1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

    Dismiss Notice

starts in a temp user mode

Discussion in 'Virus, Spyware and Malware Removal Help' started by Cristoff, Sep 2, 2015.

  1. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    Hi guys,
    I wish it had been longer since I was here again but oh well. one of my i7's is constantly starting in temp user mode and is running very slow. My wife ran a Dell system chk that popped up and it said we are in danger of losing a drive and of course they wanted us to contact them so they could sell us a new one...I await your commands oh wise ones!!!
     
  2. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

    Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

    1. If the dashboard is not already displayed select it.
    2. Then select "Update Now" to get the latest database.
    [​IMG]

    1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
    2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.
    [​IMG]


    Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.


    [​IMG]


    Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.


    [​IMG]


    When the scan is finished

    1. Click "Save Results"
    2. Then click on "Text file"

    [​IMG]


    A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, again save it to the desktop.
    Please copy and paste the contents of this file in your next post.

    Second thing that we will need is an Adware Cleaner Log.

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:AdwCleaner[s1].txt as well.
    Third step, we will need a Rogue Killer Log.

    Download Rogue Killer and save it to your Desktop, you will need the version compatible with your machine.

    CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.



    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.


    Fourth step is a log from Farbar Scan & Recovery Tool.

    Please download and save FRST 64bit or FRST 32 bit to your Desktop.


    CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.



    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Make sure that Addition option is checked.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  3. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
  4. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    # AdwCleaner v5.007 - Logfile created 09/09/2015 at 14:52:42
    # Updated 08/09/2015 by Xplode
    # Database : 2015-09-08.2 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Administrator - GAVENDATRIBE
    # Running from : C:\Users\Administrator\Downloads\adwcleaner_5.007.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    Folder Found : C:\ftb
    Folder Found : C:\ProgramData\{6AACA38B-2810-4B47-BDEC-D7A1F38B1531}

    ***** [ Files ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    Task Found : IHSelfDeleteTASK
    Task Found : IHUninstallTrackingTASK

    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
    Key Found : HKLM\SOFTWARE\Yahoo\Companion
    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

    ***** [ Web browsers ] *****

    [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
    [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1400 bytes] ##########

    FRST.txt


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
    Ran by Administrator (administrator) on GAVENDATRIBE (09-09-2015 17:45:51)
    Running from C:\Users\Administrator\Downloads
    Loaded Profiles: Administrator (Available Profiles: boinc_master & Administrator)
    Platform: Windows 8.1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
    (DELL INC.) C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
    (Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
    () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Dell Inc.) C:\Program Files (x86)\DELL\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
    (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
    (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    (Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
    (Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_cep2_7.00_windows_intelx86
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_ugm1_7.28_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_cep2_qchem_prod_win32.exe.7.00
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
    HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
    HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [68928 2015-03-09] (Space Sciences Laboratory)
    HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8926016 2015-03-09] (Space Sciences Laboratory)
    HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12303728 2015-07-13] (Zemana Ltd.)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2014-02-02] (Power Software Ltd)
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-19] (AVAST Software)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-08-16]
    ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-08-16]
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11
    Tcpip\..\Interfaces\{62D4712E-EF7E-42E9-AA1A-07AD46238ADE}: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
    HKU\S-1-5-21-2966268020-819485515-415158216-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com
    HKU\S-1-5-21-2966268020-819485515-415158216-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-19] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-19] (AVAST Software)
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-08-30] (LastPass)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-19] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-25] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-19] (AVAST Software)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-08-30] (LastPass)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-08-30] (LastPass)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-08-30] (LastPass)
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\szysrig5.default
    FF DefaultSearchEngine: Yahoo
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
    FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-19] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-19] (Oracle Corporation)
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-08-16] (LastPass)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-22] (Adobe Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation)
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-08-16] (LastPass)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-12] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\npMotive.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
    FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\szysrig5.default\searchplugins\search.xml [2015-09-09]
    FF Extension: LastPass - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\szysrig5.default\Extensions\support@lastpass.com [2015-09-04]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-17]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-06]

    Chrome:
    =======
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-30]
    CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-30]
    CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-30]
    CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-30]
    CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-30]
    CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
    CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-30]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-08-30]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-30]
    CHR Extension: (Skype Click to Call) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-30]
    CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-30]
    CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]
    CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-19] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-08-19] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-08-19] (Avast Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
    R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [73728 2012-08-01] () [File not signed]
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
    R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [163576 2015-08-11] ()
    R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [81168 2015-05-17] (Reason Software Company Inc.)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] () [File not signed]
    R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.) [File not signed]
    R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12303728 2015-07-13] (Zemana Ltd.)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-19] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-19] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-19] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-08-19] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-19] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-19] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-19] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-19] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-19] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-19] (AVAST Software)
    S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
    S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
    R3 FintekCIR; C:\Windows\system32\DRIVERS\FintekCIR.sys [33128 2012-06-07] (Fintek)
    R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2014-11-03] (Glarysoft Ltd)
    S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-07-31] (Atheros)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-09] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-08-19] (AVAST Software)
    S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-09-02] ()
    S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2012-07-31] (Qualcomm Atheros Communications Inc.) [File not signed]
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-08-19] (Avast Software)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
    R1 ZAM; C:\windows\System32\drivers\zam64.sys [109432 2015-07-14] (Zemana Ltd.)
    R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [109432 2015-07-14] (Zemana Ltd.)
    S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-09 17:45 - 2015-09-09 17:46 - 00028831 _____ C:\Users\Administrator\Downloads\FRST.txt
    2015-09-09 17:45 - 2015-09-09 17:46 - 00000000 ____D C:\FRST
    2015-09-09 17:44 - 2015-09-09 17:45 - 02190336 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
    2015-09-09 16:57 - 2015-09-09 16:57 - 00787114 _____ C:\Users\Administrator\Desktop\roguekiller.html
    2015-09-09 15:10 - 2015-09-09 16:57 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-09-09 15:10 - 2015-09-09 15:10 - 00037624 _____ C:\windows\system32\Drivers\TrueSight.sys
    2015-09-09 15:09 - 2015-09-09 15:10 - 22727240 _____ C:\Users\Administrator\Downloads\RogueKillerX64.exe
    2015-09-09 15:05 - 2015-09-09 15:05 - 00014759 _____ C:\Users\Administrator\Desktop\AdwCleaner[S1].odt
    2015-09-09 15:04 - 2015-09-09 15:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\OpenOffice
    2015-09-09 14:52 - 2015-09-09 15:05 - 00000000 ____D C:\AdwCleaner
    2015-09-09 14:50 - 2015-09-09 14:50 - 01660416 _____ C:\Users\Administrator\Downloads\adwcleaner_5.007.exe
    2015-09-09 14:47 - 2015-09-09 14:47 - 00001052 _____ C:\Users\Administrator\Desktop\malware txt.txt
    2015-09-09 05:03 - 2015-08-26 19:48 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2015-09-09 05:03 - 2015-08-26 11:00 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2015-09-09 05:03 - 2015-08-26 11:00 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2015-09-09 05:03 - 2015-08-26 11:00 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2015-09-09 05:03 - 2015-08-26 11:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2015-09-09 05:03 - 2015-08-26 07:46 - 03705344 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2015-09-09 05:03 - 2015-08-26 07:29 - 02240512 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2015-09-09 05:03 - 2015-08-26 07:27 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2015-09-09 05:03 - 2015-08-26 07:27 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2015-09-09 05:03 - 2015-08-26 07:26 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2015-09-09 05:03 - 2015-08-26 07:26 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2015-09-09 05:03 - 2015-08-26 07:26 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2015-09-09 05:03 - 2015-06-27 04:47 - 00118616 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
    2015-09-09 05:02 - 2015-09-02 19:18 - 02531400 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
    2015-09-09 05:02 - 2015-09-02 19:17 - 01903848 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
    2015-09-09 05:02 - 2015-09-02 11:48 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2015-09-09 05:02 - 2015-09-02 10:09 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2015-09-09 05:02 - 2015-09-01 19:56 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2015-09-09 05:02 - 2015-09-01 19:55 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
    2015-09-09 05:02 - 2015-09-01 19:50 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
    2015-09-09 05:02 - 2015-09-01 19:17 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
    2015-09-09 05:02 - 2015-09-01 19:13 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
    2015-09-09 05:02 - 2015-08-22 11:19 - 25188352 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-09-09 05:02 - 2015-08-22 10:35 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-09-09 05:02 - 2015-08-22 10:34 - 00585216 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-09-09 05:02 - 2015-08-22 10:22 - 19856384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2015-09-09 05:02 - 2015-08-22 10:21 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2015-09-09 05:02 - 2015-08-22 10:20 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-09-09 05:02 - 2015-08-22 09:55 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2015-09-09 05:02 - 2015-08-22 09:50 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2015-09-09 05:02 - 2015-08-22 09:50 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2015-09-09 05:02 - 2015-08-22 09:45 - 00665600 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2015-09-09 05:02 - 2015-08-22 09:44 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2015-09-09 05:02 - 2015-08-22 09:41 - 14451712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-09-09 05:02 - 2015-08-22 09:41 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-09-09 05:02 - 2015-08-22 09:41 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2015-09-09 05:02 - 2015-08-22 09:41 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2015-09-09 05:02 - 2015-08-22 09:39 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2015-09-09 05:02 - 2015-08-22 09:28 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2015-09-09 05:02 - 2015-08-22 09:26 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-09-09 05:02 - 2015-08-22 09:23 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2015-09-09 05:02 - 2015-08-22 09:22 - 12857344 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2015-09-09 05:02 - 2015-08-22 09:20 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2015-09-09 05:02 - 2015-08-22 09:18 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2015-09-09 05:02 - 2015-08-22 09:18 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2015-09-09 05:02 - 2015-08-22 09:18 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2015-09-09 05:02 - 2015-08-22 09:14 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-09-09 05:02 - 2015-08-22 09:01 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2015-09-09 05:02 - 2015-08-22 09:00 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2015-09-09 05:02 - 2015-08-22 08:56 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2015-09-09 05:02 - 2015-08-22 08:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2015-09-09 05:02 - 2015-08-03 14:15 - 00074928 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
    2015-09-09 05:02 - 2015-08-03 14:15 - 00065600 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
    2015-09-09 05:02 - 2015-08-01 07:22 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
    2015-09-09 05:02 - 2015-07-31 20:47 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\schtasks.exe
    2015-09-09 05:02 - 2015-07-31 20:45 - 00182784 _____ (Microsoft Corporation) C:\windows\SysWOW64\schtasks.exe
    2015-09-09 05:02 - 2015-07-31 20:38 - 01265152 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
    2015-09-09 05:02 - 2015-07-31 20:37 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\taskeng.exe
    2015-09-09 05:02 - 2015-07-31 20:37 - 00359936 _____ (Microsoft Corporation) C:\windows\SysWOW64\taskeng.exe
    2015-09-09 05:02 - 2015-07-30 10:18 - 00268288 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
    2015-09-09 05:02 - 2015-07-30 09:22 - 00230912 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
    2015-09-09 05:02 - 2015-07-22 07:34 - 02775552 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
    2015-09-09 05:02 - 2015-07-22 07:33 - 01728000 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Immersive.dll
    2015-09-09 05:02 - 2015-07-22 07:25 - 02461184 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
    2015-09-09 05:02 - 2015-07-22 07:25 - 01546752 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Immersive.dll
    2015-09-09 05:02 - 2015-07-22 07:19 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
    2015-09-09 05:02 - 2015-07-22 06:52 - 01633792 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
    2015-09-09 05:02 - 2015-07-18 11:31 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\shacct.dll
    2015-09-09 05:02 - 2015-07-18 11:29 - 00655872 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
    2015-09-09 05:02 - 2015-07-18 11:29 - 00148480 _____ (Microsoft Corporation) C:\windows\SysWOW64\shacct.dll
    2015-09-09 05:02 - 2015-07-18 11:27 - 00520192 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
    2015-09-09 05:02 - 2015-07-17 07:15 - 00951296 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
    2015-09-09 05:02 - 2015-07-17 07:10 - 00749568 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
    2015-09-09 05:02 - 2015-07-13 20:27 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\tzsync.exe
    2015-09-09 05:02 - 2015-07-13 12:10 - 00411455 _____ C:\windows\system32\ApnDatabase.xml
    2015-09-09 05:02 - 2015-07-10 12:06 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys
    2015-09-09 05:02 - 2015-07-09 09:14 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2015-09-09 05:02 - 2015-07-03 14:51 - 01380056 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
    2015-09-09 05:02 - 2015-07-03 07:00 - 01097216 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
    2015-09-09 05:02 - 2015-06-19 10:07 - 02819072 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
    2015-09-03 17:08 - 2015-09-03 17:08 - 42685092 _____ C:\Users\Administrator\Downloads\TeamSpeak3-Client-linux_amd64-3.0.17.run
    2015-09-02 10:43 - 2015-09-02 10:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
    2015-09-02 10:41 - 2015-09-02 10:41 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
    2015-09-02 10:41 - 2015-09-02 10:41 - 00000000 ____D C:\windows\SysWOW64\sda
    2015-09-02 10:41 - 2013-08-09 02:25 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
    2015-09-02 10:41 - 2013-08-09 02:25 - 00099288 _____ (Intel Corporation) C:\windows\system32\Drivers\TeeDriverx64.sys
    2015-09-02 10:40 - 2013-04-25 16:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RtsPStorIcon.dll
    2015-09-02 10:39 - 2015-09-02 10:39 - 19247600 _____ (DELL INC.) C:\Users\Administrator\Desktop\Inspiron One 2330 A14.EXE
    2015-09-02 10:36 - 2015-09-02 10:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
    2015-09-02 10:36 - 2015-09-02 10:36 - 00417064 _____ () C:\Users\Administrator\Downloads\DellSystemDetectLauncher.exe
    2015-09-02 10:36 - 2015-09-02 10:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
    2015-09-02 10:36 - 2015-09-02 10:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
    2015-09-02 10:30 - 2015-09-02 10:30 - 06431728 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
    2015-09-01 18:19 - 2015-09-01 18:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
    2015-09-01 18:19 - 2015-09-01 18:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
    2015-09-01 18:12 - 2015-09-01 18:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
    2015-09-01 18:12 - 2015-09-01 18:12 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
    2015-08-31 06:54 - 2015-08-31 06:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\.technic
    2015-08-31 06:54 - 2015-08-31 06:54 - 04730416 _____ () C:\Users\Administrator\Desktop\TechnicLauncher.exe
    2015-08-30 14:30 - 2015-08-30 14:30 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
    2015-08-30 13:19 - 2015-09-06 08:38 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966268020-819485515-415158216-500
    2015-08-30 13:17 - 2015-08-30 13:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\java
    2015-08-30 13:16 - 2015-09-09 17:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\.minecraft
    2015-08-30 13:15 - 2015-08-30 13:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\BOINC
    2015-08-30 13:15 - 2015-08-30 13:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVAST Software
    2015-08-30 13:15 - 2015-08-30 13:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\Zemana
    2015-08-30 12:51 - 2015-09-09 09:13 - 00000000 ____D C:\Users\Administrator
    2015-08-30 12:51 - 2015-09-01 04:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
    2015-08-30 12:51 - 2015-08-30 12:51 - 00001440 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-08-30 12:51 - 2015-08-30 12:51 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2015-08-30 12:51 - 2015-08-30 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2015-08-30 12:51 - 2015-08-30 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
    2015-08-30 12:51 - 2015-08-13 17:15 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-30 12:51 - 2015-08-12 22:46 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-30 12:51 - 2015-03-12 10:15 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-08-30 12:51 - 2014-04-03 09:56 - 00000000 ____D C:\Users\Administrator\AppData\LocalGoogle
    2015-08-30 12:51 - 2014-02-21 21:37 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2015-08-30 12:51 - 2014-02-21 21:37 - 00000369 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2015-08-30 12:51 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-08-28 12:01 - 2015-08-28 14:17 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.009
    2015-08-28 09:49 - 2015-08-28 09:49 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.008\AppData\Roaming\Macromedia
    2015-08-28 09:49 - 2015-08-28 09:49 - 00000000 ____D C:\Program Files (x86)\Dell Update
    2015-08-28 09:42 - 2015-08-28 12:01 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.008
    2015-08-27 05:59 - 2015-08-27 05:59 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\1C0A5A4C.sys
    2015-08-26 03:35 - 2015-08-26 16:26 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.007
    2015-08-26 03:31 - 2015-08-26 03:31 - 00000000 ____D C:\ProgramData\Motive
    2015-08-25 04:00 - 2015-08-26 03:32 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.006
    2015-08-24 06:59 - 2015-08-25 04:00 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.005\AppData\Roaming\.minecraft
    2015-08-24 05:38 - 2015-08-25 04:00 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.005\AppData\Local\Google
    2015-08-24 05:38 - 2015-08-25 04:00 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.005
    2015-08-23 05:24 - 2015-08-23 05:24 - 00000000 __RHD C:\MSOCache
    2015-08-22 11:42 - 2015-08-22 14:34 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.004\AppData\Local\Packages
    2015-08-22 11:40 - 2015-08-22 14:34 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.004
    2015-08-20 14:32 - 2015-09-04 14:28 - 00012800 _____ C:\windows\PFRO.log
    2015-08-19 18:21 - 2015-09-09 14:56 - 00003704 _____ C:\windows\setupact.log
    2015-08-19 18:21 - 2015-08-19 18:21 - 00000000 _____ C:\windows\setuperr.log
    2015-08-19 08:36 - 2015-08-19 19:18 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.003\AppData\Roaming\.minecraft
    2015-08-19 04:40 - 2015-08-19 04:40 - 00320424 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
    2015-08-19 04:40 - 2015-08-19 04:40 - 00189864 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
    2015-08-19 04:40 - 2015-08-19 04:40 - 00189864 _____ (Oracle Corporation) C:\windows\system32\java.exe
    2015-08-19 04:40 - 2015-08-19 04:40 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
    2015-08-19 04:40 - 2015-08-19 04:40 - 00000000 ____D C:\Program Files\Java
    2015-08-19 04:39 - 2015-08-29 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-08-19 04:28 - 2015-08-19 19:18 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.003
    2015-08-19 04:18 - 2015-08-19 04:18 - 00378880 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2015-08-19 04:18 - 2015-08-19 04:18 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
    2015-08-19 04:18 - 2015-08-19 04:17 - 00115152 _____ (AVAST Software) C:\windows\system32\Drivers\ngvss.sys
    2015-08-19 04:17 - 2015-08-19 04:17 - 00454016 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
    2015-08-17 06:49 - 2015-08-28 09:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-08-16 06:28 - 2015-08-30 13:16 - 00000000 ____D C:\Program Files (x86)\LastPass
    2015-08-16 06:28 - 2015-08-16 06:28 - 00001192 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
    2015-08-16 06:28 - 2015-08-16 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
    2015-08-15 04:20 - 2015-08-15 17:51 - 00000000 ____D C:\Users\TEMP.GAVENDATRIBE.002
    2015-08-12 22:54 - 2015-07-30 07:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-08-12 22:54 - 2015-07-30 06:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-08-12 02:05 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2015-08-12 02:05 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2015-08-12 02:05 - 2015-07-16 12:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2015-08-12 02:05 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2015-08-12 02:05 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2015-08-12 02:05 - 2015-07-16 12:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2015-08-12 02:05 - 2015-07-16 11:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
    2015-08-12 02:04 - 2015-07-29 07:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
    2015-08-12 02:04 - 2015-07-29 07:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
    2015-08-12 02:04 - 2015-07-29 07:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
    2015-08-12 02:04 - 2015-07-28 16:24 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
    2015-08-12 02:04 - 2015-07-28 07:24 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2015-08-12 02:04 - 2015-07-28 07:24 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2015-08-12 02:04 - 2015-07-28 07:24 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2015-08-12 02:04 - 2015-07-28 07:24 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2015-08-12 02:04 - 2015-07-28 07:24 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2015-08-12 02:04 - 2015-07-28 07:24 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2015-08-12 02:04 - 2015-07-15 17:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
    2015-08-12 02:04 - 2015-07-15 17:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
    2015-08-12 02:04 - 2015-07-15 17:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
    2015-08-12 02:04 - 2015-07-15 17:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
    2015-08-12 02:04 - 2015-07-14 14:59 - 01113944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
    2015-08-12 02:04 - 2015-07-14 14:59 - 00487256 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
    2015-08-12 02:04 - 2015-07-14 14:59 - 00393560 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
    2015-08-12 02:04 - 2015-07-13 12:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
    2015-08-12 02:04 - 2015-07-13 12:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
    2015-08-12 02:04 - 2015-07-10 11:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
    2015-08-12 02:04 - 2015-07-10 10:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
    2015-08-12 02:04 - 2015-07-10 10:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
    2015-08-12 02:04 - 2015-07-10 10:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
    2015-08-12 02:04 - 2015-07-10 09:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
    2015-08-12 02:04 - 2015-07-09 10:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
    2015-08-12 02:04 - 2015-07-09 10:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe
    2015-08-12 02:04 - 2015-07-09 09:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
    2015-08-12 02:04 - 2015-07-07 02:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
    2015-08-12 02:04 - 2015-07-07 02:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
    2015-08-12 02:04 - 2015-07-07 02:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
    2015-08-12 02:04 - 2015-07-01 15:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
    2015-08-12 02:04 - 2015-07-01 15:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
    2015-08-12 02:04 - 2015-07-01 14:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
    2015-08-12 02:04 - 2015-07-01 14:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
    2015-08-12 02:04 - 2015-06-12 10:03 - 18823680 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
    2015-08-12 02:04 - 2015-06-12 09:36 - 15159296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
    2015-08-12 02:04 - 2015-06-11 13:12 - 02476376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2015-08-12 02:04 - 2015-06-11 13:12 - 00428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
    2015-08-12 02:04 - 2015-05-11 17:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-09 17:43 - 2013-01-04 23:49 - 00000000 ____D C:\ProgramData\BOINC
    2015-09-09 17:40 - 2015-03-13 05:00 - 01864261 _____ C:\windows\WindowsUpdate.log
    2015-09-09 17:00 - 2013-08-22 08:36 - 00000000 ____D C:\windows\system32\sru
    2015-09-09 16:56 - 2014-12-02 08:47 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-09-09 15:39 - 2013-05-03 11:13 - 00000932 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-09 15:34 - 2013-05-03 11:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-09-09 15:05 - 2013-05-22 22:12 - 00000000 ____D C:\ProgramData\softthinks
    2015-09-09 15:04 - 2012-12-19 15:56 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
    2015-09-09 14:57 - 2014-01-06 15:45 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
    2015-09-09 14:57 - 2013-05-03 11:13 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-09 14:56 - 2013-08-22 07:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2015-09-09 09:20 - 2015-06-02 06:51 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
    2015-09-09 09:16 - 2015-05-31 07:09 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2015-09-09 09:15 - 2013-11-14 00:28 - 00005662 _____ C:\windows\system32\PerfStringBackup.INI
    2015-09-09 07:36 - 2013-08-22 08:36 - 00000000 ____D C:\windows\rescache
    2015-09-09 06:31 - 2013-08-22 07:44 - 00511648 _____ C:\windows\system32\FNTCACHE.DAT
    2015-09-09 06:28 - 2013-11-14 00:17 - 00000000 ____D C:\Program Files\Windows Journal
    2015-09-09 06:28 - 2013-08-22 08:36 - 00000000 ____D C:\windows\PolicyDefinitions
    2015-09-09 06:26 - 2014-08-08 07:51 - 00000000 ____D C:\windows\Minidump
    2015-09-09 06:24 - 2012-12-19 16:55 - 00258396 ____N C:\windows\Minidump\090915-116390-01.dmp
    2015-09-09 06:02 - 2012-07-26 00:59 - 00000000 ____D C:\windows\CbsTemp
    2015-09-09 06:00 - 2013-08-14 06:12 - 00000000 ____D C:\windows\system32\MRT
    2015-09-08 14:16 - 2015-06-03 17:05 - 00000000 ____D C:\Program Files (x86)\Minecraft
    2015-09-07 10:18 - 2012-12-19 16:05 - 00005852 _____ C:\windows\SysWOW64\PerfStringBackup.INI
    2015-09-05 19:40 - 2013-08-22 08:36 - 00000000 ____D C:\windows\AppReadiness
    2015-09-05 09:28 - 2013-08-22 06:25 - 00524288 ___SH C:\windows\system32\config\BBI
    2015-09-03 14:40 - 2015-06-02 07:09 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-09-02 10:44 - 2013-01-28 12:38 - 00031152 _____ C:\windows\system32\Drivers\pmxdrv.sys
    2015-09-02 10:43 - 2012-12-19 15:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2015-09-02 10:43 - 2012-12-19 15:45 - 00000000 ____D C:\ProgramData\Intel
    2015-09-02 10:43 - 2012-12-19 15:45 - 00000000 ____D C:\Program Files\Intel
    2015-09-02 10:40 - 2015-06-11 15:49 - 00000000 ____D C:\Program Files (x86)\Realtek
    2015-09-02 10:40 - 2012-12-19 15:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-08-30 12:52 - 2013-01-03 19:29 - 00000000 ____D C:\windows\System32\Tasks\WPD
    2015-08-29 22:34 - 2013-05-03 11:13 - 00003904 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-08-29 22:34 - 2013-05-03 11:13 - 00003668 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-08-29 21:41 - 2013-01-03 19:34 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966268020-819485515-415158216-1001
    2015-08-29 21:29 - 2015-06-13 17:21 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
    2015-08-29 21:29 - 2014-10-07 06:25 - 00000000 ____D C:\ProgramData\Skype
    2015-08-28 09:49 - 2013-05-21 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2015-08-27 15:08 - 2013-12-06 08:32 - 00023121 _____ C:\Users\hkcon\Documents\Hilary's Resume.odt
    2015-08-26 18:37 - 2013-01-05 01:12 - 134753440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-08-26 03:30 - 2015-05-31 08:07 - 00000000 ____D C:\Program Files (x86)\ATT
    2015-08-22 11:57 - 2013-01-30 17:41 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2015-08-22 11:54 - 2013-08-05 14:54 - 00000000 ____D C:\DFWin
    2015-08-20 05:41 - 2013-08-22 08:36 - 00000000 ____D C:\windows\Registration
    2015-08-19 04:39 - 2014-10-07 06:26 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-08-19 04:31 - 2014-12-17 10:07 - 00000000 ____D C:\windows\SysWOW64\vbox
    2015-08-19 04:31 - 2014-12-17 10:07 - 00000000 ____D C:\windows\system32\vbox
    2015-08-19 04:20 - 2015-05-28 12:11 - 00001940 _____ C:\Users\Public\Desktop\Avast Premier.lnk
    2015-08-19 04:20 - 2014-12-15 21:05 - 00002000 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
    2015-08-19 04:18 - 2014-04-25 10:04 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
    2015-08-19 04:18 - 2014-01-06 15:45 - 01048344 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
    2015-08-19 04:18 - 2014-01-06 15:45 - 00447944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
    2015-08-19 04:18 - 2014-01-06 15:45 - 00274808 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
    2015-08-19 04:18 - 2014-01-06 15:45 - 00150672 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2015-08-19 04:18 - 2014-01-06 15:45 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2015-08-19 04:18 - 2014-01-06 15:45 - 00090968 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
    2015-08-19 04:18 - 2014-01-06 15:45 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
    2015-08-19 04:17 - 2014-01-06 15:45 - 00028144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
    2015-08-17 20:54 - 2013-05-03 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-08-14 08:34 - 2013-05-03 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-08-13 17:24 - 2013-08-22 08:36 - 00000000 ____D C:\windows\system32\NDF
    2015-08-13 17:15 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-13 17:15 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-08-13 17:15 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
    2015-08-13 17:15 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2015-08-12 22:53 - 2015-08-02 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-08-12 22:53 - 2015-08-02 08:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-08-12 22:53 - 2015-08-02 08:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-08-12 22:47 - 2014-12-10 12:09 - 00000000 ____D C:\windows\system32\appraiser
    2015-08-12 22:47 - 2014-07-13 13:04 - 00000000 ___SD C:\windows\system32\CompatTel
    2015-08-12 22:46 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-12 22:46 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-11 11:34 - 2013-05-03 11:13 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

    ==================== Files in the root of some directories =======

    2015-08-16 06:28 - 2015-08-16 06:28 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2012-12-19 15:53 - 2012-12-19 15:53 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2012-12-19 15:50 - 2012-12-19 15:51 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2012-12-19 15:51 - 2012-12-19 15:52 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2012-12-19 15:50 - 2012-12-19 15:50 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2012-12-19 15:52 - 2012-12-19 15:53 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

    Some files in TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
    C:\Users\hkcon\AppData\Local\Temp\i4jdel0.exe
    C:\Users\hkcon\AppData\Local\Temp\rscp_setup.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-09-09 15:16

    ==================== End of FRST.txt ============================

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
    Ran by Administrator (2015-09-09 17:47:04)
    Running from C:\Users\Administrator\Downloads
    Windows 8.1 (X64) (2014-04-03 17:11:48)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2966268020-819485515-415158216-500 - Administrator - Enabled) => C:\Users\Administrator
    boinc_master (S-1-5-21-2966268020-819485515-415158216-1004 - Limited - Enabled) => C:\Users\boinc_master
    boinc_project (S-1-5-21-2966268020-819485515-415158216-1005 - Limited - Enabled)
    Guest (S-1-5-21-2966268020-819485515-415158216-501 - Limited - Disabled)
    hkcon (S-1-5-21-2966268020-819485515-415158216-1001 - Administrator - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
    Avast Premier (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
    Bandicam (HKLM-x32\...\Bandicam) (Version: 2.2.2.790 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    BOINC (HKLM\...\{E36EE9B2-E411-4919-81E3-4C4862A9514D}) (Version: 7.4.42 - Space Sciences Laboratory, U.C. Berkeley)
    CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DebtFree(tm) for Windows Personal 5.1b (HKLM-x32\...\DebtFree(tm) for Windows Personal 5.1b) (Version: - )
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
    Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
    Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
    Dell System Detect (HKU\S-1-5-21-2966268020-819485515-415158216-500\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell)
    Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    DELLOSD (HKLM-x32\...\{B0F29C6D-C7A9-40AC-9658-921961818E2B}) (Version: 1.0.0.15 - DELL)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
    Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
    Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
    LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
    Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    ManyCam 4.1.2 (HKLM-x32\...\ManyCam) (Version: 4.1.2 - Visicom Media Inc.)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
    Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
    PocketCloud Windows Companion (HKLM-x32\...\{EC67E1FF-4433-4096-A091-CF2828434493}) (Version: 2.5.11 - Wyse Technology)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.28144 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
    Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.0.7.0 - Reason Software Company Inc.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
    Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
    SpywareBlaster 4.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.6.0 - Javacool Software LLC)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Checkup 3.4 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.0.47 - iolo technologies, LLC)
    Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
    WiFi Channel Scanner (HKLM-x32\...\{276ABF19-EB0A-49DA-9C17-72A99384596C}_is1) (Version: - wifichannelscanner.com)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
    XSplit Broadcaster (HKLM-x32\...\{445A2537-287D-4F71-8DFB-96A0F01CEDE1}) (Version: 2.4.1506.2436 - SplitmediaLabs)
    Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.16.633 - Zemana Ltd.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    09-09-2015 11:48:00 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2014-12-22 22:07 - 2015-09-09 14:56 - 00001923 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com

    There are 5 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0772615E-234E-494F-9A8B-903EFC57D213} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
    Task: {09BF0826-89D7-46F1-BDCA-F24AD959BD06} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
    Task: {10D8FC49-4082-4C45-8A94-B4B69E49E481} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
    Task: {1AAE56AF-DD61-4258-9B9E-83209C6F137D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-19] (AVAST Software)
    Task: {20BA4211-600A-4A1C-AC49-F96029F503F0} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-05-17] (Reason Software Company Inc.)
    Task: {5B2D5BB6-5D72-4F92-B00D-4E8DD849C558} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {5F33CC25-3611-4961-9007-AC6F0649B12C} - System32\Tasks\{8564E210-71CC-43DC-8F45-F921C8D5EE77} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0
    Task: {69A10DAB-937E-4FC8-BF07-B9428136D2B9} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-05-17] (Reason Software Company Inc.)
    Task: {7E5EF2CA-791B-4626-B8F8-15D78869CACF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
    Task: {A09A96D4-14C5-4B01-B4BC-D00F7EEA28FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {B6DB75EB-07B6-4E94-90CB-F710863B129E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
    Task: {BA64DCD7-CEB5-4539-A8F0-6F871AEB78F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
    Task: {BD47F0F9-FD4C-4FB3-A47C-3580D06AF62F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
    Task: {C58A7F9E-FBEC-4273-A824-7FBDAC07B935} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
    Task: {C6C0130B-4106-4BCC-887A-835B9624A24B} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    Task: {C9105EC4-2BC1-4494-BEC0-A1D6A7F7DFE0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {F4AAF44F-342F-4B23-BD6D-ECD1D3DFBE38} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
    Task: {F88CEFC8-838B-4E43-A9EB-0CF29D4C6F9D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-03-21 11:13 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-05-31 07:09 - 2015-07-14 18:21 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
    2014-03-19 10:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2012-12-19 15:46 - 2012-08-01 11:03 - 00073728 _____ () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
    2012-12-19 15:52 - 2012-04-24 19:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2015-05-31 05:54 - 2015-08-11 10:22 - 00163576 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
    2015-05-31 05:54 - 2015-08-11 10:22 - 00401144 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
    2013-10-15 13:31 - 2013-10-15 13:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
    2012-10-24 12:18 - 2012-10-24 12:18 - 00188928 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
    2012-10-24 12:21 - 2012-10-24 12:21 - 00071680 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
    2012-10-24 12:21 - 2012-10-24 12:21 - 02216448 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\AetherCommLib.dll
    2012-10-24 12:21 - 2012-10-24 12:21 - 00078336 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
    2014-10-15 10:11 - 2014-10-15 10:11 - 00494080 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_cep2_7.00_windows_intelx86
    2015-04-25 12:20 - 2015-04-25 12:20 - 00843776 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_ugm1_7.28_windows_x86_64
    2014-09-17 14:03 - 2014-09-17 14:03 - 01615872 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.35_windows_x86_64
    2014-10-15 10:11 - 2014-10-15 10:11 - 63270912 _____ () C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_cep2_qchem_prod_win32.exe.7.00
    2014-09-18 11:37 - 2014-07-02 19:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    2015-08-19 04:18 - 2015-08-19 04:18 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-08-19 04:18 - 2015-08-19 04:18 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-09-09 06:27 - 2015-09-09 06:27 - 02962432 _____ () C:\Program Files\AVAST Software\Avast\defs\15090900\algo.dll
    2015-09-09 14:58 - 2015-09-09 14:58 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15090901\algo.dll
    2015-05-28 12:10 - 2015-05-28 12:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-09-02 10:42 - 2013-08-09 02:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-09-18 11:37 - 2014-07-30 15:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2013-02-21 19:04 - 2012-11-25 21:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2014-09-18 11:37 - 2012-11-25 21:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
    2015-09-04 05:30 - 2015-09-04 05:30 - 01020928 _____ () C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\szysrig5.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\hkcon\OneDrive:ms-properties
    AlternateDataStreams: C:\Users\hkcon\Documents\lawsuit 2.tiff:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\hkcon\Documents\lawsuit 2.tiff.tiff:3or4kl4x13tuuug3Byamue2s4b

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2966268020-819485515-415158216-500\...\dell.com -> dell.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2966268020-819485515-415158216-500\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 68.105.28.12 - 68.105.29.12
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "RTHDVCPL"
    HKLM\...\StartupApproved\Run: => "RtHDVBg"
    HKLM\...\StartupApproved\Run: => "PocketCloud Location"
    HKLM\...\StartupApproved\Run: => "BtTray"
    HKLM\...\StartupApproved\Run32: => "IAStorIcon"
    HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
    HKLM\...\StartupApproved\Run32: => "PureLeads Tray"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D5717FE9-60FB-4813-8744-CD0094DE4447}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
    FirewallRules: [{BFD99338-D3AF-4549-8409-63873CDDFEC9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3253C1E9-9030-4E12-B306-E481329104BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{230133E3-5566-46C2-B4C4-1589EFEACE03}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{1879897E-1C04-43AA-9890-4ADE9762B593}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [TCP Query User{E893D0B2-34BA-408E-9625-1CA3E2E9A79F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{9CAE0330-2549-4381-A710-472F00B1FA0E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{D101B8BA-9C86-4F2A-AC4E-D4A35DF0A0E9}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
    FirewallRules: [UDP Query User{2A194C3F-11A1-4DEE-B250-8C79130CCAD8}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
    FirewallRules: [TCP Query User{7DBBEEB9-53B0-4D69-96FF-2C6942915137}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{EE328813-BCA3-4EF9-9ECE-B7BF419E7CC8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [TCP Query User{C53E6EF1-E721-4753-90CF-3D5CC7C0C49C}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{081DFA45-9E39-43B7-929E-C2ED0D146E0A}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
    FirewallRules: [TCP Query User{B7411001-9D02-4367-AA5C-B37DBAE1BC89}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{9CA1D2E1-B7BB-4963-8203-F6FE6E4AF331}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [{63564296-77D9-4405-AC58-BAC4F4F2A33E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{2ACEE645-4299-494A-A876-02BF3B982D7F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{CBC3AAF5-3A5F-45C5-A619-35119154DFBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth Audio Device
    Description: Bluetooth Audio Device
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Qualcomm Atheros Communications
    Service: BTATH_A2DP
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: Virtual Bluetooth Support (Include Audio)
    Description: Virtual Bluetooth Support (Include Audio)
    Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
    Manufacturer: Qualcomm Atheros Communications
    Service: AthBTPort
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Bluetooth LWFLT Device
    Description: Bluetooth LWFLT Device
    Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
    Manufacturer: Qualcomm Atheros Communications
    Service: BTATH_LWFLT
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: ManyCam Virtual Webcam
    Description: ManyCam Virtual Webcam
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Visicom Media Inc.
    Service: ManyCam
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

    Name: ManyCam Virtual Microphone
    Description: ManyCam Virtual Microphone
    Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Manufacturer: Visicom Media Inc.
    Service: mcaudrv_simple
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/09/2015 11:48:00 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2966268020-819485515-415158216-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {e673821f-b92b-4720-a721-4786d8d1e204}

    Error: (09/09/2015 09:15:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (09/09/2015 09:15:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (09/09/2015 08:42:52 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2966268020-819485515-415158216-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {3590f3d1-1627-4cc5-bae6-76ed662c5a3e}

    Error: (09/09/2015 07:34:03 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2966268020-819485515-415158216-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {94963941-63cc-4f47-b167-d3c50974a08c}

    Error: (09/09/2015 07:12:40 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000008
    Fault offset: 0x058d311a
    Faulting process id: 0x1b44
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3
    Faulting package full name: chrome.exe4
    Faulting package-relative application ID: chrome.exe5

    Error: (09/09/2015 07:08:36 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000008
    Fault offset: 0x058d311a
    Faulting process id: 0x1504
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3
    Faulting package full name: chrome.exe4
    Faulting package-relative application ID: chrome.exe5

    Error: (09/09/2015 05:39:04 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rsEngineSvc.exe, version: 1.0.7.0, time stamp: 0x55593271
    Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68e0c
    Exception code: 0xc0000374
    Fault offset: 0x00000000000f1280
    Faulting process id: 0xbfc
    Faulting application start time: 0xrsEngineSvc.exe0
    Faulting application path: rsEngineSvc.exe1
    Faulting module path: rsEngineSvc.exe2
    Report Id: rsEngineSvc.exe3
    Faulting package full name: rsEngineSvc.exe4
    Faulting package-relative application ID: rsEngineSvc.exe5

    Error: (09/09/2015 02:09:33 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073422302

    Error: (09/09/2015 02:07:50 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2966268020-819485515-415158216-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {c046317a-b0d9-4e3b-8f11-ef76e06d7149}


    System errors:
    =============
    Error: (09/09/2015 02:55:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Wyse PocketCloud service failed to start due to the following error:
    %%3

    Error: (09/09/2015 02:54:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (09/09/2015 02:54:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

    Error: (09/09/2015 02:54:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (09/09/2015 02:54:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Wyse PocketCloud service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (09/09/2015 02:54:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The WMI Performance Adapter service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (09/09/2015 02:54:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (09/09/2015 02:54:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (09/09/2015 02:54:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Data Vault service terminated unexpectedly. It has done this 1 time(s).

    Error: (09/09/2015 02:54:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Customer Connect service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office:
    =========================
    Error: (09/09/2015 11:48:00 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: ConvertStringSidToSid(S-1-5-21-2966268020-819485515-415158216-1001.bak)0x80070539, The security ID structure is invalid.


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {e673821f-b92b-4720-a721-4786d8d1e204}

    Error: (09/09/2015 09:15:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F2030000E5050000

    Error: (09/09/2015 09:15:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: Performance163707000000000000000000008F020000

    Error: (09/09/2015 08:42:52 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: ConvertStringSidToSid(S-1-5-21-2966268020-819485515-415158216-1001.bak)0x80070539, The security ID structure is invalid.


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {3590f3d1-1627-4cc5-bae6-76ed662c5a3e}

    Error: (09/09/2015 07:34:03 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: ConvertStringSidToSid(S-1-5-21-2966268020-819485515-415158216-1001.bak)0x80070539, The security ID structure is invalid.


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {94963941-63cc-4f47-b167-d3c50974a08c}

    Error: (09/09/2015 07:12:40 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: chrome.exe45.0.2454.8555df881bunknown0.0.0.000000000c0000008058d311a1b4401d0eb097725ce64C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknownd40b9acb-56fc-11e5-bfcf-9c2a7038484c

    Error: (09/09/2015 07:08:36 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: chrome.exe45.0.2454.8555df881bunknown0.0.0.000000000c0000008058d311a150401d0eb08ee8f7748C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown42635a6c-56fc-11e5-bfcf-9c2a7038484c

    Error: (09/09/2015 05:39:04 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: rsEngineSvc.exe1.0.7.055593271ntdll.dll6.3.9600.1793655a68e0cc000037400000000000f1280bfc01d0eab895309126C:\Program Files\Reason\Security\rsEngineSvc.exeC:\windows\SYSTEM32\ntdll.dllc0e13c02-56ef-11e5-bfcd-9c2a7038484c

    Error: (09/09/2015 02:09:33 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073422302

    Error: (09/09/2015 02:07:50 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: ConvertStringSidToSid(S-1-5-21-2966268020-819485515-415158216-1001.bak)0x80070539, The security ID structure is invalid.


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {c046317a-b0d9-4e3b-8f11-ef76e06d7149}


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3770S CPU @ 3.10GHz
    Percentage of memory in use: 25%
    Total physical RAM: 8097.2 MB
    Available physical RAM: 6041.4 MB
    Total Virtual: 10145.2 MB
    Available Virtual: 5620.58 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:917.28 GB) (Free:836.45 GB) NTFS
    Drive x: () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
    Drive y: (PBR Image) (Fixed) (Total:12.65 GB) (Free:0.23 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: C398CD34)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     

    Attached Files:

    Last edited by a moderator: Sep 11, 2015
  5. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    Rogue Killer
    Registry


    Detection
    Name Path Key/Value Data Status
    PUM.HomePage IE Settings (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main Start Page http://dell13.msn.com Not selected
    PUM.HomePage IE Settings (X64) HKEY_USERS\S-1-5-21-2966268020-819485515-415158216-500\Software\Microsoft\Internet Explorer\Main Start Page http://dell13.msn.com Not selected
    PUM.HomePage IE Settings (X86) HKEY_USERS\S-1-5-21-2966268020-819485515-415158216-500\Software\Microsoft\Internet Explorer\Main Start Page http://dell13.msn.com Not selected
    PUM.HomePage IE Settings (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://dell13.msn.com Not selected
    PUM.HomePage IE Settings (X64) HKEY_USERS\S-1-5-21-2966268020-819485515-415158216-500\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://dell13.msn.com Not selected
    PUM.HomePage IE Settings (X86) HKEY_USERS\S-1-5-21-2966268020-819485515-415158216-500\Software\Microsoft\Internet Explorer\Main Default_Page_URL http://dell13.msn.com Not selected
    PUM.Dns DNS (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters DhcpNameServer 68.105.28.12 68.105.29.12 68.105.28.11 ([-][UNITED STATES (US)][-]) Not selected
    PUM.Dns DNS (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters DhcpNameServer 68.105.28.12 68.105.29.12 68.105.28.11 ([-][UNITED STATES (US)][-]) Not selected
    PUM.Dns DNS (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{62D4712E-EF7E-42E9-AA1A-07AD46238ADE} DhcpNameServer 68.105.28.12 68.105.29.12 68.105.28.11 ([-][UNITED STATES (US)][-]) Not selected
    PUM.Dns DNS (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{62D4712E-EF7E-42E9-AA1A-07AD46238ADE} DhcpNameServer 68.105.28.12 68.105.29.12 68.105.28.11 ([-][UNITED STATES (US)][-]) Not selected
    Hosts File

    Detection
    Line Path Status

    127.0.0.1 localhost C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 media.opencandy.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.opencandy.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 tracking.opencandy.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 api.opencandy.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 installer.betterinstaller.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 installer.filebulldog.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 inno.bisrv.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 nsis.bisrv.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.file2desktop.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.goateastcach.us C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.guttastatdk.us C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.inskinmedia.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.insta.oibundles2.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.insta.playbryte.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.llogetfastcach.us C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.montiera.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.msdwnld.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.mypcbackup.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.ppdownload.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.riceateastcach.us C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.shyapotato.us C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.solimba.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.tuto4pc.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.appround.biz C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.bigspeedpro.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.bispd.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.bisrv.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.cdndp.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.download.sweetpacks.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.dpdownload.com C:\Windows\System32\drivers\etc\hosts

    0.0.0.0 cdn.visualbee.net C:\Windows\System32\drivers\etc\hosts

    PUM.HomePage FIREFX Config szysrig5.default user_pref("browser.startup.homepage", "http://search.myspeedtestxp.com?uid...homepage&implementation_id=Speedtest_xp_0.0.4"); Not selected

    +++++ PhysicalDrive0: WDC WD10EALX-759BA1 +++++
    --- User ---
    [MBR] 793a1b0977253cfe09504f2b7186dbd5
    [BSP] 024ee29fd29b3852b56dcdfa45fe18e9 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
    1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1032192 | Size: 40 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1114112 | Size: 128 MB
    3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1376256 | Size: 500 MB
    4 - Basic data partition | Offset (sectors): 2400256 | Size: 939297 MB
    5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1926080512 | Size: 450 MB
    6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1927002112 | Size: 12949 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  6. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Will have a look at this in the evening.
     
  7. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    I would seriously consider removing the programs below, for the most are useless.

    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
    Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
    Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
    Dell System Detect (HKU\S-1-5-21-2966268020-819485515-415158216-500\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell)
    Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
    System Checkup 3.4 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.0.47 - iolo technologies, LLC)

    Also disable these items from starting with Ccleaner.

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
    HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
    HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12303728 2015-07-13] (Zemana Ltd.)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2014-02-02] (Power Software Ltd)

    Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  8. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    ok I have done what you suggested...it is now starting in administrator...
     

    Attached Files:

  9. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Zoek.

    Disable your antivirus prior to this scan.
    Download Zoek
    Save the file to your desktop.
    Right click Zoek.exe and run as administrator. (Xp Users double click)
    Copy and paste the items below and paste them into Zoek.

    createsrpoint;
    emptyfolderscheck;delete
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns;b
    ResetHosts;
    iedefaults;
    shortcutfix;
    symlinksfix;
    autoclean;


    Now hit the run script button.
    The log will appear after a reboot, also you can find it on the C: drive.
    Post the log in your next reply.
     
  10. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    done the results are 650 pages and too big a file to upload...I am trying to make it into 6 different 100 page files but I cannot seem to save the 100 pages, whne I click on save as the save box comes up but everthing is a black box instead of the icons and it will not save to anywhere not desktop not docs. nowhere. I could copy and paste maybe????
     
  11. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
  12. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    So.... I am assuming all is well now? @Cristoff
     
  13. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    did the disable thing and now it automatically boots into the user acct w/admin access (?) but is still a temp acct with no password or website memory
     
  14. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    1. Download the portable version of Windows Repair (All In One) from here, Windows Repair (All In One). (Make sure you have your computer running in a clean boot state BEFORE running repairs. If you need assistance with performing a clean boot then follow the instructions here, How to perform a clean boot in Windows)



    2. Download the portable zipped folder to your desktop.



    3. Extract the contents of the zipped folder, and then right click on the Repair_Windows.exe file and select run as administrator.



    4. After the program opens, click on the Step 3 tab and click the Do It button to have the program run Check Disk on the file system.



    [​IMG]



    5. After the computer finishes running Check Disk, start the program again and proceed to Step 4.



    6. Click on the Step 4 tab and click on the Do It button to allow the program to run the System File Checker to find and fix any corrupt Windows files.



    [​IMG].



    7. After SFC finishes, proceed to the Step 5 tab.



    8. On the Step 5 tab go ahead and create a new system restore point before starting the repair by clicking on the Create button under the System Restore area.



    [​IMG].



    9. Once that is done click on the Start Repairs tab.



    10. On the Start Repairs tab click on the Start button and select Run when prompted.



    [​IMG]



    11. The Windows Repairs window will open. Now ensure that ONLY the checkboxes in the program are checked as indicated below:



    [​IMG]



    As far as what you can not see: Make sure and tick the boxes numbered.26, 27, 31,33









    12. Then when those checkboxes are selected, click on the checkbox that says Restart System when Finished.



    13. Now click on the Start button to start the repair process.



    14. The process could take some time so please be patient.



    15. After the repair process finishes, the computer will be rebooted.



    16. See if there is any difference after performing the above steps.





    Thanks to Evan Omo for the speech.
     
  15. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    Ok, so here is where I am at, it still boots up in the temp user mode but I can now switch users and be on my account where everything is good. I hit alt + f4 and I can switch from there, not terribly hard and I can live with that. I will call it solved if you will???!!!LOL
     
  16. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
  17. Cristoff

    Cristoff Active Member iHF Regular WCG Team Member

    Joined:
    Jun 5, 2014
    Messages:
    103
    Likes Received:
    40
    Trophy Points:
    38
    I meant to mention that whenever I reboot I get a scanning and repairing drive c on the Dell screen
     
Loading...

Share This Page