August 4th, 2015, 10:59 AM
#16
forbar results
Part two of four
==================== NetSvcs (Whitelisted) ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-04 15:25 - 2015-08-04 15:25 - 00023953 _____ C:\Users\Desktop\FRST.txt
2015-08-03 21:30 - 2015-08-03 21:30 - 00000000 ____D C:\ProgramData\Google
2015-08-03 20:17 - 2015-08-03 20:37 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-03 20:17 - 2015-08-03 20:17 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-03 19:58 - 2015-08-04 15:25 - 00273882 _____ C:\Windows\WindowsUpdate.log
2015-08-02 22:03 - 2015-08-02 22:03 - 02169856 _____ (Farbar) C:\Users\Desktop\FRST64.exe
2015-08-02 19:59 - 2015-08-02 19:59 - 06162288 _____ ( ) C:\Users\Desktop\adblockplusie-1.4.exe
2015-08-01 23:26 - 2015-08-01 23:26 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-08-01 23:26 - 2015-08-01 23:26 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-07-29 23:46 - 2015-07-14 22:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-07-29 23:46 - 2015-07-14 22:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-07-29 23:46 - 2015-07-14 22:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-07-29 23:46 - 2015-06-12 18:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-07-29 23:46 - 2015-06-12 17:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-07-29 23:46 - 2015-06-09 19:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-29 23:45 - 2015-06-11 21:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-07-29 23:45 - 2015-06-11 21:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-07-29 23:45 - 2015-06-09 23:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-07-29 23:45 - 2015-06-09 23:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-07-29 23:45 - 2015-06-09 23:38 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-29 23:45 - 2015-05-12 01:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-29 23:45 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-07-29 23:45 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-07-29 23:45 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-07-29 23:39 - 2015-07-29 23:39 - 00000424 _____ C:\Users\gepuk2001\Desktop\This PC - Shortcut.lnk
2015-07-28 10:58 - 2015-07-25 14:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-25 08:44 - 2015-08-01 22:56 - 00003184 _____ C:\Windows\System32\Tasks\HPCeeScheduleForgepuk2001
2015-07-25 08:44 - 2015-08-01 22:56 - 00000362 _____ C:\Windows\Tasks\HPCeeScheduleFor.job
2015-07-23 09:39 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-07-22 20:28 - 2015-08-02 00:23 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-07-22 20:28 - 2015-07-22 20:28 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-21 20:14 - 2015-07-21 20:14 - 00000000 ____D C:\Users\Public\Documents\sun
2015-07-21 19:32 - 2015-07-14 15:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 19:32 - 2015-07-14 15:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 19:32 - 2015-07-14 15:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 19:32 - 2015-07-14 15:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-18 21:02 - 2015-07-18 21:02 - 00772016 _____ (ReimageĀ®) C:\Users\Downloads\ReimageRepair.exe
2015-07-18 10:53 - 2015-07-18 10:53 - 00003244 _____ C:\Windows\System32\Tasks\Pokki
2015-07-16 19:37 - 2015-08-03 21:16 - 00000420 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2015-07-16 19:37 - 2015-07-16 19:37 - 00003406 _____ C:\Windows\System32\Tasks\PrintProjects Communicator
2015-07-16 19:37 - 2015-07-16 19:37 - 00000000 ___RD C:\Users\gepuk2001\Documents\RocketLifeNetwork
2015-07-16 19:25 - 2015-06-29 23:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-16 19:25 - 2015-06-29 16:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-16 19:25 - 2015-06-29 16:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-16 19:25 - 2015-06-29 16:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-16 19:25 - 2015-06-29 16:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-16 19:25 - 2015-06-27 00:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-16 19:25 - 2015-06-27 00:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-16 19:25 - 2015-05-12 14:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-16 19:25 - 2015-05-11 17:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-16 19:25 - 2015-05-07 18:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-16 19:25 - 2015-05-07 18:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-16 19:25 - 2015-05-07 17:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-16 19:25 - 2015-05-07 17:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-16 19:25 - 2015-05-07 16:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-16 19:25 - 2015-05-07 16:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-16 19:25 - 2015-05-03 16:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 19:25 - 2015-05-03 16:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-16 19:25 - 2015-05-03 15:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 19:25 - 2015-05-03 15:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-16 19:25 - 2015-05-03 15:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-16 19:25 - 2015-05-03 15:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-16 19:25 - 2015-05-03 01:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-16 19:25 - 2015-04-30 00:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-16 19:25 - 2015-04-28 14:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-16 19:25 - 2015-04-28 14:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-16 19:25 - 2015-04-25 03:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-16 19:25 - 2015-04-23 16:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-16 19:25 - 2015-04-23 16:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-16 19:21 - 2015-07-16 19:37 - 00000000 ____D C:\Users\gepuk2001\AppData\Roaming\Visan
2015-07-16 19:21 - 2015-07-16 19:37 - 00000000 ____D C:\Users\gepuk2001\AppData\Roaming\PrintProjects
2015-07-16 19:21 - 2015-07-16 19:37 - 00000000 ____D C:\Users\gepuk2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrintProjects
2015-07-16 19:20 - 2015-07-16 19:20 - 29760376 _____ (RocketLife Inc.) C:\Users\gepuk2001\Downloads\PrintProjects.exe
2015-07-16 19:19 - 2015-07-16 19:19 - 00000000 ____D C:\Users\gepuk2001\AppData\Roaming\Temp
2015-07-15 22:20 - 2015-07-09 20:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 22:20 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 22:20 - 2015-07-09 17:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 22:20 - 2015-07-09 16:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 22:20 - 2015-07-09 16:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 22:20 - 2015-07-09 16:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 22:20 - 2015-07-09 16:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 22:20 - 2015-07-09 16:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 22:20 - 2015-07-09 16:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 22:20 - 2015-07-09 16:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 22:20 - 2015-07-09 16:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 22:20 - 2015-07-09 16:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 22:20 - 2015-07-09 16:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 22:20 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 22:20 - 2015-06-27 04:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 22:20 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 22:20 - 2015-06-25 03:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 22:18 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 22:18 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 22:18 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 22:18 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 22:18 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 22:18 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 22:18 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 22:18 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 22:18 - 2015-07-01 23:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 22:18 - 2015-07-01 22:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 22:18 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 22:18 - 2015-06-28 06:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 22:18 - 2015-06-28 06:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 22:18 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 22:18 - 2015-06-27 17:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 22:18 - 2015-06-27 04:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 22:18 - 2015-06-27 04:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 22:18 - 2015-06-27 04:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 22:18 - 2015-06-27 03:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 22:18 - 2015-06-27 03:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 22:18 - 2015-06-27 03:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 22:18 - 2015-06-27 02:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 22:18 - 2015-06-27 02:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 22:18 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 22:18 - 2015-06-15 23:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 22:18 - 2015-06-15 23:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 22:18 - 2015-06-15 23:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 22:18 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 22:18 - 2015-06-15 22:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 22:18 - 2015-06-15 22:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 22:18 - 2015-06-15 22:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 22:18 - 2015-06-15 22:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 22:18 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 22:18 - 2015-06-15 22:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 22:18 - 2015-06-15 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 22:18 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 22:18 - 2015-06-15 22:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 22:18 - 2015-06-15 21:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 22:18 - 2015-06-15 21:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 22:18 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 22:18 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 22:18 - 2015-06-15 21:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 22:18 - 2015-06-15 21:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 22:18 - 2015-06-15 21:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 22:18 - 2015-06-15 21:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 22:18 - 2015-06-15 21:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 22:18 - 2015-06-15 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 22:18 - 2015-06-15 20:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 22:18 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 22:18 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 22:18 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 22:17 - 2015-06-16 06:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 22:17 - 2015-06-16 06:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 22:17 - 2015-06-15 23:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 22:17 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 22:17 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 22:17 - 2015-06-15 22:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 22:17 - 2015-06-15 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 22:17 - 2015-06-15 22:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 22:17 - 2015-06-15 22:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 22:17 - 2015-06-15 22:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 22:17 - 2015-06-15 22:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 22:17 - 2015-06-15 21:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 22:17 - 2015-06-15 21:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 22:17 - 2015-06-15 21:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 22:17 - 2015-06-15 21:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 22:17 - 2015-06-15 21:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 22:17 - 2015-06-11 04:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 22:17 - 2015-06-10 17:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 22:17 - 2015-05-07 17:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 19:38 - 2015-07-15 19:40 - 00000000 ____D C:\Users\gepuk2001\Documents\CyberLink
2015-07-14 21:06 - 2015-07-14 21:06 - 00001516 _____ C:\Users\Public\Desktop\LibreOffice 4.4.lnk
2015-07-14 21:06 - 2015-07-14 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-07-10 17:49 - 2015-08-02 03:14 - 00000000 ___HD C:\$Windows.~BT
==================== One Month Modified files and folders =(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-04 15:26 - 2014-12-30 19:42 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-04 15:25 - 2014-12-30 23:52 - 00000000 ____D C:\FRST
2015-08-04 15:24 - 2015-03-12 21:28 - 00192000 ___SH C:\Users\Desktop\Thumbs.db
2015-08-04 15:24 - 2015-01-02 16:03 - 00000000 ____D C:\Users\Documents\Youcam
2015-08-04 15:23 - 2015-01-02 16:03 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2053F1C3-7B85-4B9D-87D8-074B4C45143B}
2015-08-04 15:22 - 2014-12-15 11:32 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-04 15:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-03 23:05 - 2015-01-03 20:25 - 00000000 ____D C:\Users\gepuk2001\AppData\Local\CrashDumps
2015-08-03 23:04 - 2015-05-14 21:36 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-568704525-757881285-3721914199-1006
2015-08-03 23:03 - 2014-03-18 10:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-03 23:02 - 2015-01-03 20:27 - 00000000 ____D C:\Users\AppData\Roaming\ClassicShell
2015-08-03 23:02 - 2014-12-15 11:32 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-03 22:59 - 2015-01-03 22:10 - 00000000 ____D C:\Users\gepuk2001\AppData\Local\HTC MediaHub
2015-08-03 22:56 - 2014-12-15 11:27 - 00000000 ____D C:\ProgramData\Kodak
2015-08-03 22:55 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-03 22:54 - 2015-03-06 10:57 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-08-03 21:43 - 2014-12-21 14:27 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-08-03 21:39 - 2015-01-02 15:58 - 00000000 ____D C:\Users\
2015-08-03 21:37 - 2015-03-01 21:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-03 21:19 - 2015-02-01 22:11 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-08-02 21:53 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-02 21:51 - 2013-08-22 14:25 - 00001171 _____ C:\Windows\system32\Drivers\etc\hosts.old
2015-08-02 20:26 - 2014-12-15 11:32 - 00000000 ____D C:\Program Files\CCleaner
2015-08-02 18:29 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-02 17:35 - 2014-08-06 00:33 - 00000000 ____D C:\ProgramData\McAfee
2015-08-02 03:01 - 2014-04-02 11:25 - 00000000 ____D C:\Windows\Panther
2015-08-02 00:35 - 2014-12-30 13:48 - 00002674 _____ C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk
2015-08-02 00:35 - 2014-12-30 13:48 - 00002500 _____ C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-08-02 00:35 - 2014-12-30 13:48 - 00002346 _____ C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-08-02 00:29 - 2014-12-14 19:30 - 00002663 _____ C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk
2015-08-02 00:29 - 2014-12-14 19:30 - 00002506 _____ C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-08-02 00:29 - 2014-12-14 19:30 - 00002335 _____ C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
2015-08-01 23:28 - 2014-08-06 00:33 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-08-01 23:20 - 2015-01-11 19:18 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-08-01 23:20 - 2014-08-06 00:22 - 00000000 ____D C:\ProgramData\Temp
2015-07-29 23:48 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-29 23:33 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-07-29 23:24 - 2015-05-26 10:32 - 00003100 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-568704525-757881285-3721914199-1006
2015-07-29 23:24 - 2015-01-06 17:50 - 00000000 ___RD C:\Users\OneDrive
2015-07-28 10:42 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-25 08:46 - 2015-05-20 20:54 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-23 09:45 - 2014-12-15 00:17 - 00000000 ____D C:\Users\AppData\Roaming\ClassicShell
2015-07-23 09:40 - 2014-12-22 20:22 - 00000000 ____D C:\Users\Documents\Youcam
2015-07-23 09:39 - 2014-12-14 23:24 - 00000000 ____D C:\Users\AppData\Local\Pokki
2015-07-23 09:37 - 2015-01-10 17:20 - 00000000 ____D C:\Users\AppData\Local\HTC MediaHub
2015-07-23 09:37 - 2014-12-21 14:49 - 00000000 ____D C:\Users\AppData\Local\CrashDumps
2015-07-23 09:37 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-23 09:18 - 2015-01-02 16:12 - 00411760 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 21:20 - 2015-05-26 10:47 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-22 21:20 - 2014-12-14 23:24 - 00000000 ____D C:\Users\
2015-07-22 20:25 - 2014-12-15 00:05 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AA810B07-4380-4D4B-9F7C-0D50936CEDDD}
2015-07-22 20:22 - 2014-12-27 21:44 - 00000000 ____D C:\Users\AppData\Roaming\Skype
2015-07-20 20:43 - 2015-05-12 07:45 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-568704525-757881285-3721914199-1005
2015-07-18 19:25 - 2015-01-02 16:05 - 00000000 ____D C:\Users\AppData\Local\Google
2015-07-18 11:18 - 2014-12-27 22:10 - 00000000 ____D C:\Users\AppData\Local\Google
2015-07-18 10:45 - 2014-12-14 22:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-18 10:45 - 2014-12-14 22:17 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-18 10:45 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-18 10:45 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2015-07-18 07:57 - 2014-12-15 11:32 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-18 07:57 - 2014-12-15 11:32 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-18 07:27 - 2014-12-14 21:51 - 00000000 ____D C:\Windows\system32\MRT
2015-07-18 07:20 - 2015-01-22 21:07 - 00046080 ___SH C:\Users\Desktop\Thumbs.db
2015-07-16 19:23 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-07-15 22:35 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-07-15 19:41 - 2014-08-06 00:32 - 00000000 ____D C:\Users\Public\CyberLink
2015-07-15 19:38 - 2015-01-11 19:15 - 00000000 ____D C:\Users\AppData\Roaming\CyberLink
2015-07-15 19:37 - 2015-01-02 16:03 - 00000000 ____D C:\Users\AppData\Local\CyberLink
2015-07-14 21:37 - 2015-03-01 21:48 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 21:06 - 2015-05-23 20:30 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-07-13 22:10 - 2014-12-14 22:21 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 22:10 - 2014-12-14 22:21 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 21:08 - 2015-03-04 12:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-05 21:43 - 2014-12-30 19:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-05 21:26 - 2015-01-05 17:14 - 00000000 ____D C:\ProgramData\Unchecky==== Files in the root of some directories =======
2015-01-13 14:50 - 2015-01-13 14:50 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-01-25 17:12 - 2015-03-29 23:05 - 0000365 _____ () C:\Users\AppData\Roaming\CBDLOD
2015-01-25 17:12 - 2015-03-29 23:05 - 0001171 _____ () C:\Users\AppData\Roaming\KCBOPKG
2015-03-04 11:06 - 2015-03-11 00:51 - 0000115 _____ () C:\Users\AppData\Roaming\LogFile.txt
Some files in TEMP:========C:\Users\AppData\Local\Temp\EsgInstallerx64Stub.exe C:\Users\AppData\Local\Temp\oct749B.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-18 11:47
==================== End of log ============================
August 4th, 2015, 11:06 AM
#17
Part Three of Four
Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by (2015-08-04 15:26:44)
Running from C:\Users\Desktop
Boot Mode: Normal
==================== Accounts: =============================
Administrator (S-1-5-21-568704525-757881285-3721914199-500 - Administrator - Disabled)
gepuk2001 (S-1-5-21-568704525-757881285-3721914199-1006 - Administrator - Enabled) => C:\Users\
Guest (S-1-5-21-568704525-757881285-3721914199-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-568704525-757881285-3721914199-1003 - Limited - Enabled)
Pollyanna (S-1-5-21-568704525-757881285-3721914199-1005 - Limited - Enabled) => C:\Users
============ Security Center ====(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ==================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9840 - Broadcom Corporation)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Cloud System Booster (HKLM-x32\...\Cloud System Booster) (Version: 3.5 - Anvisoft)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 12 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12.0 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.5315.0 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3604 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2930.0 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.46.0 - HTC)
In the beginning was The Word (HKLM-x32\...\The Word) (Version: - )
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
LibreOffice 4.4.4.3 (HKLM-x32\...\{5B6D82BB-CC1A-431E-8991-3E57855F99C5}) (Version: 4.4.4.3 - The Document Foundation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4113 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-568704525-757881285-3721914199-1006\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKU\S-1-5-21-568704525-757881285-3721914199-1006\...\PrintProjects) (Version: 1.0.0.18702 - RocketLife Inc.)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unchecky v0.3.8 (HKLM-x32\...\Unchecky) (Version: 0.3.8 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ===========
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-568704525-757881285-3721914199-1006_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-568704525-757881285-3721914199-1006_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\gepuk2001\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points ================
24-06-2015 20:25:35 Windows Update 12-07-2015 16:36:45 Windows Update
14-07-2015 21:00:18 Installed LibreOffice 4.4.4.3 18-07-2015 07:27:54 Windows Modules Installer
22-07-2015 21:12:29 Windows Update 29-07-2015 23:26:31 Windows Update
02-08-2015 19:39:59 Installed Adblock Plus for IE (32-bit and 64-bit)
02-08-2015 20:04:09 JRT Pre-Junkware Removal
==================== Scheduled Tasks (Whitelisted) ========
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {034BCA8A-8384-45B9-A42F-639D07C0EE42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPW10UpgradeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPW10UpgradeReminder.exe [2015-07-24] (Hewlett-Packard)
Task: {0D321FBB-3354-4E1F-BABC-AACEEAF151C4} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-568704525-757881285-3721914199-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {0F1F21CC-84D5-4C8A-8D8A-28BB045F5F4D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {16A68912-4326-4518-9C17-47C684C59EEF} - System32\Tasks\DeviceDetector7 => C:\Program Files (x86)\CyberLink\MediaEspresso7\DeviceDetector\DeviceDetector7.exe [2014-06-17] (CyberLink)
Task: {19C759D1-01D3-4667-AEF2-CC54BA2C83F3} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-568704525-757881285-3721914199-1006 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {1D3F4BD4-C41E-486D-A61C-001471C0A0D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {248BC06A-13C4-446B-AB7B-9F74790BB01E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {3474FE21-33C8-4BA3-820D-5BE9550FE850} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {3F7619FD-68C9-4F9E-8B1B-BA192CC7B817} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {4443C5BF-4D1A-42BB-A57C-FD8B18A87CFE} - System32\Tasks\{B300B0ED-076E-4E9B-A9E7-E311C36D716F} => pcalua.exe -a C:\Users\gepuk2001\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=tugs
Task: {462DFE4F-9575-41E6-8B63-B1BF3C196E95} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {5139358D-A155-4791-8D19-FD21DC427F07} - \LaunchSignup No Task File <==== ATTENTION
Task: {55C7FF4D-EDC7-4509-A5A1-8E86F4F4EDD8} - \DoctorPC_Start No Task File <==== ATTENTION
Task: {5CDDC8D4-1C60-4064-9236-B03D91DA3539} - System32\Tasks\KCBOPKG => C:\Users\gepuk2001\AppData\Roaming\KCBOPKG.exe <==== ATTENTION
Task: {6C65AE73-3F0A-4359-834F-BEBAD54D027F} - System32\Tasks\{4D73638D-F5E9-4479-BE25-E0015ACCEAD1} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=en-us
Task: {6F3EA145-5BB0-4F7D-9809-6E84E936B018} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-15] (Google Inc.)
Task: {7A0BE80E-60F8-4D9F-A946-CB82469CA9F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-21] (Hewlett-Packard)
Task: {7D2E03F5-C3ED-4A0B-A080-D7574DBCD094} - \DoctorPC_Popup No Task File <==== ATTENTION
Task: {81F557C5-7F50-4A8A-B0F9-A4DCED1B1D64} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8E48D8C8-9E98-456C-B3B9-9965D0AB77EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {98FD6E43-91B1-45EA-A350-B11E5ADA31D8} - System32\Tasks\HPCeeScheduleForgepuk2001 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A1D99B44-581C-458D-B19A-A6FA0724EB3B} - System32\Tasks\Pokki => %LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe
Task: {A23724CA-AFC0-4573-ABEE-CB43B5D3491D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-15] (Google Inc.)
Task: {B658943C-F634-4913-AA5B-4FE39C605B58} - System32\Tasks\{952C1835-9AF7-4A50-A578-E8D4CAE747FD} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=en-us
Task: {BA3B38AF-9E1F-465E-9804-F9B3E54F45EB} - System32\Tasks\CBDLOD => C:\Users\gepuk2001\AppData\Roaming\CBDLOD.exe <==== ATTENTION
Task: {BA8D2B23-455E-4F96-B5F0-60531B535DD3} - \Selection Tools Update No Task File <==== ATTENTION
Task: {CA1C4D29-03B5-41D4-A470-3F261FAFA68B} - System32\Tasks\{0B46FD3F-A685-495A-8847-E053FE68D97D} => pcalua.exe -a C:\Users\Graham\Downloads\FirmwareFlashLauncher.exe
Task: {CC62ED8E-5C12-4414-B708-CAD09BB57F4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {CE2C7AA6-DDE0-482E-B2DB-DF987DA89578} - \Optimize Start Menu Cache Files-S-1-5-21-568704525-757881285-3721914199-1001 No Task File <==== ATTENTION
Task: {CE8D7732-10BC-48CA-9531-7BD03AEB9DD8} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {CEED0B2E-451E-4B16-969F-D0249A857355} - System32\Tasks\PrintProjects Communicator => C:\Users\gepuk2001\AppData\Roaming\PrintProjects\Communicator.exe [2011-06-16] ()
Task: {D2986061-14D7-49C1-917F-3F35C0C29F31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {D3045CA2-FE90-4C31-B9DB-7B062034F6B9} - \Optimize Start Menu Cache Files-S-1-5-21-568704525-757881285-3721914199-500 No Task File <==== ATTENTION
Task: {D6873F18-08FA-4CF2-8138-D24ED55570A5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
Task: {DBADF4AA-0304-43C8-8D20-BEA47259A211} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {E38ED54E-277C-4DA0-89DA-62F3605F7BF4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E970164E-4BF9-4287-AB89-2080943B619F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {ED19CF83-B86D-4B6E-80D0-728B09980BB7} - \WindApp Update No Task File <==== ATTENTION
Task: {F67CB552-2581-48BE-AE22-813EDADD0D4C} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {F82C1128-17DC-43A6-B410-87ACD289A069} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {FDA17E93-F431-4502-B5C6-46DFB1B2B8CE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CBDLOD.job => C:\Users\AppData\Roaming\CBDLOD.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFor.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\KCBOPKG.job => C:\Users\gepuk2001\AppData\Roaming\KCBOPKG.exe <==== ATTENTION
Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\Users\AppData\Roaming\PrintProjects\Communicator.exe
==================== Loaded Modules (Whitelisted) ===
2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-12-04 08:44 - 2013-12-04 08:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 08:44 - 2013-12-04 08:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 08:44 - 2013-12-04 08:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-08-06 00:42 - 2012-04-25 03:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-05-06 00:21 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-12-18 16:25 - 2014-12-18 16:25 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 16:26 - 2014-12-18 16:26 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 16:26 - 2014-12-18 16:26 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 16:26 - 2014-12-18 16:26 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 16:26 - 2014-12-18 16:26 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-12-18 16:29 - 2014-12-18 16:29 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-12-18 16:31 - 2014-12-18 16:31 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-03-04 12:01 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-04 12:01 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-04 12:01 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-04 12:01 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-04 12:01 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-06 00:01 - 2013-12-10 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-05-06 00:10 - 2013-05-20 04:01 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMediaLibrary.dll
2013-05-20 11:02 - 2013-05-20 11:02 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvcPS.dll
2014-08-06 00:24 - 2014-03-12 07:34 - 00866056 _____ () C:\Program Files (x86)\CyberLink\YouCam\subsys\BigBang\Runtime\UNO.dll
2014-08-06 00:24 - 2011-08-24 03:39 - 00081920 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_ctypes.pyd
2014-08-06 00:24 - 2011-08-24 03:39 - 00053248 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_socket.pyd
2014-08-06 00:24 - 2011-08-24 03:39 - 00655360 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_ssl.pyd
2014-08-06 00:24 - 2013-12-17 11:19 - 00057344 _____ () C:\Program Files (x86)\CyberLink\YouCam\subsys\YouCam\XUControl.dll
August 4th, 2015, 11:14 AM
#18
Part Four of Four
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\OneDrive:ms-properties
AlternateDataStreams: C:\Users\OneDrive:ms-properties
AlternateDataStreams: C:\Users\OneDrive (2):ms-properties
AlternateDataStreams: C:\Users\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Association (Whitelisted) ====
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 12683 more restricted sites.
==================== Other Areas =======
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-568704525-757881285-3721914199-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-568704525-757881285-3721914199-1006\...\StartupApproved\Run: => "Power2GoExpress9"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DF364F15-28B7-426A-B5B3-674754654D45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{852BEB40-C2F3-4B6E-B98E-C42BDBBEF436}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A124D71-140C-4DCF-9745-262AD8A3D730}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E64A4F8B-575C-40D8-B8D6-AD18BEBDD5A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4AC6D35F-EB3B-433F-BBCB-0132C6728FD2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{43BE52D6-E506-4BD1-A912-60D0500CF06E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7D23D771-B00C-450E-87BA-668DFC33588F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E16F53F4-82DA-4D36-9305-148DD751A352}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{20DCDE72-8FEB-47C7-9975-C49D572ED7E3}] => (Allow) LPort=2869
FirewallRules: [{42490414-9189-455E-876D-E1FA71737DAF}] => (Allow) LPort=1900
FirewallRules: [{0E3BE19A-D6D3-4029-A694-87791C3C8079}] => (Allow) C:\Users\Graham\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{1B34357E-C7D0-4A3A-B2E6-FFCD2ED1A427}] => (Allow) LPort=9322
FirewallRules: [{F8B3AD11-CF11-4AE3-B686-846D6089047B}] => (Allow) LPort=5353
FirewallRules: [{FCAB9EEC-5BE7-4ECB-A5EF-6739F6DF6C9C}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{D5C899B2-6EC3-4133-9AB2-08029DBB4319}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{EB740447-14AF-4192-9F47-A92A9DC8770F}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{56289851-6E23-41D1-96FB-ADBA3E849F35}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{44C94AEF-1EF4-4092-A9AA-3EA6B62383CD}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{72834C0A-A179-41C6-B0D1-568797DFEF1F}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{C252D4CD-D6B1-47B4-A5AD-3A97D9B65E73}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{29FAD7B0-CCD3-46A3-9F08-D7CBD854F34C}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{0198CEE6-7C8B-414E-A95A-328D8109B585}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{D7FFE34D-5FE7-426D-A586-3B805817617A}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{8A496229-D17D-432C-B0DB-A6FDAD1FBE59}] => (Allow) LPort=9322
FirewallRules: [{9607B1F7-BB8F-47FA-9E3D-CCCF426CB57C}] => (Allow) LPort=5353
FirewallRules: [{4B79E964-8CD3-48E5-949F-3542FF67422B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{1FAE4BD0-4407-4096-AA72-F03035A4A2E4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{809F9BCE-EBB0-4968-8031-8CB20FEB3BA4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{C9AE1900-13F8-4FA4-96D0-2D6DCF0B9954}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{BCE4A811-52AA-46FC-A13E-6CF4DDB4C2AD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{D6B96201-6201-4D33-9E8B-59572BFF0793}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [TCP Query User{13F90676-5FFF-4DE4-B363-86517B929CBD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{10BA5DD0-9723-40C5-899C-3E686DBB1B06}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1A6C0FE4-9FCA-4EAD-AC3F-4561784F4F27}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{818E173F-A6B0-4F45-B6C7-26D35F41C188}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C4D25FE9-EABA-4D94-A2A0-9941B0EA9D5A}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{22890385-A327-4F46-8FA0-B83E6550C507}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3B85FB6-8FE4-4AB4-9144-837D853FAEAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A5924857-CB08-48F7-A332-754565604BF8}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{3D72B8A7-3E31-43D9-88C6-1DEBCD629B35}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{E2A8C38F-5ACF-40BC-BBC3-05E680C0CDE0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9010748C-772E-432C-B27C-2B45BEFAECB9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{E80E2BF0-12DF-4592-9B23-866D8BD401F7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{28E76A85-3A05-405A-A9B8-7BDF9ABF67F3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{5ECD2C8C-C1A9-4D80-A3C5-02A89EF0D469}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{4FF5AF0B-D59D-4F2B-A863-4F21D4C887C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{1B54BEF2-FCE1-4527-B37D-94D94E8F0120}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{D8198A06-E9BE-4EA4-9600-9FDEF67855A7}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{3710F170-5A1C-49E2-AA0E-250FEA171DF0}] => (Allow) C:\Users\gepuk2001\AppData\Local\Microsoft\OneDrive\OneDrive.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: ============
Application errors:
==================
Error: (08/04/2015 03:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 58283703
Error: (08/04/2015 03:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 58283703
Error: (08/04/2015 03:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/03/2015 10:59:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxTray.exe, version: 6.15.10.3574, time stamp: 0x535821b3
Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53087867
Exception code: 0xc0000005
Fault offset: 0x0000000000005fc4
Faulting process ID: 0x1344
Faulting application start time: 0xigfxTray.exe0
Faulting application path: igfxTray.exe1
Faulting module path: igfxTray.exe2
Report ID: igfxTray.exe3
Faulting package full name: igfxTray.exe4
Faulting package-relative application ID: igfxTray.exe5
Error: (08/03/2015 10:56:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.13.0, time stamp: 0x558200e9
Faulting module name: mbamservice.exe, version: 3.2.13.0, time stamp: 0x558200e9
Exception code: 0x40000015
Fault offset: 0x000ace66
Faulting process ID: 0x8a4
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report ID: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
Error: (08/03/2015 10:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2882188
Error: (08/03/2015 10:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2882188
Error: (08/03/2015 10:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/03/2015 09:40:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxTray.exe, version: 6.15.10.3574, time stamp: 0x535821b3
Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53087867
Exception code: 0xc0000005
Fault offset: 0x0000000000005fc4
Faulting process ID: 0x157c
Faulting application start time: 0xigfxTray.exe0
Faulting application path: igfxTray.exe1
Faulting module path: igfxTray.exe2
Report ID: igfxTray.exe3
Faulting package full name: igfxTray.exe4
Faulting package-relative application ID: igfxTray.exe5
Error: (08/03/2015 09:38:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.13.0, time stamp: 0x558200e9
Faulting module name: mbamservice.exe, version: 3.2.13.0, time stamp: 0x558200e9
Exception code: 0x40000015
Fault offset: 0x000ace66
Faulting process ID: 0x8ec
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report ID: mbamservice.exe3
Faulting package full name: mbamservice.exe4
ulting package-relative application ID: mbamservice.exe5
System errors:
=============
Error: (08/04/2015 03:24:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
Error: (08/04/2015 03:22:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (08/04/2015 03:22:23 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (08/04/2015 03:22:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (08/04/2015 03:17:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
Error: (08/03/2015 10:56:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
Error: (08/03/2015 10:56:03 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (08/03/2015 09:50:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
Error: (08/03/2015 09:43:09 PM) (Source: DCOM) (EventID: 10010) (User: Peates)
Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
Error: (08/03/2015 09:38:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).
Microsoft Office:
=========================
Error: (08/04/2015 03:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 58283703
Error: (08/04/2015 03:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 58283703
Error: (08/04/2015 03:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/03/2015 10:59:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxTray.exe6.15.10.3574535821b3combase.dll6.3.9600.1703153087867c00000050000000000005fc4134401d0ce37b5801e51C:\Windows\system32\igfxTray.exeC:\Windows\SYSTEM32\combase.dllf866f173-3a2a-11e5-82ca-b01041ebd0a0
Error: (08/03/2015 10:56:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.2.13.0558200e9mbamservice.exe3.2.13.0558200e940000015000ace668a401d0ce3731048c6fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe78175773-3a2a-11e5-82ca-b01041ebd0a0
Error: (08/03/2015 10:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2882188
Error: (08/03/2015 10:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2882188
Error: (08/03/2015 10:43:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/03/2015 09:40:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxTray.exe6.15.10.3574535821b3combase.dll6.3.9600.1703153087867c00000050000000000005fc4157c01d0ce2c7fbcb70cC:\Windows\system32\igfxTray.exeC:\Windows\SYSTEM32\combase.dllcfda384c-3a1f-11e5-82c9-b01041ebd0a0
Error: (08/03/2015 09:38:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.2.13.0558200e9mbamservice.exe3.2.13.0558200e940000015000ace668ec01d0ce2c522be47eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe991f203c-3a1f-11e5-82c9-b01041ebd0a0
==================== Memory info =======
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 22%
Total physical RAM: 8122.15 MB
Available physical RAM: 6285.74 MB
Total Virtual: 9402.15 MB
Available Virtual: 7501.27 MB
==================== Drives ===
Drive c: (Windows) (Fixed) (Total:930.5 GB) (Free:781.46 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 240571F5)
Partition: GPT Partition Type.
==================== End of log ==========Thanks Broni, from Gep
August 4th, 2015, 04:31 PM
#19
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt ). Please post it to your reply.
Attached Files
August 4th, 2015, 05:08 PM
#20
Hello Broni. Hope this is what you are after??
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-568704525-757881285-3721914199-1006 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-568704525-757881285-3721914199-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Hosts:
C:\Users\AppData\Local\Temp\EsgInstallerx64Stub.exe C:\Users\AppData\Local\Temp\oct749B.tmp.exe
Task: {5139358D-A155-4791-8D19-FD21DC427F07} - \LaunchSignup No Task File <==== ATTENTION
Task: {55C7FF4D-EDC7-4509-A5A1-8E86F4F4EDD8} - \DoctorPC_Start No Task File <==== ATTENTION
Task: {5CDDC8D4-1C60-4064-9236-B03D91DA3539} - System32\Tasks\KCBOPKG => C:\Users\gepuk2001\AppData\Roaming\KCBOPKG.exe <==== ATTENTION
C:\Users\gepuk2001\AppData\Roaming\KCBOPKG.exe
Task: {7D2E03F5-C3ED-4A0B-A080-D7574DBCD094} - \DoctorPC_Popup No Task File <==== ATTENTION
Task: {BA3B38AF-9E1F-465E-9804-F9B3E54F45EB} - System32\Tasks\CBDLOD => C:\Users\gepuk2001\AppData\Roaming\CBDLOD.exe <==== ATTENTION
Task: {BA8D2B23-455E-4F96-B5F0-60531B535DD3} - \Selection Tools Update No Task File <==== ATTENTION
C:\Users\gepuk2001\AppData\Roaming\CBDLOD.exe
Task: {CE2C7AA6-DDE0-482E-B2DB-DF987DA89578} - \Optimize Start Menu Cache Files-S-1-5-21-568704525-757881285-3721914199-1001 No Task File <==== ATTENTION
Task: {D3045CA2-FE90-4C31-B9DB-7B062034F6B9} - \Optimize Start Menu Cache Files-S-1-5-21-568704525-757881285-3721914199-500 No Task File <==== ATTENTION
Task: {ED19CF83-B86D-4B6E-80D0-728B09980BB7} - \WindApp Update No Task File <==== ATTENTION
Task: C:\Windows\Tasks\CBDLOD.job => C:\Users\AppData\Roaming\CBDLOD.exe <==== ATTENTION
C:\Users\AppData\Roaming\CBDLOD.exe
Task: C:\Windows\Tasks\KCBOPKG.job => C:\Users\AppData\Roaming\KCBOPKG.exe <==== ATTENTION
C:\Users\AppData\Roaming\KCBOPKG.exe
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\OneDrive:ms-properties
AlternateDataStreams: C:\Users\OneDrive:ms-properties
AlternateDataStreams: C:\Users\OneDrive (2):ms-properties
AlternateDataStreams: C:\Users\OneDrive:ms-properties
Thanks, Gep
August 5th, 2015, 11:22 AM
#21
No. You just posted content of my "fixlist" file.
Re-read my instructions and redo.
August 6th, 2015, 04:35 PM
#22
Hello Broni, sorry, my brain is not used to doing hard tasks, still getting confused at my old age.
Good news, Windows 10 to my rescue, Downloaded it, all is well with my computer, I think???????? lol, Microsoft for you.
Thanks for all your great help, time invested in this, much appreciated, Gep
August 6th, 2015, 04:59 PM
#23
Good luck
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules