Help again

[jensennan]

I need help getting all the Malware off and increasing the speed of my computer and deleting unnecessary pop ups

 

 

[flashh4]

Welcome back Nancy but not under these conditions ! Lol

 

Ok run these and post the logs as soon as you get them ! Just copy & paste them into your topic !! If you have any problems just notify mr & go to the next program to Dwnload & run !

 

=========================

 

AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the "Cleaning" button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT


    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



NEXT



    Download Malwarebytes' Anti-Malware (save it to your desktop).  >>>   http://api.viglink.com/api/click?format=go&jsonp=vglnk_142716402237113&key=9b4efad421c8b103b2c94b796db973b0&libId=i7moiq1n01002u9u000DAjanrgva6&subId=ada8cd58e448a82cf9bb2f2782266d43&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D129391%26page%3D1&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmwb-download%2Fconfirm%2F%3Futm_source%3Dfacebook%26utm_medium%3Dsocial&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fs%3D49c36eb57530cd237bc7129892da2191%26showforum%3D27&title=can%27t%20download%20or%20run%20malwarebyts%20%5BSolved%5D%20-%20What%20the%20Tech&txt=http%3A%2F%2Fwww.malwareby...m_medium%3Dsocial

      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      *  Select Scan tab.



* Select type of scan to perform:


   
  * Threat Scan < --- Select this type of scan
  * Custom Scan
  * Hyper Scan

Next click the Scan button.

When the scan is complete, if no malicious items are found you can close the program.

If malicious items are found be sure that everything is checked, and click Quarantine .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.



NEXT



Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com

Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes Log
4. DDS logs (2 logs)
Thanks
Chuck
 

[flashh4]

Nancy can you post the log ??

Also i want you to dwnload Firefox by Mozzila >>> https://www.mozilla.org/en-US/firefox/new/

 

Thanks

Chuck

[flashh4]

Don't worry to much about the Malwarebytes log as long as you selected delete/quarantine all that are checked !!

 

Post the other logs when you can !!

 

Thanks

Chuck

[jensennan]

# AdwCleaner v4.207 - Logfile created 07/07/2015 at 21:29:09
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [server]
# Operating system : Windows 8.1  (x64)
# Username : Nancy - NANCYLAPTOP
# Running from : C:\Users\Nancy\Downloads\adwcleaner_4.207 (1).exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : swdumon

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Nancy\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage-journal
File Deleted : C:\WINDOWS\System32\drivers\swdumon.sys
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Mozilla Firefox v39.0 (x86 en-US)

-\\ Google Chrome v43.0.2357.132

[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] :

*************************

AdwCleaner[R0].txt - [4324 bytes] - [28/06/2015 20:19:02]
AdwCleaner[R1].txt - [4441 bytes] - [29/06/2015 12:13:18]
AdwCleaner[R2].txt - [9885 bytes] - [29/06/2015 12:41:47]
AdwCleaner[R3].txt - [10172 bytes] - [29/06/2015 18:16:17]
AdwCleaner[R4].txt - [10552 bytes] - [30/06/2015 16:21:16]
AdwCleaner[R5].txt - [9223 bytes] - [07/07/2015 21:28:33]
AdwCleaner[s0].txt - [432 bytes] - [28/06/2015 20:21:01]
AdwCleaner[s1].txt - [364 bytes] - [29/06/2015 12:14:10]
AdwCleaner[s2].txt - [320 bytes] - [29/06/2015 12:42:52]
AdwCleaner[s3].txt - [368 bytes] - [29/06/2015 18:17:14]
AdwCleaner[s4].txt - [368 bytes] - [30/06/2015 16:21:58]
AdwCleaner[s5].txt - [3638 bytes] - [07/07/2015 21:29:09]

########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [3697  bytes] ##########

[jensennan]

# AdwCleaner v4.207 - Logfile created 07/07/2015 at 22:41:07
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [server]
# Operating system : Windows 8.1  (x64)
# Username : Nancy - NANCYLAPTOP
# Running from : C:\Users\Nancy\Downloads\adwcleaner_4.207(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v43.0.2357.132

[C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] :

*************************

AdwCleaner[R0].txt - [4324 bytes] - [28/06/2015 20:19:02]
AdwCleaner[R1].txt - [4441 bytes] - [29/06/2015 12:13:18]
AdwCleaner[R2].txt - [9885 bytes] - [29/06/2015 12:41:47]
AdwCleaner[R3].txt - [10172 bytes] - [29/06/2015 18:16:17]
AdwCleaner[R4].txt - [10552 bytes] - [30/06/2015 16:21:16]
AdwCleaner[R5].txt - [9223 bytes] - [07/07/2015 21:28:33]
AdwCleaner[R6].txt - [7138 bytes] - [07/07/2015 22:40:20]
AdwCleaner[s0].txt - [432 bytes] - [28/06/2015 20:21:01]
AdwCleaner[s1].txt - [364 bytes] - [29/06/2015 12:14:10]
AdwCleaner[s2].txt - [320 bytes] - [29/06/2015 12:42:52]
AdwCleaner[s3].txt - [368 bytes] - [29/06/2015 18:17:14]
AdwCleaner[s4].txt - [368 bytes] - [30/06/2015 16:21:58]
AdwCleaner[s5].txt - [3785 bytes] - [07/07/2015 21:29:09]
AdwCleaner[s6].txt - [1517 bytes] - [07/07/2015 22:41:07]

########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [1576  bytes] ##########
 

[jensennan]

The Malwarebytes log was clean !!

[flashh4]

Ok run these for me please !!

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.comhttp://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   


Thanks

Chuck

[flashh4]

Nancy run this one also !!

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.
 

 

Thanks

Chuck

[jensennan]

OTL logfile created on: 7/7/2015 11:29:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nancy\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17842)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.86 Gb Total Physical Memory | 5.96 Gb Available Physical Memory | 75.88% Memory free
16.86 Gb Paging File | 14.82 Gb Available in Paging File | 87.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.00 Gb Total Space | 863.56 Gb Free Space | 94.07% Space Free | Partition Type: NTFS
 
Computer Name: NANCYLAPTOP | User Name: Nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/07/07 23:29:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nancy\Downloads\OTL.com
PRC - [2015/06/30 21:30:24 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/06/18 05:55:24 | 005,296,912 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
PRC - [2015/06/18 05:55:23 | 017,905,424 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer.exe
PRC - [2015/06/18 05:55:23 | 005,495,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2015/06/18 05:32:23 | 000,229,136 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\tv_w32.exe
PRC - [2012/12/29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe
PRC - [2012/08/06 06:55:10 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
PRC - [2012/07/17 20:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 20:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 20:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/09 13:47:18 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/07/09 13:47:14 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/06/07 22:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/06/01 20:47:48 | 000,143,888 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/06/30 18:49:01 | 002,964,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fc3b086418e8d8807cfb6b88ccae1c64\System.IdentityModel.ni.dll
MOD - [2015/06/30 18:48:43 | 000,360,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\13c9520617852ea952d5266a86e8beaf\IAStorUtil.ni.dll
MOD - [2015/06/30 18:44:24 | 012,898,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\592a40dd076e6e46b4a8bc95bb64b2e8\System.Windows.Forms.ni.dll
MOD - [2015/06/30 18:44:14 | 019,567,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\662aae610c401a254416904a4861b189\System.ServiceModel.ni.dll
MOD - [2015/06/30 18:43:49 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\814dd462b742d7c16c620e79397b2463\System.Configuration.ni.dll
MOD - [2015/06/30 18:43:22 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\67bdc09fa286920c1f42f2a98c400f95\System.Core.ni.dll
MOD - [2015/05/27 11:24:36 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll
MOD - [2015/05/27 11:21:54 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll
MOD - [2015/05/27 11:21:40 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll
MOD - [2015/01/28 19:42:24 | 010,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll
MOD - [2014/12/04 21:30:04 | 000,026,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\a4c2f95b7723d89069f29979299b3758\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2014/12/04 21:30:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorCommon\e3b1bef41ab305ddffb34901eb459064\IAStorCommon.ni.dll
MOD - [2014/12/04 21:29:44 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll
MOD - [2014/12/04 21:29:44 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll
MOD - [2014/09/24 02:24:28 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 22:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe -- (mccspsvc)
SRV:64bit: - [2015/05/25 08:07:50 | 001,430,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/02/20 18:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2015/02/03 18:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/02/03 18:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/12/05 20:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/28 22:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/10/28 22:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/10/28 21:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/10/28 21:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/10/28 21:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/10/28 21:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/10/28 21:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/10/28 20:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/10/28 20:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/10/28 20:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/10/28 20:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/10/28 20:26:02 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/10/28 20:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/10/28 20:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/10/28 20:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/10/28 20:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/10/28 20:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/10/28 20:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/10/28 20:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/10/28 20:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/10/28 20:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/10/28 20:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/10/28 20:09:48 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/10/28 20:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/10/28 19:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2014/10/28 19:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/10/28 19:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/10/28 19:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/10/01 20:54:24 | 000,319,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2013/08/28 16:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/08/28 16:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/08/28 16:23:40 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/08/28 16:23:20 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/05/21 08:14:18 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/12/29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService)
SRV:64bit: - [2012/09/12 18:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/08/06 06:55:10 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe -- (CxUtilSvc)
SRV:64bit: - [2012/05/30 13:11:34 | 000,149,544 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2015/06/30 21:30:36 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/06/18 05:55:23 | 005,495,056 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2014/10/28 22:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/28 20:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/28 20:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/10/28 19:53:11 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/10/01 20:54:28 | 000,281,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/17 20:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 20:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 20:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/09 13:47:14 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/13 19:10:14 | 000,140,224 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\LG Electronics\LGE LTE Driver\LGVL600SVC.exe -- (LGE NDIS Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/04/16 01:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/03/19 20:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/03/17 12:26:06 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/03/12 23:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/03/08 21:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/03/04 05:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/02/03 18:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/02/03 18:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/02/03 18:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/10/28 22:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/10/28 22:59:12 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/10/28 22:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/10/28 22:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/28 21:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/10/28 21:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2014/10/28 21:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/10/28 21:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/10/28 21:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/10/15 03:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/10/12 21:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/12 21:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/07 01:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/10/07 01:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014/10/01 20:54:16 | 003,828,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/09/24 02:50:37 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/09/24 02:23:48 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/09/24 02:23:32 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/09/24 02:23:31 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014/09/24 02:23:31 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/09/24 02:23:31 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/09/24 02:23:30 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/09/24 01:53:09 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/08/01 15:18:33 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2014/08/01 15:18:33 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/10/15 12:42:24 | 001,390,904 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2013/10/15 12:42:10 | 000,069,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2013/10/08 22:12:46 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 09:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/05/21 08:14:00 | 000,165,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/10/27 00:02:10 | 000,651,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/09 19:29:52 | 000,188,384 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012/08/09 19:29:52 | 000,048,096 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2012/08/06 06:55:06 | 001,607,328 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012/08/05 01:22:10 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DellRbtn.sys -- (DellRbtn)
DRV:64bit: - [2012/07/09 17:40:50 | 000,209,744 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 10:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/15 16:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/05/30 13:10:50 | 000,016,168 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2011/02/16 11:51:56 | 000,042,496 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGELTEBus.sys -- (LGELTEBus)
DRV:64bit: - [2011/02/16 11:51:42 | 000,116,480 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGELTEmdm.sys -- (LGELTEmdm)
DRV:64bit: - [2011/02/16 11:51:30 | 000,047,104 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGELTEMux.sys -- (LGELTEMux)
DRV:64bit: - [2011/02/16 11:51:18 | 000,052,736 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGELTENdis.sys -- (LGELTENdis)
DRV:64bit: - [2011/02/16 11:51:02 | 000,117,120 | ---- | M] (LG Electronics ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGELTEprt.sys -- (LGELTEprt)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{7A78C9A5-84FA-48FB-AFD5-2EE886F5869C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7A78C9A5-84FA-48FB-AFD5-2EE886F5869C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/[binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us/?pc=U143&ocid=U143DHP
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{261B3530-792B-49B6-99EC-E0DD6CC18409}: "URL" = https://search.yahoo.com/search?fr=mcafee&type=C011US105D20141223&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:39.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2015/07/07 21:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nancy\AppData\Roaming\mozilla\Extensions
[2015/07/07 21:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/07/07 21:25:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn\2.2.3_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahfnihbbceiilhalikfkonbipolponko\2_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: SafeKey Fill Forms - file://C:\Users\Nancy\AppData\LocalLow\SafeKey\context.html?cmd=fillforms File not found
O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm File not found
O8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\Nancy\AppData\LocalLow\SafeKey\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm File not found
O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.36.0.5 72.36.7.234
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67FD1085-8141-4696-90FC-F32564F8BCD1}: DhcpNameServer = 72.36.0.5 72.36.7.234
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E55218-823E-4C90-9562-7CAF0440406A}: DhcpNameServer = 198.224.164.135 198.224.160.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B549870A-FE13-439B-8D4C-23E291293BEE}: DhcpNameServer = 198.224.164.135 198.224.160.135
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6409e73c-89b7-11e2-be6c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6409e73c-89b7-11e2-be6c-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\Kodak.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/07/07 22:34:17 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\TeamViewer
[2015/07/07 22:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2015/07/07 21:25:47 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Roaming\Mozilla
[2015/07/07 21:25:47 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\Mozilla
[2015/07/07 21:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015/07/07 21:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2015/07/07 21:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/06/30 18:20:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Migration
[2015/06/30 17:45:23 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015/06/30 17:45:23 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015/06/30 14:54:42 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015/06/30 06:51:56 | 000,467,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS
[2015/06/30 06:51:55 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\bthhfenum.sys
[2015/06/30 06:51:53 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2015/06/30 06:51:53 | 000,700,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll
[2015/06/30 06:51:52 | 001,119,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll
[2015/06/30 06:51:52 | 000,756,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll
[2015/06/30 06:51:52 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll
[2015/06/30 06:51:52 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll
[2015/06/30 06:51:52 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepic.dll
[2015/06/30 06:51:52 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2015/06/30 06:51:50 | 002,256,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2015/06/30 06:51:50 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2015/06/30 06:51:50 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2015/06/30 06:51:50 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll
[2015/06/30 06:51:50 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiobj.dll
[2015/06/30 06:51:50 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\compstui.dll
[2015/06/30 06:51:50 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\ahcache.sys
[2015/06/30 06:51:49 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll
[2015/06/30 06:51:49 | 002,819,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll
[2015/06/30 06:51:49 | 002,483,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll
[2015/06/30 06:51:49 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Input.Inking.dll
[2015/06/30 06:51:49 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.dll
[2015/06/30 06:51:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsDatabase.dll
[2015/06/30 06:51:48 | 004,417,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbgeng.dll
[2015/06/30 06:51:48 | 002,985,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbgeng.dll
[2015/06/30 06:51:48 | 002,162,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2015/06/30 06:51:48 | 001,812,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll
[2015/06/30 06:51:48 | 001,491,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbghelp.dll
[2015/06/30 06:51:48 | 001,430,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2015/06/30 06:51:48 | 001,207,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbghelp.dll
[2015/06/30 06:51:48 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastapi.dll
[2015/06/30 06:51:48 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastapi.dll
[2015/06/30 06:51:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UtcResources.dll
[2015/06/30 06:51:46 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpapisrv.dll
[2015/06/30 06:51:45 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rgb9rast.dll
[2015/06/30 06:51:44 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhotoMetadataHandler.dll
[2015/06/30 06:51:44 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PhotoMetadataHandler.dll
[2015/06/30 06:51:36 | 003,633,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll
[2015/06/30 06:51:36 | 002,551,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2015/06/30 06:51:36 | 001,920,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll
[2015/06/30 06:51:36 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sdbinst.exe
[2015/06/30 06:51:36 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sdbinst.exe
[2015/06/30 06:51:35 | 002,749,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll
[2015/06/30 06:51:35 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll
[2015/06/30 06:51:35 | 001,018,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll
[2015/06/30 06:51:35 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssvp.dll
[2015/06/30 06:51:35 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssvp.dll
[2015/06/30 06:51:35 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssph.dll
[2015/06/30 06:51:35 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssph.dll
[2015/06/30 06:51:35 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe
[2015/06/30 06:51:35 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2015/06/30 06:51:35 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authz.dll
[2015/06/30 06:51:35 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssphtb.dll
[2015/06/30 06:51:35 | 000,239,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys
[2015/06/30 06:51:35 | 000,154,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys
[2015/06/30 06:51:32 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpdshext.dll
[2015/06/29 12:12:41 | 001,996,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2015/06/29 12:12:17 | 006,026,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2015/06/29 12:12:16 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2015/06/29 12:12:16 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2015/06/29 12:12:16 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2015/06/29 12:12:16 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2015/06/29 12:12:15 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2015/06/29 12:12:14 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2015/06/29 12:12:14 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2015/06/29 12:12:14 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2015/06/29 12:12:14 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2015/06/29 12:12:14 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2015/06/29 12:12:14 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2015/06/29 12:12:14 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\html.iec
[2015/06/29 12:12:14 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec
[2015/06/29 12:12:14 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2015/06/29 12:12:14 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2015/06/29 12:12:13 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2015/06/29 12:12:13 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll
[2015/06/29 12:12:13 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2015/06/29 12:12:13 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2015/06/29 12:12:13 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2015/06/29 12:12:13 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inseng.dll
[2015/06/29 12:11:45 | 000,410,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\services.exe
[2015/06/29 12:11:44 | 000,653,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comctl32.dll
[2015/06/29 12:10:36 | 001,441,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2015/06/29 12:10:36 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll
[2015/06/29 12:10:36 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll
[2015/06/28 20:17:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/23 12:21:16 | 032,372,200 | ---- | C] (McAfee) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/07/07 23:08:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/07/07 22:46:57 | 000,865,408 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015/07/07 22:46:57 | 000,732,688 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2015/07/07 22:46:57 | 000,136,262 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2015/07/07 22:44:13 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/07/07 22:42:57 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/07/07 22:42:11 | 000,346,768 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015/07/07 22:42:01 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/07/07 22:41:57 | 2455,990,271 | -HS- | M] () -- C:\hiberfil.sys
[2015/07/07 22:33:00 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 10.lnk
[2015/07/07 21:25:43 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/07/07 21:12:11 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/06/30 16:38:32 | 032,372,200 | ---- | M] (McAfee) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2015/06/30 14:54:45 | 000,000,207 | ---- | M] () -- C:\WINDOWS\tweaking.com-regbackup-NANCYLAPTOP-Windows-8.1-(64-bit).dat
[2015/06/29 12:38:43 | 000,002,301 | ---- | M] () -- C:\Users\Nancy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/06/19 22:02:45 | 000,792,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2015/06/19 22:02:45 | 000,178,168 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/07/07 22:33:00 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
[2015/07/07 22:33:00 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 10.lnk
[2015/07/07 21:25:43 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/07/07 21:25:43 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/06/30 14:54:45 | 000,000,207 | ---- | C] () -- C:\WINDOWS\tweaking.com-regbackup-NANCYLAPTOP-Windows-8.1-(64-bit).dat
[2015/06/30 06:51:58 | 000,410,336 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2015/04/15 17:28:18 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2015/04/15 17:26:46 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2014/10/14 12:52:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\CommonDL.dll
[2014/10/14 12:52:20 | 000,002,411 | ---- | C] () -- C:\WINDOWS\SysWow64\lgAxconfig.ini
[2014/10/01 20:54:10 | 000,183,808 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/10/01 20:54:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2014/09/24 02:24:06 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2014/11/24 18:23:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 12:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 12:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 20:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 19:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 20:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Nancy\OneDrive:ms-properties

< End of report >
 

[flashh4]

Hi Nancy, run this fix !!

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the .  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLSRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe -- (mccspsvc)IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE:64bit:'>http://www.bing.com/...ms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{7A78C9A5-84FA-48FB-AFD5-2EE886F5869C}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJSIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{7A78C9A5-84FA-48FB-AFD5-2EE886F5869C}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJSIE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRCIE - HKCU\..\SearchScopes\{261B3530-792B-49B6-99EC-E0DD6CC18409}: "URL" = https://search.yahoo...p={searchTerms}FF - user.js - File not found[2015/07/07 21:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nancy\AppData\Roaming\mozilla\Extensions[2015/07/07 21:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensionsCHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn\2.2.3_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahfnihbbceiilhalikfkonbipolponko\2_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\CHR - Extension: No name found = C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not foundO8:64bit: - Extra context menu item: SafeKey Fill Forms - file://C:\Users\Nancy\AppData\LocalLow\SafeKey\context.html?cmd=fillforms File not foundO8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm File not foundO8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\Nancy\AppData\LocalLow\SafeKey\context.html?cmd=fillforms File not foundO8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O30 - LSA: Security Packages - (livessp) -  File not found:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.



Thanks

Chuck

 

[flashh4]

Nancy after you post the OTL Fix log i will need the Security Check log !!

 

Download Farbar Recovery Scan Tool, or FRST, from the following location: FRST Download Link >>> http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

When you click on the above link you will be brought to a download page. Please click on the Download Now 32-bit version or Download Now 64-bit version button depending on the bit type of your Windows version. If you are unsure what bit-type your installed Windows is, please consult this tutorial:

How to tell if you are running a 32-bit or 64-bit version of Windows  >>> http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/

 

Yours is a 64 Bit Nancy !!

Once you click on the appropriate download button, you will be brough to a downloading screen, where if you wait, the download will automatically start. If you see a prompt asking if you wish to Run or Save the file, please click on the Save button and save it to your desktop.


Figure 1: FRST Save File dialog box

Your browser will now download FRST and save it on your Desktop. When it is done downloading you will find an icon on your desktop that looks like Figure 2 below


Figure 2: FRST Icon

Now double-click on the FRST.exe or the FRST64.exe icon depending on which version you downloaded to start the program. Once you double-click the icon a User Account Control warning may also appear asking if you are sure you would like to run the program. This warning is shown in Figure 3 below.

Click on the Yes button to allow FRST to start. If no warning appeared, as shown above, then you should just continue reading.

FRST will now display a Disclaimer of Warranty window. Please read through this agreement, and if you agree to it, please click on the Yes button to continue. If you clicked on Yes, FRST will now open and you will be presented with the main window as shown below.



Figure 3. Farber Recovery Scan Tool Main Screen

  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

 

Post that log next !!

 

 

Thanks

Chuck
 

[jensennan]

All processes killed
========== OTL ==========
Service mccspsvc stopped successfully!
Service mccspsvc deleted successfully!
File C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A78C9A5-84FA-48FB-AFD5-2EE886F5869C}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A78C9A5-84FA-48FB-AFD5-2EE886F5869C}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A78C9A5-84FA-48FB-AFD5-2EE886F5869C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A78C9A5-84FA-48FB-AFD5-2EE886F5869C}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{261B3530-792B-49B6-99EC-E0DD6CC18409}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261B3530-792B-49B6-99EC-E0DD6CC18409}\ not found.
C:\Users\Nancy\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_metadata folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_TW folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\zh_CN folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\vi folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\uk folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\tr folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\th folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sv folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sr folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sl folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\sk folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ru folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\ro folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_PT folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pt_BR folder moved successfully.
C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\_locales\pl folder moved successfully.

[jensennan]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Nancy at 2015-07-11 22:17:19
Running from C:\Users\Nancy\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4115922744-2135760949-424016698-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-4115922744-2135760949-424016698-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4115922744-2135760949-424016698-1005 - Limited - Enabled)
Nancy (S-1-5-21-4115922744-2135760949-424016698-1001 - Administrator - Enabled) => C:\Users\Nancy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A80000000002}) (Version: 8.0.0 - Adobe Systems Incorporated)
Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.1.4 - ELAN Microelectronic Corp.)
DriverUpdate (HKLM-x32\...\{B2B04F8B-6444-4364-89C8-F3088D4E8D02}) (Version: 2.2.43335 - SlimWare Utilities, Inc.)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}) (Version: 2.5.0.0248 - Motorola Solutions, Inc)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
LGE LTE Driver Package (HKLM-x32\...\{DCAFB0C6-387A-4B49-AB77-03D50268D4E5}) (Version: 2.3.0.0218 - LG Electronics)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Verizon Wireless VL600 Firmware Updates (HKLM-x32\...\{9312D58D-1924-41E3-88A9-72CCA85F94B2}) (Version: 1.0.6 - Smith Micro Software, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4115922744-2135760949-424016698-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

04-06-2015 22:39:32 Scheduled Checkpoint
28-06-2015 19:01:19 Scheduled Checkpoint
07-07-2015 23:21:53 Removed SlimCleaner Plus

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-07-08 00:00 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2DCD8FEA-7964-4F57-AC4F-E6EE325F66DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {7DB388B4-EF77-42EB-8744-2172097A1F4A} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {8AE39672-1AE8-4CCF-80C6-F0894AA03A9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {A01ED62F-7702-4350-BAD9-47343872838F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B1426E82-F81B-42C4-AEA1-D0CEC979F3B8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {FCE8079D-4B63-4CAA-AD0B-C8318630EDFB} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-10-08 00:30 - 2012-04-24 21:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-10-08 00:23 - 2012-07-18 11:03 - 00165024 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2015-07-08 02:38 - 2015-07-08 02:38 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-10-08 00:29 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-04 21:30 - 2014-12-04 21:30 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
2012-10-08 00:24 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Nancy\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4115922744-2135760949-424016698-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 72.36.0.5 - 72.36.7.234

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A2588F18-18D6-44E2-8183-DF6091E35A3F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{121657D1-C45C-4799-BE38-76D84B4BF208}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0B420E81-6912-4619-8A6E-D17D082194CB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{43C624A1-0AD0-4B36-BE5B-5582E8BD8B5C}] => (Allow) LPort=1900
FirewallRules: [{F8D472E0-6959-4222-8EA0-F7D0FC88DB9E}] => (Allow) LPort=2869
FirewallRules: [{82F8E5C7-3949-4FC5-87AA-36C1303C5A87}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{438B62F0-BE09-4BD8-93E9-FCF79164D3B4}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3FD158B3-1D41-449F-BFEE-462F0D14D9B5}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4AE6B18B-49D8-4E01-9870-0721EA1A1FBF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{AE9FBAB6-0530-48B1-9715-5ED328113967}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{5E32EA48-8913-457B-8C44-D7722D561F58}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{EDAF62E5-74B6-4D7C-B42B-4B2FE24488DE}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{47D696B2-18A2-4FFD-8022-9A1D8D012684}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{62F394B1-8F09-47B2-8A39-7331782CB092}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{197D2A5D-C689-470F-9461-1842FBFAA620}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DE72E2A-0969-4FC2-AE66-CFAE99A77B5D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BD44B79-34C3-4C9D-9203-70677CD05977}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{482540D0-1A6E-4291-A165-C65B61C0F6FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{313ABE28-DFA9-4889-B9C8-9CA2BA0DB80B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FE8B848A-70C3-43FB-B069-4A8A97B318A5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2015 04:01:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x510
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (07/07/2015 10:41:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DeviceAssociationService, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000374
Fault offset: 0x00000000000f0f20
Faulting process id: 0x184
Faulting application start time: 0xsvchost.exe_DeviceAssociationService0
Faulting application path: svchost.exe_DeviceAssociationService1
Faulting module path: svchost.exe_DeviceAssociationService2
Report Id: svchost.exe_DeviceAssociationService3
Faulting package full name: svchost.exe_DeviceAssociationService4
Faulting package-relative application ID: svchost.exe_DeviceAssociationService5

Error: (07/07/2015 09:08:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ca8

Start Time: 01d0b765c78c773d

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 42e8ee9f-2516-11e5-beb4-84a6c89777b8

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (06/30/2015 04:51:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 16.1.0.0, time stamp: 0x521e80f5
Faulting module name: MurocApi.dll, version: 16.1.0.0, time stamp: 0x521e7ff7
Exception code: 0xc0000005
Fault offset: 0x0000000000026570
Faulting process id: 0x500
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5

Error: (06/30/2015 04:36:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 16.1.0.0, time stamp: 0x521e80f5
Faulting module name: MurocApi.dll, version: 16.1.0.0, time stamp: 0x521e7ff7
Exception code: 0xc0000005
Fault offset: 0x0000000000026570
Faulting process id: 0x7ec
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5

Error: (06/30/2015 04:19:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11ac

Start Time: 01d0b37a52a7fc80

Termination Time: 16

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: aa9ded63-1f6d-11e5-beb1-84a6c89777b8

Faulting package full name:

Faulting package-relative application ID:

Error: (06/30/2015 04:05:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WWAHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d78

Start Time: 01d0b37859751556

Termination Time: 4294967295

Application Path: C:\Windows\System32\WWAHost.exe

Report Id: aa281e38-1f6b-11e5-beb0-84a6c89777b8

Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: Windows.Store

Error: (06/30/2015 04:04:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: NANCYLAPTOP)
Description: Package winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store was terminated because it took too long to suspend.

Error: (06/30/2015 03:48:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 16.1.0.0, time stamp: 0x521e80f5
Faulting module name: MurocApi.dll, version: 16.1.0.0, time stamp: 0x521e7ff7
Exception code: 0xc0000005
Fault offset: 0x0000000000026570
Faulting process id: 0x8a4
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5

Error: (06/30/2015 03:22:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NANCYLAPTOP)
Description: Activation of app Facebook.Facebook_8xx8rvfyw5nnt!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (07/11/2015 09:59:41 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.103 with the system
having network hardware address 10-A5-D0-E9-3A-9D. Network operations on this system may
be disrupted as a result.

Error: (07/11/2015 09:59:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LGE NDIS Connection Service service failed to start due to the following error:
%%1053

Error: (07/11/2015 09:59:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LGE NDIS Connection Service service to connect.

Error: (07/11/2015 09:57:12 PM) (Source: DCOM) (EventID: 10010) (User: NANCYLAPTOP)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1

Error: (07/11/2015 09:57:11 PM) (Source: DCOM) (EventID: 10010) (User: NANCYLAPTOP)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/11/2015 09:57:11 PM) (Source: DCOM) (EventID: 10010) (User: NANCYLAPTOP)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/11/2015 09:57:11 PM) (Source: DCOM) (EventID: 10010) (User: NANCYLAPTOP)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/11/2015 09:57:11 PM) (Source: DCOM) (EventID: 10010) (User: NANCYLAPTOP)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/11/2015 09:57:11 PM) (Source: DCOM) (EventID: 10010) (User: NANCYLAPTOP)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/07/2015 11:59:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Classic Shell Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (07/08/2015 04:01:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f51001d0b9c139a3f8a7C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll77fb06c3-25b4-11e5-beb6-84a6c89777b8

Error: (07/07/2015 10:41:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DeviceAssociationService6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f2018401d0b925ffe8bf4aC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll36d47e5f-2523-11e5-beb5-84a6c89777b8

Error: (07/07/2015 09:08:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.174151ca801d0b765c78c773d4294967295C:\WINDOWS\system32\backgroundTaskHost.exe42e8ee9f-2516-11e5-beb4-84a6c89777b8Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nntApp

Error: (06/30/2015 04:51:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.1.0.0521e80f5MurocApi.dll16.1.0.0521e7ff7c0000005000000000002657050001d0b37eb6343736C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll1a4f4c1e-1f72-11e5-beb3-84a6c89777b8

Error: (06/30/2015 04:36:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.1.0.0521e80f5MurocApi.dll16.1.0.0521e7ff7c000000500000000000265707ec01d0b37ca1782066C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll062947dd-1f70-11e5-beb2-84a6c89777b8

Error: (06/30/2015 04:19:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1741611ac01d0b37a52a7fc8016C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEaa9ded63-1f6d-11e5-beb1-84a6c89777b8

Error: (06/30/2015 04:05:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.3.9600.17415d7801d0b378597515564294967295C:\Windows\System32\WWAHost.exeaa281e38-1f6b-11e5-beb0-84a6c89777b8winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store

Error: (06/30/2015 04:04:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: NANCYLAPTOP)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store

Error: (06/30/2015 03:48:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.1.0.0521e80f5MurocApi.dll16.1.0.0521e7ff7c000000500000000000265708a401d0b376199a368eC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll620d6f67-1f69-11e5-beaf-84a6c89777b8

Error: (06/30/2015 03:22:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NANCYLAPTOP)
Description: Facebook.Facebook_8xx8rvfyw5nnt!App-2144927142


CodeIntegrity Errors:
===================================
  Date: 2015-01-30 15:04:24.928
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\Dell.WelcomeGuide.exe) attempted to load \Device\HarddiskVolume5\Program Files\WindowsApps\DellInc.DellGettingStartedwithWindows8_1.0.0.35_neutral__htrsf667h5kn2\GalaSoft.MvvmLight.Win8.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 25%
Total physical RAM: 8047.77 MB
Available physical RAM: 6002.24 MB
Total Virtual: 17263.77 MB
Available Virtual: 15110.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918 GB) (Free:864.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B59B00BD)

Partition: GPT Partition Type.

==================== End of log ============================

[jensennan]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Nancy (administrator) on NANCYLAPTOP on 11-07-2015 22:16:34
Running from C:\Users\Nancy\Downloads
Loaded Profiles: Nancy (Available Profiles: Nancy & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(PC-Doctor, Inc.) C:\Program Files\Dell Support Center\uaclauncher.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2898768 2012-07-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5752480 2012-07-11] (Dell Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKU\S-1-5-21-4115922744-2135760949-424016698-1001\...\MountPoints2: {6409e73c-89b7-11e2-be6c-806e6f6e6963} - "D:\Kodak.exe"
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk [2015-06-30]
ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2015-02-16]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk [2015-02-16]
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2012-12-29] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2012-12-29] (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4115922744-2135760949-424016698-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us/?pc=U143&ocid=U143DHP
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4115922744-2135760949-424016698-1001 -> {7A78C9A5-84FA-48FB-AFD5-2EE886F5869C} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2012-12-29] (IvoSoft)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll [2012-12-29] (IvoSoft)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2012-12-29] (IvoSoft)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll [2012-12-29] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2012-12-29] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2012-12-29] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 72.36.0.5 72.36.7.234
Tcpip\..\Interfaces\{67FD1085-8141-4696-90FC-F32564F8BCD1}: [DhcpNameServer] 72.36.0.5 72.36.7.234
Tcpip\..\Interfaces\{A2E55218-823E-4C90-9562-7CAF0440406A}: [DhcpNameServer] 198.224.164.135 198.224.160.135
Tcpip\..\Interfaces\{B549870A-FE13-439B-8D4C-23E291293BEE}: [DhcpNameServer] 198.224.164.135 198.224.160.135

FireFox:
========
FF ProfilePath: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\m1h9rkws.default
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-29] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2014-12-23]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahfnihbbceiilhalikfkonbipolponko [2015-01-09]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-12-23]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-12]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) [File not signed]
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-06] (Conexant Systems, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 LGE NDIS Connection Service; C:\Program Files (x86)\LG Electronics\LGE LTE Driver\LGVL600SVC.exe [140224 2010-12-13] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 LGELTEBus; C:\Windows\System32\drivers\LGELTEBus.sys [42496 2011-02-16] (LG Electronics )
S3 LGELTEmdm; C:\Windows\system32\DRIVERS\LGELTEmdm.sys [116480 2011-02-16] (LG Electronics )
S3 LGELTEMux; C:\Windows\System32\drivers\LGELTEMux.sys [47104 2011-02-16] (LG Electronics )
S3 LGELTENdis; C:\Windows\system32\DRIVERS\LGELTENdis.sys [52736 2011-02-16] (LG Electronics )
S3 LGELTEprt; C:\Windows\system32\DRIVERS\LGELTEprt.sys [117120 2011-02-16] (LG Electronics )
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 22:16 - 2015-07-11 22:16 - 00015256 _____ C:\Users\Nancy\Downloads\FRST.txt
2015-07-11 22:16 - 2015-07-11 22:16 - 00000000 ____D C:\FRST
2015-07-11 22:12 - 2015-07-11 22:12 - 02130944 _____ (Farbar) C:\Users\Nancy\Downloads\FRST64.exe
2015-07-11 22:10 - 2015-07-11 22:10 - 01634816 _____ (Farbar) C:\Users\Nancy\Downloads\FRST.exe
2015-07-11 22:07 - 2015-07-11 22:07 - 00000000 ____D C:\Users\Nancy\AppData\Local\GWX
2015-07-07 23:59 - 2015-07-07 23:59 - 00000000 ____D C:\_OTL
2015-07-07 23:36 - 2015-07-07 23:36 - 00065232 _____ C:\Users\Nancy\Downloads\Extras.Txt
2015-07-07 23:35 - 2015-07-07 23:35 - 00128106 _____ C:\Users\Nancy\Downloads\OTL.Txt
2015-07-07 23:29 - 2015-07-07 23:29 - 00602112 _____ (OldTimer Tools) C:\Users\Nancy\Downloads\OTL.com
2015-07-07 22:52 - 2015-07-07 22:52 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Nancy\Downloads\mbam-setup-2.1.8.1057(1).exe
2015-07-07 22:39 - 2015-07-07 22:39 - 02244096 _____ C:\Users\Nancy\Downloads\adwcleaner_4.207(1).exe
2015-07-07 22:34 - 2015-07-07 22:34 - 00000000 ____D C:\Users\Nancy\AppData\Local\TeamViewer
2015-07-07 22:33 - 2015-07-07 22:33 - 00001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-07-07 22:33 - 2015-07-07 22:33 - 00001045 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-07-07 22:32 - 2015-07-07 22:41 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-07 22:27 - 2015-07-07 22:28 - 08009896 _____ (TeamViewer GmbH) C:\Users\Nancy\Downloads\TeamViewer_Setup_en(3).exe
2015-07-07 22:27 - 2015-07-07 22:27 - 08009896 _____ (TeamViewer GmbH) C:\Users\Nancy\Downloads\TeamViewer_Setup_en(2).exe
2015-07-07 22:26 - 2015-07-07 22:27 - 08009896 _____ (TeamViewer GmbH) C:\Users\Nancy\Downloads\TeamViewer_Setup_en(1).exe
2015-07-07 22:26 - 2015-07-07 22:26 - 08009896 _____ (TeamViewer GmbH) C:\Users\Nancy\Downloads\TeamViewer_Setup_en.exe
2015-07-07 21:54 - 2015-07-07 21:54 - 02953676 _____ (Malwarebytes Corporation) C:\Users\Nancy\Downloads\JRT (2).exe
2015-07-07 21:51 - 2015-07-07 21:51 - 02953676 _____ (Malwarebytes Corporation) C:\Users\Nancy\Downloads\JRT (1).exe
2015-07-07 21:50 - 2015-07-07 21:50 - 02953676 _____ (Malwarebytes Corporation) C:\Users\Nancy\Downloads\JRT.exe
2015-07-07 21:28 - 2015-07-07 21:28 - 02244096 _____ C:\Users\Nancy\Downloads\adwcleaner_4.207 (1).exe
2015-07-07 21:25 - 2015-07-11 22:02 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Mozilla
2015-07-07 21:25 - 2015-07-07 22:05 - 00000000 ____D C:\Users\Nancy\AppData\Local\Mozilla
2015-07-07 21:25 - 2015-07-07 21:25 - 41128904 _____ C:\Users\Nancy\Downloads\Firefox Setup 39.0.exe
2015-07-07 21:25 - 2015-07-07 21:25 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-07 21:25 - 2015-07-07 21:25 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-07 21:25 - 2015-07-07 21:25 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-07 21:25 - 2015-07-07 21:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-07 21:25 - 2015-07-07 21:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-07 21:08 - 2015-07-07 21:08 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Nancy\Downloads\mbam-setup-2.1.8.1057.exe
2015-06-30 17:45 - 2015-04-30 15:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-30 17:45 - 2015-04-30 15:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-30 14:54 - 2015-06-30 14:54 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-NANCYLAPTOP-Windows-8.1-(64-bit).dat
2015-06-30 14:54 - 2015-06-30 14:54 - 00000000 ____D C:\RegBackup
2015-06-30 06:51 - 2015-05-25 08:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-30 06:51 - 2015-05-25 08:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-30 06:51 - 2015-05-22 08:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-30 06:51 - 2015-05-21 08:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-30 06:51 - 2015-05-21 08:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-30 06:51 - 2015-05-21 08:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-30 06:51 - 2015-05-21 08:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-30 06:51 - 2015-05-21 08:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-30 06:51 - 2015-05-21 08:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-30 06:51 - 2015-04-16 17:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-30 06:51 - 2015-04-16 01:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-30 06:51 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-30 06:51 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-30 06:51 - 2015-04-09 19:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-30 06:51 - 2015-04-09 19:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-06-30 06:51 - 2015-04-09 19:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-30 06:51 - 2015-04-09 19:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-06-30 06:51 - 2015-04-08 17:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-30 06:51 - 2015-04-08 17:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-30 06:51 - 2015-04-02 19:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-06-30 06:51 - 2015-04-02 19:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-06-30 06:51 - 2015-04-01 17:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-30 06:51 - 2015-04-01 17:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-30 06:51 - 2015-04-01 17:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-06-30 06:51 - 2015-04-01 17:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-06-30 06:51 - 2015-03-31 23:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-30 06:51 - 2015-03-31 23:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-30 06:51 - 2015-03-31 23:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-30 06:51 - 2015-03-31 23:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-30 06:51 - 2015-03-31 22:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-30 06:51 - 2015-03-31 22:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-06-30 06:51 - 2015-03-31 22:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-30 06:51 - 2015-03-31 22:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-30 06:51 - 2015-03-31 21:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-30 06:51 - 2015-03-31 21:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-30 06:51 - 2015-03-31 21:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-30 06:51 - 2015-03-31 21:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-30 06:51 - 2015-03-31 21:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-06-30 06:51 - 2015-03-31 21:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-30 06:51 - 2015-03-31 21:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-30 06:51 - 2015-03-19 22:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-30 06:51 - 2015-03-19 22:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-30 06:51 - 2015-03-19 21:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-30 06:51 - 2015-03-19 21:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-30 06:51 - 2015-03-19 20:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-06-30 06:51 - 2015-03-17 12:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-06-30 06:51 - 2015-03-12 23:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-06-30 06:51 - 2015-03-12 23:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-06-30 06:51 - 2015-03-12 21:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-06-30 06:51 - 2015-03-12 20:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-06-30 06:51 - 2015-03-12 19:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-06-30 06:51 - 2015-03-10 20:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-06-30 06:51 - 2015-03-10 20:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-06-30 06:51 - 2015-03-08 21:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-06-30 06:51 - 2015-03-05 22:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-06-30 06:51 - 2015-03-05 21:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-06-30 06:51 - 2015-03-05 21:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-06-30 06:51 - 2015-03-03 20:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-06-30 06:51 - 2015-03-03 20:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-06-30 06:51 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-30 06:51 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-30 06:51 - 2015-02-17 18:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-06-30 06:51 - 2015-01-29 19:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-06-30 06:51 - 2014-11-14 01:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-06-29 19:19 - 2015-06-30 15:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-06-29 12:40 - 2015-06-29 12:40 - 02244096 _____ C:\Users\Nancy\Downloads\adwcleaner_4.207.exe
2015-06-29 12:12 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-29 12:12 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-29 12:12 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-29 12:12 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-29 12:12 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-29 12:12 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-29 12:12 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-29 12:12 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-29 12:12 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-29 12:12 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-29 12:12 - 2015-05-22 21:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-29 12:12 - 2015-05-22 21:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-29 12:12 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-29 12:12 - 2015-05-22 21:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-29 12:12 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-29 12:12 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-29 12:12 - 2015-05-22 21:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-29 12:12 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-29 12:12 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-29 12:12 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-29 12:12 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-29 12:12 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-29 12:12 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-29 12:12 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-29 12:12 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-29 12:12 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-29 12:12 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-29 12:12 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-29 12:12 - 2015-05-22 13:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-29 12:12 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-29 12:12 - 2015-05-22 13:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-29 12:12 - 2015-05-22 13:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-29 12:12 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-29 12:12 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-29 12:12 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-29 12:12 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-29 12:12 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-29 12:12 - 2015-05-22 12:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-29 12:12 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-29 12:12 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-29 12:12 - 2015-04-30 18:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-06-29 12:12 - 2015-04-30 17:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-06-29 12:12 - 2015-04-21 11:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-06-29 12:12 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-06-29 12:12 - 2015-04-21 10:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-06-29 12:12 - 2015-04-09 20:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-06-29 12:12 - 2015-04-09 19:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-06-29 12:12 - 2015-04-09 19:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-06-29 12:11 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-29 12:11 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-29 12:11 - 2015-04-08 17:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-06-29 12:10 - 2015-05-21 11:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-29 12:10 - 2015-03-30 00:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-06-29 12:10 - 2015-03-26 22:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-06-29 12:10 - 2015-03-26 21:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-06-29 12:10 - 2015-03-26 21:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-06-28 20:17 - 2015-07-07 22:41 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 22:16 - 2014-10-11 20:16 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4115922744-2135760949-424016698-1001
2015-07-11 22:11 - 2014-11-18 20:03 - 01065244 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-11 22:10 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-11 22:08 - 2014-10-14 14:39 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-11 22:05 - 2014-11-24 18:30 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{096CF776-37E2-48DE-B3CF-4BF12A22FC60}
2015-07-11 22:04 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-11 22:02 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-11 22:00 - 2014-12-08 16:57 - 00000000 ___RD C:\Users\Nancy\OneDrive
2015-07-11 22:00 - 2014-10-14 14:38 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-11 21:59 - 2014-09-24 02:03 - 00607830 _____ C:\WINDOWS\PFRO.log
2015-07-11 21:59 - 2013-08-22 09:46 - 00331913 _____ C:\WINDOWS\setupact.log
2015-07-11 21:59 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-11 21:57 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-08 05:02 - 2015-05-12 21:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-08 05:02 - 2015-05-12 21:00 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-08 00:06 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-07 23:23 - 2014-10-14 14:36 - 00000000 ____D C:\Program Files (x86)\Verizon Wireless
2015-07-07 22:46 - 2014-09-24 02:15 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-07 22:42 - 2013-08-22 09:44 - 00346768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-07 21:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-07 21:12 - 2014-10-14 15:00 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-05 05:08 - 2014-12-08 15:02 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-06-30 18:30 - 2014-11-24 18:30 - 00000000 __SHD C:\Users\Nancy\AppData\Local\EmieUserList
2015-06-30 18:30 - 2014-11-24 18:30 - 00000000 __SHD C:\Users\Nancy\AppData\Local\EmieSiteList
2015-06-30 18:30 - 2014-11-24 18:30 - 00000000 __SHD C:\Users\Nancy\AppData\Local\EmieBrowserModeList
2015-06-30 18:20 - 2014-12-23 09:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-30 18:20 - 2014-11-18 19:49 - 00000000 ____D C:\Users\Nancy
2015-06-30 18:20 - 2014-09-24 04:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-30 18:20 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-30 18:20 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-06-30 18:20 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-30 18:20 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-06-30 18:16 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-06-30 17:43 - 2014-10-15 00:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-30 17:27 - 2014-09-24 01:53 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-30 16:58 - 2014-10-11 20:58 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Malwarebytes
2015-06-30 16:58 - 2014-10-11 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-30 16:01 - 2012-10-08 00:32 - 00000000 ____D C:\ProgramData\McAfee
2015-06-30 16:01 - 2012-10-08 00:32 - 00000000 ____D C:\Program Files\mcafee
2015-06-30 16:01 - 2012-10-08 00:32 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-06-30 15:59 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-06-30 15:59 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-06-29 12:03 - 2014-10-14 14:39 - 00003902 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-29 12:03 - 2014-10-14 14:38 - 00003666 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-19 22:02 - 2015-05-12 21:07 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 22:02 - 2015-05-12 21:07 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-10-13 19:15 - 2014-10-13 19:15 - 50053120 _____ () C:\Program Files (x86)\GUTCD1F.tmp
2014-12-23 12:21 - 2015-06-30 16:38 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-10-08 00:32 - 2012-10-08 00:32 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-10-08 00:29 - 2012-10-08 00:29 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-10-08 00:29 - 2012-10-08 00:30 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-10-08 00:28 - 2012-10-08 00:29 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-10-08 00:30 - 2012-10-08 00:31 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-08 05:02

==================== End of log ============================

 

 

 

Thanks Chuck for all your wonderfull help !!

[flashh4]

Hey Nancy, lets continue !!

 

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4115922744-2135760949-424016698-1001 -> {7A78C9A5-84FA-48FB-AFD5-2EE886F5869C} URL =
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2014-12-23]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahfnihbbceiilhalikfkonbipolponko [2015-01-09]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-12-23]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-12]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-14]
CHR Extension: (No Name) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-14]


Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

 

 

Thanks

Chuck

[flashh4]

Ok almost done !!

 

Clean up of Malware Removal Tools

Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

    Download Delfix to your desktop and double click it to start the program here             
    Ensure Remove disinfection tools is ticked
    Also tick:
    o Create registry backup
    o Purge system restore
    o Reset system settings

    o Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

[flashh4]

Nancy, you are clean as far as i can tell !!

 

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
NoScript

adblock plus

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware .

 
Let me know how it's running ?
Any problems ?
It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!

Thanks
Chuck

 

Let me know if you are happy with my work & our web site, please recommend us if you are pleased !!

[jensennan]

Thanks once again for cleaning up the mess the local "expert" charged me to do- Glad to know an honest man I can trust completely! Will Strongly recommend you to ANYONE with problems. Thank you for your patients and expertise! I owe you big time! Your amazing!- Nancy

[jensennan]

You amaze me! I have literally spent hundreds trying to clean this laptop myself and with local experts- It is finally "Really" clean and running better than when I first bought it! A MILLION Thanks

[flashh4]

Your welcome Nancy !!

 

I will lock this topic in 5 days ! If you need it re-opened just PM me or any Mod !

 

Thanks

Chuck

[flashh4]

These problems have been resolved & computer is clean ! I will now close this topic, if you need it re-opened please PM me or any Mod !

 

Thanks

Chuck