    C:\ProgramData\SPLB46.tmp => moved successfully
    C:\ProgramData\SPLB8F.tmp => moved successfully
    C:\ProgramData\SPLC4CF.tmp => moved successfully
    C:\ProgramData\SPLC6C7.tmp => moved successfully
    C:\ProgramData\SPLCE81.tmp => moved successfully
    C:\ProgramData\SPLD29C.tmp => moved successfully
    C:\ProgramData\SPLDCC4.tmp => moved successfully
    C:\ProgramData\SPLDED2.tmp => moved successfully
    C:\ProgramData\SPLE649.tmp => moved successfully
    C:\ProgramData\SPLE849.tmp => moved successfully
    C:\ProgramData\SPLEC13.tmp => moved successfully
    C:\ProgramData\SPLF53A.tmp => moved successfully
    C:\ProgramData\SPLF5EE.tmp => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E2C82E9-E651-4ABA-B58A-89E85825798F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E2C82E9-E651-4ABA-B58A-89E85825798F}" => key removed successfully
    C:\Windows\System32\Tasks\{F0356419-2E7F-4463-9FFB-654DB8FB6CC8} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0356419-2E7F-4463-9FFB-654DB8FB6CC8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C35B339-5BD6-4ABA-A74B-EBDB31913916}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C35B339-5BD6-4ABA-A74B-EBDB31913916}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{624DFA88-71BE-442F-8ABD-037ABDB1BF54}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{624DFA88-71BE-442F-8ABD-037ABDB1BF54}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDNINSTSCHD => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EDCC535-D22E-4D69-A523-B8590BF50F34}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EDCC535-D22E-4D69-A523-B8590BF50F34}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPDTEXE4_WDR => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F702AB4-45E8-445D-A184-91F3B868B668}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F702AB4-45E8-445D-A184-91F3B868B668}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IE_ERR4WDR => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA509B71-43CB-423B-8DDE-0648769FE0A1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA509B71-43CB-423B-8DDE-0648769FE0A1}" => key removed successfully
    C:\Windows\System32\Tasks\{0108DE2A-B46B-47AF-8EA0-0AA42F16550C} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0108DE2A-B46B-47AF-8EA0-0AA42F16550C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8DF2FBF-0B5B-40D5-A1A1-0AD5E406CF7A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8DF2FBF-0B5B-40D5-A1A1-0AD5E406CF7A}" => key removed successfully
    C:\Windows\System32\Tasks\{84BC2D11-AF9A-49AF-8126-94245D2F1A72} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84BC2D11-AF9A-49AF-8126-94245D2F1A72}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD5B47D3-65C3-4524-B1F1-D3867DE18CFE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD5B47D3-65C3-4524-B1F1-D3867DE18CFE}" => key removed successfully
    C:\Windows\System32\Tasks\ZenSearch\Updater\ZenSearch updater => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZenSearch\Updater\ZenSearch updater" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C04D79D3-0B52-475C-B9AF-73098C5AAA38}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C04D79D3-0B52-475C-B9AF-73098C5AAA38}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Binkiland casi => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F477F341-82E9-4CA8-9CAE-ADD70AC05BCC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F477F341-82E9-4CA8-9CAE-ADD70AC05BCC}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D31C2EC0-2A91-43BF-9FD0-22A95C0E62EF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D31C2EC0-2A91-43BF-9FD0-22A95C0E62EF}" => key removed successfully
    C:\Windows\System32\Tasks\AI_Updater => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AI_Updater" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB5CE51F-F131-4B16-96B8-5B9056100DF8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB5CE51F-F131-4B16-96B8-5B9056100DF8}" => key removed successfully
    C:\Windows\System32\Tasks\IEError => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IEError" => key removed successfully
    C:\ProgramData\TEMP => ":0168CC60" ADS removed successfully.
    C:\ProgramData\TEMP => ":0474F714" ADS removed successfully.
    C:\ProgramData\TEMP => ":10CB85CA" ADS removed successfully.
    C:\ProgramData\TEMP => ":234E9CC5" ADS removed successfully.
    C:\ProgramData\TEMP => ":2AC146B9" ADS removed successfully.
    C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
    C:\ProgramData\TEMP => ":2F360FB3" ADS removed successfully.
    C:\ProgramData\TEMP => ":32289BE8" ADS removed successfully.
    C:\ProgramData\TEMP => ":32EA849C" ADS removed successfully.
    C:\ProgramData\TEMP => ":371060CE" ADS removed successfully.
    C:\ProgramData\TEMP => ":3F266659" ADS removed successfully.
    C:\ProgramData\TEMP => ":48862C37" ADS removed successfully.
    C:\ProgramData\TEMP => ":4CD3F344" ADS removed successfully.
    C:\ProgramData\TEMP => ":7687A3E3" ADS removed successfully.
    C:\ProgramData\TEMP => ":7BFFC6A9" ADS removed successfully.
    C:\ProgramData\TEMP => ":7FA0D639" ADS removed successfully.
    C:\ProgramData\TEMP => ":8866C899" ADS removed successfully.
    C:\ProgramData\TEMP => ":922DA2DB" ADS removed successfully.
    C:\ProgramData\TEMP => ":9725F1BC" ADS removed successfully.
    C:\ProgramData\TEMP => ":997DA6D7" ADS removed successfully.
    C:\ProgramData\TEMP => ":9EDA68BD" ADS removed successfully.
    C:\ProgramData\TEMP => ":A6F28514" ADS removed successfully.
    C:\ProgramData\TEMP => ":AECF4772" ADS removed successfully.
    C:\ProgramData\TEMP => ":B96C57D4" ADS removed successfully.
    C:\ProgramData\TEMP => ":BACC4A79" ADS removed successfully.
    C:\ProgramData\TEMP => ":BCF55336" ADS removed successfully.
    C:\ProgramData\TEMP => ":C5340FA1" ADS removed successfully.
    C:\ProgramData\TEMP => ":E47BBD7B" ADS removed successfully.
    C:\ProgramData\TEMP => ":F2E92DCD" ADS removed successfully.
    C:\ProgramData\TEMP => ":F3A185AE" ADS removed successfully.
    C:\ProgramData\TEMP => ":F5D01D7C" ADS removed successfully.
    C:\ProgramData\TEMP => ":F7F4DC88" ADS removed successfully.
    C:\ProgramData\TEMP => ":FBD274CF" ADS removed successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 217.3 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 12:27:57 ====
     
  9. Gerry7371

    Gerry7371 Registered Members

    Joined:
    Oct 22, 2015
    Messages:
    41
    Operating System:
    Windows 7
    yahoo e-mail still not connecting and when I ran scan disk - it froze up twice at CHKDSK 4 0f 5 11 percent complete 41719 of 276976.
    Don't know why its doing that. never stopped before.
    what's ur thoughts?
     
  10. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    This could well indicate a failing hard drive.
    Do you know what hard drive is installed in your PC?

    if not, this will help.

    Download Speccy and save it to your desktop.
    • Double click the downloaded icon to run the installer
    • Vista, Win7/Win8 and Win10 users right click and select 'run as Administrator'.
    • Follow the onscreen prompts...but do NOT allow it to add Google Chrome as your default browser if asked..
    • Make sure that 'Run Speccy' is ticked at the end and click Finish.
    Your system will now be analyzed and the information will appear in the Speccy window once complete.

    To view the Hard Drive info, click on the Hard Drive heading on the left hand side.
    You could also check the temp range and status..... this will give you a quick guide to any problem.

    Once you know the make and model.... go to the makers website and search for Hard Drive testing utility.
    Run this and check the HD..... this will tell you if the Drive is beginning to fail.

    That we are unable to help with.
    Our tools only work on Windows based systems.
    As Apple is a completely different structure, I doubt that anything could be passed from an IPhone to the PC.

    Most of what we have removed is basically Adware.
    This Adware is something that you have probably allowed to be installed by downloading 'Free' programs.
    Adware is also called PuP's.
    Your title states:
    Who told you this?

    How are you connecting to Yahoo?
    is this by a third party program or by web mail?
     
    Last edited: Oct 24, 2015
  11. Gerry7371

    Gerry7371 Registered Members

    Joined:
    Oct 22, 2015
    Messages:
    41
    Operating System:
    Windows 7
    loaded speccy - checked with mfg of hard drive and ran test. Everything came out ok. temp is running 33C. no visible signs of trouble.
    as far as who told me I had Koobface - I reached out to Yahoo tech support to find out why my e-mail wouldn't connect. He tagged onto my machine remotely and ran some diagnosis. results were -APPLICATIONS ERROR....NETWORK ACCESS PROTECTION STOPPED...3 FRADULENT PUBLISHER...KOOBFACE...HACKER
    So this is when I reached out for help. my yahoo e-mail has been running with no problems thru outlook e-mail. now it ount connect and says - Outlook cannot connect to your POP3 email server. none of the authentication methods supported by this client are supported by your server.
    It was working fine before, then suddenly stopped. my iphone, and galaxy tab use the same network and they both work fine. only my desktop has this issue. Doesn't make sense to me.
     
  12. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Gerry,

    Sounds like the old Yahoo/Koobface scam.
    It has been doing the rounds again:

    https://uk.answers.yahoo.com/question/index?qid=20150626130211AApIfyG

    https://community.webroot.com/t5/In...-there-is-a-virus-called-koobface/td-p/191567

    https://support.avg.com/answers?id=906b00000008phYAAQ

    https://www.callercenter.com/888-224-8533.html

    Why anyone has anything to do with Yahoo is beyond me.
    It has one of the most insecure systems going.
    I know a lot will disagree with me on this.... but I do see a lot of Yahoo problems.

    A word of warning.... NEVER LET ANYONE REMOTELY ACCESS YOUR MACHINE, no matter who they are.

    I see that you only recently downloaded Eset:
    Koobface would have blocked this and any other Anti Virus/Anti Malware site.

    Have you tried checking your mail through the Yahoo site?
    Have you double checked that the account info has been entered correctly into Outlook and hasn't been changed or become corrupt?
    especially the POP settings.
    Have you tried starting a new profile in Outlook and entering the info freshly?
    Have you tried running a repair on Outlook?
    From Control Panel, open Add/Remove Programs. Select Office 2007 and click the Change button Select Repair and follow the prompts.

    Outlook also has an inbox repair tool.....
    Using the Inbox Repair Tool

    If there is any trace of Koobface on the system, this tool will find it..

    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    43c570796652d991e1e20da3e3b6dbf8.gif


    800cf471fe28906ff16e98b15f499276.gif

    This is an example, you may rename ComboFix to anything you want.


    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  13. Gerry7371

    Gerry7371 Registered Members

    Joined:
    Oct 22, 2015
    Messages:
    41
    Operating System:
    Windows 7
    I tried to fix the outlook program as described as well as tried to repair it thru the control panel both of which failed. Control panel wouldn't complete the repair and even though I manually entered the location in the scanfix window it keep telling me that file didn't exist.
    Is there another outlook program that I can install and remove my current one? included is the combo fix file. Had to manually remove the Malware program to do it as it kept interrupting the scan. took awhile for it to run.

    ComboFix 15-10-26.01 - Home 10/26/2015 15:33:47.3.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3839.1655 [GMT -4:00]
    Running from: c:\users\Home\Desktop\Combo-Fix.exe
    AV: ESET Smart Security 9.0.318.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
    FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
    SP: ESET Smart Security 9.0.318.0 *Disabled/Outdated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\lxduJSW.log
    c:\programdata\SPLFCA6.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_pcCMService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-09-26 to 2015-10-26 )))))))))))))))))))))))))))))))
    .
    .
    2015-10-26 19:42 . 2015-10-26 19:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2015-10-26 19:42 . 2015-10-26 19:42 -------- d-----w- c:\users\Lynne\AppData\Local\temp
    2015-10-26 19:42 . 2015-10-26 19:42 -------- d-----w- c:\users\Lisa\AppData\Local\temp
    2015-10-25 15:14 . 2015-10-25 15:14 -------- d-----w- c:\program files (x86)\Common Files\Java
    2015-10-25 14:27 . 2015-10-25 14:27 -------- d-----w- c:\program files\Speccy
    2015-10-23 21:06 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6905B96C-D2D9-4552-91ED-5993F7CBBCD1}\mpengine.dll
    2015-10-23 20:30 . 2015-10-23 20:30 -------- d-s---w- c:\windows\SysWow64\Microsoft
    2015-10-23 14:01 . 2015-10-23 14:07 -------- d-----w- C:\AdwCleaner
    2015-10-23 13:36 . 2015-10-24 16:31 -------- d-----w- C:\FRST
    2015-10-22 18:47 . 2015-10-22 18:47 -------- d-----w- c:\program files\ESET
    2015-10-22 16:24 . 2015-10-22 16:46 -------- d-----w- c:\program files (x86)\Citrix
    2015-10-22 16:24 . 2015-10-22 16:24 -------- d-----w- c:\users\Home\AppData\Local\Citrix
    2015-10-17 15:38 . 2015-10-17 15:38 -------- d-----w- C:\SUPERDelete
    2015-10-14 19:55 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
    2015-10-14 19:55 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
    2015-10-14 19:55 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
    2015-10-14 19:55 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
    2015-10-14 19:55 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
    2015-10-14 19:55 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll
    2015-10-14 19:55 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
    2015-10-14 01:53 . 2015-09-25 18:07 98816 ----a-w- c:\windows\system32\wudriver.dll
    2015-10-14 01:52 . 2015-10-01 18:06 692672 ----a-w- c:\windows\system32\winload.efi
    2015-10-14 01:52 . 2015-10-01 18:04 616360 ----a-w- c:\windows\system32\winresume.efi
    2015-10-14 01:52 . 2015-10-01 18:00 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
    2015-10-14 01:52 . 2015-10-01 18:00 59392 ----a-w- c:\windows\system32\appidapi.dll
    2015-10-14 01:52 . 2015-10-01 18:00 32768 ----a-w- c:\windows\system32\appidsvc.dll
    2015-10-14 01:52 . 2015-10-01 18:00 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
    2015-10-14 01:52 . 2015-10-01 18:00 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
    2015-10-14 01:52 . 2015-10-01 17:50 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
    2015-10-14 01:52 . 2015-10-01 17:00 61440 ----a-w- c:\windows\system32\drivers\appid.sys
    2015-10-11 16:30 . 2015-10-11 16:30 -------- d-----w- c:\users\Lisa\.oracle_jre_usage
    2015-10-07 10:16 . 2015-10-07 10:16 142976 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
    2015-10-02 20:40 . 2015-10-02 20:40 17314496 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
    2015-09-26 23:19 . 2015-09-26 23:19 252648 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2015-09-26 23:19 . 2015-09-26 23:19 252648 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-10-25 15:13 . 2014-08-23 18:06 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-10-17 14:13 . 2012-08-15 19:52 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-10-17 14:13 . 2012-08-15 19:52 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-10-14 07:09 . 2012-08-15 00:49 143481208 ----a-w- c:\windows\system32\MRT.exe
    2015-09-29 02:58 . 2015-10-14 01:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2015-09-02 03:04 . 2015-09-08 20:56 41984 ----a-w- c:\windows\system32\lpk.dll
    2015-09-02 03:04 . 2015-09-08 20:56 100864 ----a-w- c:\windows\system32\fontsub.dll
    2015-09-02 03:04 . 2015-09-08 20:56 14336 ----a-w- c:\windows\system32\dciman32.dll
    2015-09-02 03:04 . 2015-09-08 20:56 46080 ----a-w- c:\windows\system32\atmlib.dll
    2015-09-02 02:48 . 2015-09-08 20:56 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2015-09-02 02:48 . 2015-09-08 20:56 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
    2015-09-02 02:48 . 2015-09-08 20:56 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2015-09-02 02:47 . 2015-09-08 20:56 25600 ----a-w- c:\windows\SysWow64\lpk.dll
    2015-09-02 01:51 . 2015-09-08 20:56 3209216 ----a-w- c:\windows\system32\win32k.sys
    2015-09-02 01:47 . 2015-09-08 20:56 372736 ----a-w- c:\windows\system32\atmfd.dll
    2015-09-02 01:33 . 2015-09-08 20:56 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
    2015-08-27 18:18 . 2015-09-08 20:57 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2015-08-27 18:18 . 2015-09-08 20:57 1887232 ----a-w- c:\windows\system32\msxml3.dll
    2015-08-27 18:13 . 2015-09-08 20:57 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2015-08-27 18:13 . 2015-09-08 20:57 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2015-08-27 17:58 . 2015-09-08 20:57 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
    2015-08-27 17:58 . 2015-09-08 20:57 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
    2015-08-27 17:51 . 2015-09-08 20:57 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
    2015-08-27 17:51 . 2015-09-08 20:57 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2015-08-12 20:03 . 2015-08-12 20:03 96528 ----a-w- c:\windows\system32\dns-sd.exe
    2015-08-12 20:03 . 2015-08-12 20:03 86288 ----a-w- c:\windows\system32\dnssd.dll
    2015-08-12 20:03 . 2015-08-12 20:03 61712 ----a-w- c:\windows\system32\jdns_sd.dll
    2015-08-12 20:03 . 2015-08-12 20:03 213264 ----a-w- c:\windows\system32\dnssdX.dll
    2015-08-12 20:03 . 2015-08-12 20:03 84240 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2015-08-12 20:03 . 2015-08-12 20:03 72976 ----a-w- c:\windows\SysWow64\dnssd.dll
    2015-08-12 20:03 . 2015-08-12 20:03 50960 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2015-08-12 20:03 . 2015-08-12 20:03 178960 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2015-08-06 15:43 . 2015-08-06 15:43 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2015-08-06 15:43 . 2015-08-06 15:43 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2015-08-05 17:56 . 2015-09-08 20:59 1110016 ----a-w- c:\windows\system32\schedsvc.dll
    2015-08-05 17:56 . 2015-09-08 20:59 24576 ----a-w- c:\windows\system32\jnwmon.dll
    2015-08-05 17:56 . 2015-09-08 20:59 275456 ----a-w- c:\windows\system32\InkEd.dll
    2015-08-05 17:40 . 2015-09-08 20:59 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
    2015-07-30 18:06 . 2015-08-12 08:23 1648128 ----a-w- c:\windows\system32\DWrite.dll
    2015-07-30 18:06 . 2015-08-12 08:23 1180160 ----a-w- c:\windows\system32\FntCache.dll
    2015-07-30 18:06 . 2015-08-12 08:23 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2015-07-30 17:57 . 2015-08-12 08:23 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
    2015-07-30 17:57 . 2015-08-12 08:23 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2015-07-30 16:41 . 2015-07-30 16:41 69840 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
    2015-07-30 16:41 . 2015-07-30 16:41 52872 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
    2015-07-30 16:41 . 2015-07-30 16:41 264040 ----a-w- c:\windows\system32\drivers\eamonm.sys
    2015-07-30 16:41 . 2015-07-30 16:41 206312 ----a-w- c:\windows\system32\drivers\epfw.sys
    2015-07-30 16:41 . 2015-07-30 16:41 186784 ----a-w- c:\windows\system32\drivers\ehdrv.sys
    2015-07-30 13:13 . 2015-08-13 07:21 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-07-30 13:13 . 2015-08-13 07:21 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-04-26 43816]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2015-04-26 43816]
    "AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2015-04-26 1079592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-09-15 60688]
    "WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2015-07-20 5564784]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-06 597040]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bloggie Watcher Utility.lnk - c:\program files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe [2011-6-9 746856]
    NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2012-8-14 4545024]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
    WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe View=show_in_tray [2009-11-13 9117504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "RequireSignedAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
    S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
    S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    S2 ATT MAHostService;ATT MAHostService;c:\program files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe;c:\program files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
    S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [x]
    S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe;c:\windows\SYSNATIVE\lxducoms.exe [x]
    S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxduserv.exe [x]
    S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
    S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
    S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
    S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
    S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
    S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-10-25 17:26 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-19 14:13]
    .
    2015-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf297bb0803088.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-15 01:08]
    .
    2015-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-15 01:08]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2009-09-04 676520]
    "EzPrint"="c:\program files (x86)\Lexmark 5600-6600 Series\ezprint.exe" [2009-09-04 131752]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-09-15 170256]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/?gws_rd=ssl
    mStart Page = https://www.google.com/?trackid=sp-006
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = https://www.google.com/search?q={searchTerms}
    mSearch Bar = https://www.google.com/?trackid=sp-006
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: eset.com\help
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{E4238440-9D19-4259-90B4-58597A57EFB1}: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\qg6l8sx9.default\
    FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxps://www.google.com/search
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
    Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNA1100\jswtrayutil.exe
    Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.19"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\ATT\8.2.1.6\ma\bin\node.exe
    c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    .
    **************************************************************************
    .
    Completion time: 2015-10-26 16:06:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-10-26 20:06
    .
    Pre-Run: 297,256,267,776 bytes free
    Post-Run: 296,464,343,040 bytes free
    .
    - - End Of File - - 0193AE387AB96536A264E41994134EF2
    A36C5E4F47E84449FF07ED3517B43A31
     
  14. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Do you still have the Microsoft Office Enterprise 2007 disc?
    If so and you still have the product key, you could run a reinstall.

    You also have on your system: Windows Live Essentials.
    Part of this is Windows Live Mail. ( this is the successor to the old Outlook Express)
    Using the whole package isn't really necessary .... you can just use Windows Live Mail.

    If that doesn't work for some reason, you can download it again:
    Windows Live Mail 2011

    How to use Windows Live Mail
     
  15. Gerry7371

    Gerry7371 Registered Members

    Joined:
    Oct 22, 2015
    Messages:
    41
    Operating System:
    Windows 7
    I don't have a disc for the Enterprise 2007. It was a preloaded program that was on here when I bought this PC.I remember outlook express. Use to use it. Worse case scenario I'll have to figure out where Ive used the yahoo e-mail address and replace the accounts with my other e-mail. Most of them are job search sites.
    Pc is running great. just puzzled as to why I cant fix the yahoo e-mail account. Keeps telling me I need authentication even tho I have the button clicked.
    Did the Combo fix file show anything?
    BTW - like your Icon. One of my favorite games on 360.
     
  16. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    The only items removed were leftovers from what had already been removed by FRST.

    Here are the settings you'll need to configure your mail client or app.
    It may be worth checking all of them.... nothing to lose.

    Incoming Mail (POP) Server
    • Server - pop.mail.yahoo.com
    • Port - 995
    • Requires SSL - Yes


    Outgoing Mail (SMTP) Server
    • Server - smtp.mail.yahoo.com
    • Port - 465 or 587
    • Requires SSL - Yes
    • Requires TLS - Yes (if available)
    • Requires authentication - Yes


    Your login info
    • Email address - Your full email address (name@domain.com.)
    • Password - Your account's password.
    • Requires authentication - Yes

    This may help:
    Unable to connect with POP?

    Thanks. :)
    The new assassin's creed syndicate is now out, so I may have to think about updating the pic lol.
     
  17. Gerry7371

    Gerry7371 Registered Members

    Joined:
    Oct 22, 2015
    Messages:
    41
    Operating System:
    Windows 7
    Hooray!!! Finally worked. I think it was the settings and the user name I was using was wrong I think as well.
    In either case, thank you for helping. It's frustrating when youi don't know whats going on.
    Good luck on the new game!!
    Assassins United!!
     
  18. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Nice one :thmbup:

    Let's finish the cleaning process and remove the tools we have used.
    We'll also set you a fresh restore point.

    Step 1
    Restart MBAM. (if installed)
    Click on the History tab >> Quarantine
    Tick to select all items (if any there ) and then click the Delete button.
    Close MBAM.


    Step 2
    Download Delfix and save it to your desktop.
    • Ensure Remove disinfection tools is checked.
    • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore

      e784dacb6998c919c2f136ca95e82545.png
      .
    • Click the Run button.
    When the tool has finished, a log will open in notepad.... but i don't actually need this report
    A reboot of the system is required to complete the removal of the tools/reports.


    Thank you.
    On a side note.... have you ever watched this:


    It's quite old now, but still enjoyable.

    Glad I was able to help.

    Safe surfing. 200636f9a90a19cb85ecf0ba93831af6.gif
     

Share This Page