Solved Malware Probably Stealing Online Purchase Credentials

D

David Templeton

Posts: 35   +0
Hello,

I believe I have a strong case that I have a malware infection that has repeatedly successfully discovered my debit card information when I'm making purchases online through my web browser using last pass to fill in the fields. I was not using a secure VPN line or private browsing or a browser sandbox explicitly, but was using the latest Mozilla Firefox. Even before the first attack, I had regularly used the free Avast, MalwareBytes, and CCleaner. Also, I had never had problems when I was doing online purchases using Bank of America as my bank in the past with the same tools, but when I switched to a local credit union (obviously smaller with less captital and spending power to make their servers "tighter") the problems soon began.

They have performed multiple sessions of fraudulent debit card activity after reporting it (to bank) and cleaning with CCleaner, scanning deeply with Avast and Mal-wareBytes, still it happened again and again.

Thank you in advance so much for all your help!
 
FRST.txt (part 1):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by FoolForGod (administrator) on URIMANDTHUMMIM (31-07-2015 13:53:44)
Running from C:\Users\Well\Downloads
Loaded Profiles: FoolForGod (Available Profiles: FoolForGod)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Windows\System32\AESMSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\ModeShift\ModeShift.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-22] (cyberlink)
HKLM-x32\...\Run: [Logitech H760] => C:\Program Files (x86)\Logitech\H760\H760.exe [275800 2010-07-09] (Logitech)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-30] (AVAST Software)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-05-01] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6382144 2014-03-06] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [1294840 2013-11-07] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\Run: [Google Update] => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-13] (Google Inc.)
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-01-05]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-06-19]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-06-19]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Well\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech H760 Product Registration.lnk [2013-05-20]
ShortcutTarget: Logitech H760 Product Registration.lnk -> C:\Program Files (x86)\Logitech\H760\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Well\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-01-10]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Well\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2013-05-20]
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wikipedia.org/
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3671931335-1126879999-2394397564-1001 -> DefaultScope {F365336B-33BA-49D5-8E2A-5A7139EAF55C} URL =
SearchScopes: HKU\S-1-5-21-3671931335-1126879999-2394397564-1001 -> {F365336B-33BA-49D5-8E2A-5A7139EAF55C} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-30] (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-19] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-30] (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-19] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-19] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-19] (LastPass)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2015-07-02] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2015-07-02] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7570D282-AB4A-47DD-8838-12505FB358B5}: [NameServer] 75.75.75.75,75.75.76.76
Tcpip\..\Interfaces\{7570D282-AB4A-47DD-8838-12505FB358B5}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B1434F19-BBF6-4681-8B3B-BB0CE53F9714}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxp://www.weather.com/forecast/agricultur...ail.google.com/mail/&hl=en&service=mail&scc=1
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-19] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-19] (LastPass)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3671931335-1126879999-2394397564-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Well\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3671931335-1126879999-2394397564-1001: @talk.google.com/O1DPlugin -> C:\Users\Well\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3671931335-1126879999-2394397564-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Well\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3671931335-1126879999-2394397564-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Well\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Well\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Well\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Xmarks - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\foxmarks@kei.com [2015-05-29]
FF Extension: LastPass - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\support@lastpass.com [2015-07-19]
FF Extension: IE Tab - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2015-05-29]
FF Extension: Ghostery - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\firefox@ghostery.com.xpi [2014-01-14]
FF Extension: Lightbeam - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-06-16]
FF Extension: DuckDuckGo Plus - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2015-06-16]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-05-24]
FF Extension: NoScript - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-16]
FF Extension: Adblock Plus - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-17]
FF Extension: BetterPrivacy - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-05-20]
FF Extension: Tab Mix Plus - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-10-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-20]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-05]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMFilters; C:\Windows\system32\AESMSr64.exe [103112 2015-04-21] (Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-21] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-22] (CyberLink)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3025248 2015-07-07] (Samsung Electronics CO., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-05-01] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-05-01] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-30] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-02] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [33488 2013-09-06] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3351520 2014-07-02] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-30] (AVAST Software)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-11-01] (Windows (R) 2003 DDK 3790 provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-01-08] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\drivers\tib_mounter.sys [248648 2015-07-19] (Acronis International GmbH)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-21] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 SBIOSIO; \??\C:\Users\Well\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FRST.txt (part 2):


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 13:53 - 2015-07-31 13:53 - 02168832 _____ (Farbar) C:\Users\Well\Downloads\FRST64.exe
2015-07-31 13:53 - 2015-07-31 13:53 - 00029911 _____ C:\Users\Well\Downloads\FRST.txt
2015-07-31 13:53 - 2015-07-31 13:53 - 00000000 ____D C:\FRST
2015-07-30 18:43 - 2015-07-31 13:42 - 00000698 _____ C:\WINDOWS\PFRO.log
2015-07-30 18:43 - 2015-07-31 13:42 - 00000154 _____ C:\WINDOWS\setupact.log
2015-07-30 18:43 - 2015-07-30 18:43 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-30 17:40 - 2015-07-30 17:41 - 00014236 _____ C:\Users\Well\Documents\cc_20150730_174056.reg
2015-07-30 17:39 - 2015-07-30 17:40 - 06609608 _____ (Piriform Ltd) C:\Users\Well\Downloads\ccsetup508.exe
2015-07-30 17:31 - 2015-07-30 17:31 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-07-30 17:31 - 2015-07-30 17:31 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-30 16:49 - 2015-07-30 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-07-30 16:41 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-30 16:41 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-30 16:41 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-07-30 16:41 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-07-30 16:41 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-07-30 16:41 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-07-30 16:41 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-07-30 16:41 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-07-30 16:41 - 2015-06-09 18:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-07-30 16:41 - 2015-06-09 18:39 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-07-30 16:41 - 2015-06-09 18:38 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-30 16:41 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-27 21:01 - 2015-07-27 21:01 - 10191296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 08979792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 08864960 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 08007856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 07482080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 01213224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00471352 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00151968 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00143088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00130104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00117640 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00112400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00110352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 47794200 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 39723544 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 30760984 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 27544600 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 25308696 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 22327312 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 21633560 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-07-27 20:58 - 2015-07-27 20:58 - 15725592 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 14310936 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 01196072 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 01070632 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 01004072 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00935448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00935448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00874520 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00807456 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00673816 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-07-27 20:58 - 2015-07-27 20:58 - 00451096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00375832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00243736 _____ C:\WINDOWS\system32\clinfo.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00213528 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00199704 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00198672 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00168984 _____ C:\WINDOWS\system32\atieah64.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00165400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00152600 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00150552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00143384 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00132120 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00111640 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00111128 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00097816 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00089624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00083992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00078360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00078360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00073752 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00071192 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00068120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00064536 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00060952 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00059928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00059416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00057880 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00052248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00048152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00038424 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-07-26 17:44 - 2015-07-26 17:44 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-07-26 17:44 - 2015-07-26 17:44 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-07-26 17:44 - 2015-07-26 17:44 - 00737410 _____ C:\WINDOWS\system32\atiicdxx.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00322868 _____ C:\WINDOWS\system32\ativvaxy_vi.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00321200 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00255808 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00250884 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00249088 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00234420 _____ C:\WINDOWS\system32\ativvaxy_cik.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00232752 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00169152 _____ C:\WINDOWS\system32\ativce03.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00047664 _____ C:\WINDOWS\system32\kapp_ci.sbin
2015-07-26 17:44 - 2015-07-26 17:44 - 00043408 _____ C:\WINDOWS\system32\kapp_si.sbin
2015-07-26 17:43 - 2015-07-26 17:43 - 00833798 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-07-26 17:43 - 2015-07-26 17:43 - 00660912 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-07-26 17:43 - 2015-07-26 17:43 - 00660912 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-07-26 17:43 - 2015-07-26 17:43 - 00167456 _____ C:\WINDOWS\system32\amde31a.dat
2015-07-21 13:10 - 2015-07-30 17:31 - 00115152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2015-07-20 14:18 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 14:18 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 14:18 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 14:18 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-19 20:05 - 2015-07-19 20:05 - 00248648 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib_mounter.sys
2015-07-18 18:53 - 2015-07-18 18:53 - 00003434 _____ C:\WINDOWS\System32\Tasks\Settings
2015-07-18 18:52 - 2015-07-18 18:52 - 00002044 _____ C:\Users\Public\Desktop\Samsung Settings.lnk
2015-07-18 18:51 - 2015-07-18 18:51 - 00002998 _____ C:\WINDOWS\System32\Tasks\SUPatchForW10Up
2015-07-18 18:48 - 2015-07-18 18:51 - 00001910 _____ C:\Users\Public\Desktop\Samsung Update.lnk
2015-07-15 19:50 - 2015-07-15 19:50 - 00000000 ____D C:\Users\Well\AppData\Local\Windows Live
2015-07-15 13:48 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 13:48 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 13:48 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 13:48 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 13:48 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 13:48 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 13:48 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 13:48 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 13:48 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 13:48 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 13:48 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 13:48 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 13:48 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 11:40 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 11:40 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 11:40 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 11:40 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 11:40 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 11:40 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 11:40 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 11:40 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 11:40 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 11:40 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 11:40 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 11:40 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 11:40 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 11:40 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 11:40 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 11:40 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 11:40 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 11:40 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 11:40 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 11:40 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 11:40 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 11:40 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 11:40 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 11:40 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 11:40 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 11:40 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 11:40 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 11:40 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 11:40 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 11:40 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 11:40 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 11:40 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 11:40 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 11:40 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 11:40 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 11:40 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 11:40 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 11:40 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 11:40 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 11:40 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 11:40 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 11:40 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 11:40 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 11:40 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 11:40 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 11:40 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 11:40 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 11:40 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 11:40 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 11:40 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 11:40 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 11:40 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 11:40 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 11:40 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 11:40 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 11:40 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 11:40 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 11:40 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 11:40 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 11:40 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 11:40 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 11:40 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 11:40 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 11:40 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 11:40 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 11:40 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 11:40 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 11:40 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-09 22:15 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-09 22:15 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-09 22:15 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-09 22:15 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-09 22:15 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-09 22:15 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-09 22:15 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-09 22:15 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-09 22:15 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-09 22:15 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-08 14:37 - 2015-07-08 14:37 - 00010209 _____ C:\Users\Well\Downloads\Detailed Product Information.txt
2015-07-08 14:04 - 2015-07-08 14:04 - 00001725 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-08 14:04 - 2015-07-08 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-08 14:04 - 2015-07-08 14:04 - 00000000 ____D C:\Program Files\iTunes
2015-07-08 14:04 - 2015-07-08 14:04 - 00000000 ____D C:\Program Files\iPod
2015-07-08 14:04 - 2015-07-08 14:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-02 15:40 - 2015-07-02 15:40 - 00002165 _____ C:\Users\Well\Downloads\payment-history.csv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 13:49 - 2013-11-14 03:28 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-31 13:48 - 2014-09-13 17:17 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001UA.job
2015-07-31 13:48 - 2013-05-18 13:21 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3671931335-1126879999-2394397564-1001
2015-07-31 13:47 - 2015-06-01 11:39 - 01603469 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-31 13:47 - 2014-03-13 00:15 - 00003970 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BCAA8818-6C5F-415D-BBD2-9A7BB05224AA}
2015-07-31 13:43 - 2015-06-20 23:42 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-31 13:43 - 2014-03-03 15:03 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2015-07-31 13:42 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-30 21:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-30 18:43 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
2015-07-30 17:41 - 2014-07-01 13:44 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-30 17:40 - 2014-10-09 21:00 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-30 17:40 - 2013-05-23 23:00 - 00000000 ____D C:\Users\Well\AppData\Roaming\TeamViewer
2015-07-30 17:40 - 2013-05-20 12:45 - 00000796 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-30 17:40 - 2013-05-20 12:45 - 00000000 ____D C:\Program Files\CCleaner
2015-07-30 17:36 - 2014-07-01 13:43 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-30 17:36 - 2014-07-01 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-30 17:36 - 2014-07-01 13:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 17:31 - 2014-04-18 00:20 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-30 17:31 - 2013-12-28 03:37 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-30 17:31 - 2013-12-20 15:36 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-30 17:31 - 2013-11-08 19:08 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-07-30 17:31 - 2013-05-20 00:38 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-30 17:31 - 2013-05-20 00:37 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-30 17:31 - 2013-05-20 00:37 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-30 17:31 - 2013-05-20 00:37 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-30 17:31 - 2013-05-20 00:37 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-30 16:49 - 2014-01-24 18:55 - 00000000 ____D C:\AMD
2015-07-30 16:49 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-30 14:13 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-30 11:56 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-30 11:44 - 2015-06-20 23:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-07-27 21:01 - 2013-12-22 03:23 - 12062080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-07-27 21:01 - 2013-12-22 03:23 - 01467312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-07-27 21:01 - 2013-12-22 03:23 - 00162272 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-07-27 20:58 - 2015-05-18 16:04 - 00681496 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-07-27 20:58 - 2015-05-18 16:04 - 00255512 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-07-27 20:58 - 2014-11-20 22:09 - 01256472 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-07-27 15:08 - 2015-06-20 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-07-27 10:48 - 2014-09-13 17:17 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001Core.job
2015-07-26 19:30 - 2013-05-20 20:20 - 00000000 ____D C:\Users\Public\Documents\Dave Spiritual
2015-07-26 18:36 - 2015-04-15 11:34 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-26 15:45 - 2014-02-02 01:10 - 00000000 ____D C:\Users\Public\Documents\Dave Spiritual Other
2015-07-26 10:06 - 2013-05-21 09:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-26 09:59 - 2014-07-10 23:19 - 00000000 ____D C:\Users\Well\Documents\Physical
2015-07-22 21:11 - 2013-05-20 13:42 - 00000000 ____D C:\Users\Well\AppData\Roaming\vlc
2015-07-22 21:00 - 2015-06-20 14:56 - 00000000 ____D C:\Users\Well\AppData\Roaming\LastPass
2015-07-21 13:45 - 2014-11-03 17:28 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-07-21 13:45 - 2014-11-03 17:28 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-07-21 13:08 - 2013-08-22 10:44 - 00423528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-20 11:07 - 2015-04-18 12:29 - 00001067 _____ C:\Users\Well\Desktop\Notepad++.lnk
2015-07-18 19:16 - 2013-05-20 14:29 - 00004105 _____ C:\setup.log
2015-07-18 19:08 - 2014-01-26 17:02 - 00080457 _____ C:\Users\Well\Desktop\Confessing Order.xlsx
2015-07-18 19:08 - 2013-05-20 15:11 - 00000000 ____D C:\Users\Well\Documents\Samsung
2015-07-18 18:52 - 2012-09-25 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-07-18 18:52 - 2012-09-25 05:13 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-07-18 18:51 - 2012-09-25 05:28 - 00000000 ____D C:\ProgramData\SAMSUNG
2015-07-16 21:09 - 2014-09-30 00:15 - 00001975 _____ C:\Users\Well\Documents\Movies.txt
2015-07-16 10:43 - 2014-09-13 17:17 - 00003902 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001UA
2015-07-16 10:43 - 2014-09-13 17:17 - 00003522 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001Core
2015-07-15 19:04 - 2014-03-03 15:03 - 00000000 ____D C:\ProgramData\Western Digital
2015-07-15 19:04 - 2014-03-03 15:03 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2015-07-15 19:04 - 2014-03-03 15:03 - 00000000 ____D C:\Program Files (x86)\Western Digital
2015-07-15 19:04 - 2013-05-20 12:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-15 18:29 - 2015-05-09 16:04 - 00000000 ____D C:\Users\Well\AppData\Roaming\Apple Computer
2015-07-15 15:17 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-15 15:03 - 2015-06-26 16:03 - 00001726 _____ C:\WINDOWS\Sandboxie.ini
2015-07-15 13:53 - 2013-05-20 12:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 13:51 - 2013-08-15 09:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 13:48 - 2015-04-15 11:34 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-15 11:47 - 2014-12-10 18:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 11:46 - 2014-12-25 12:58 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 17:59 - 2014-06-27 13:09 - 00000000 ____D C:\Users\Well\AppData\Local\Adobe
2015-07-13 17:10 - 2013-08-22 11:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 17:10 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 13:31 - 2014-11-07 21:31 - 00015818 _____ C:\WINDOWS\BRRBCOM.INI
2015-07-09 22:16 - 2015-04-15 17:38 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-09 22:16 - 2015-03-10 23:00 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-09 21:27 - 2014-12-02 22:07 - 00000000 __SHD C:\Users\Well\AppData\Local\EmieBrowserModeList
2015-07-09 21:27 - 2014-06-14 13:38 - 00000000 __SHD C:\Users\Well\AppData\Local\EmieUserList
2015-07-09 21:27 - 2014-06-14 13:38 - 00000000 __SHD C:\Users\Well\AppData\Local\EmieSiteList
2015-07-09 21:18 - 2013-06-03 21:50 - 00000000 ____D C:\Users\Well\AppData\Roaming\CyberLink
2015-07-08 14:04 - 2015-05-09 16:03 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-08 14:04 - 2015-05-09 16:03 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-08 14:01 - 2013-06-01 08:26 - 00000000 ____D C:\ProgramData\Skype
2015-07-06 00:16 - 2013-05-21 15:26 - 00000000 ____D C:\Users\Public\Documents\Spiritual Tools
2015-07-05 19:27 - 2014-02-09 19:47 - 00002190 _____ C:\Users\Well\Desktop\Prob Solution Denial of Solution.txt
2015-07-04 14:37 - 2015-05-27 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-04 14:37 - 2015-05-27 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 08:43 - 2013-05-19 21:21 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-01 22:24 - 2013-05-20 13:31 - 00000000 ____D C:\Users\Well\Documents\e-Sword

==================== Files in the root of some directories =======

2014-11-07 21:47 - 2005-12-08 22:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
2015-06-19 14:53 - 2015-06-19 14:53 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-05-18 13:12 - 2013-05-19 22:11 - 0001508 _____ () C:\Users\Well\AppData\Roaming\AbsoluteReminder.xml
2013-09-06 23:27 - 2013-09-06 23:27 - 0001167 _____ () C:\Users\Well\AppData\Roaming\trace_FilterInstaller.txt
2013-09-06 23:27 - 2013-09-06 23:27 - 0000000 _____ () C:\Users\Well\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-08-30 10:07 - 2014-08-16 19:22 - 0005120 _____ () C:\Users\Well\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-13 22:31 - 2014-09-13 22:31 - 0007619 _____ () C:\Users\Well\AppData\Local\Resmon.ResmonCfg
2012-09-25 05:23 - 2012-09-25 05:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-09-25 05:47 - 2012-08-06 04:23 - 0000031 _____ () C:\ProgramData\ECReset_Partition.bat
2012-09-25 05:47 - 2012-08-06 05:34 - 1782152 _____ (Samsung Electronics) C:\ProgramData\ExpressCacheRun.exe
2013-05-20 13:09 - 2013-02-21 16:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-05-20 13:09 - 2013-01-12 23:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Files to move or delete:
====================
C:\ProgramData\ECReset_Partition.bat
C:\ProgramData\ExpressCacheRun.exe
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-30 18:54

==================== End of log ============================
 
Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by FoolForGod (2015-07-31 13:54:15)
Running from C:\Users\Well\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3671931335-1126879999-2394397564-500 - Administrator - Disabled)
FoolForGod (S-1-5-21-3671931335-1126879999-2394397564-1001 - Administrator - Enabled) => C:\Users\Well
Guest (S-1-5-21-3671931335-1126879999-2394397564-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version: - )
Agent Ransack x64 (HKLM\...\{58C0AC50-8FA1-4A95-AEC6-5B2727E5CC6A}) (Version: 7.0.820.1 - Mythicsoft Ltd)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AutoIt Debugger 0.47.0 (HKLM-x32\...\AutoIt Debugger) (Version: 0.47.0 - Essential Software)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.8.0.17 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.1.7 - Canon Inc.)
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.14 - Dolby Laboratories Inc)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
e-Sword Macros for Word 2010 (HKLM-x32\...\{42E7C0DA-0DC2-47FF-A3AF-AF011BC5F21E}) (Version: 10.04.0000 - Rick Meyers)
e-Sword Training Demos (HKLM-x32\...\{94AF494C-9CD7-4D20-B83C-C29D1384BBA6}) (Version: 9.00.0003 - Rick Meyers)
ETDWare X64 11.7.18.2_WHQL (HKLM\...\Elantech) (Version: 11.7.18.2 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
Expresso (HKLM-x32\...\{81A1B78B-69B5-4F71-950D-598FA62FCB73}) (Version: 3.0.4750 - Ultrapico) <==== ATTENTION
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{7288D4E1-8050-4B81-B9EC-F812D17AD693}) (Version: 16.1.1.0084 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LG USB Drivers (HKLM-x32\...\LG USB Drivers) (Version: - )
Logitech H760 (HKLM\...\{55EEEF58-7B7A-421A-8188-BD62D73E1E64}) (Version: 1.0.161 - Logitech)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
ModeShift (HKLM-x32\...\{FE9EE5AB-4A44-4FFE-9D2B-250816303352}) (Version: 1.0.0 - Samsung)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.55 - NTI Corporation) Hidden
Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Paltalk Messenger 11.6 (HKLM-x32\...\Paltalk Messenger) (Version: 11.6.604.17056 - AVM Software Inc.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: - NCH Software)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
RadioSure (HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\RadioSure) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28145 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.53 - Samsung Electronics CO., LTD.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.0.1 - Samsung Electronics)
Samsung Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Samsung Update (HKLM-x32\...\{00ABE05F-DB49-4421-AA35-833DD9A9A94D}) (Version: 2.2.12 - Samsung Electronics CO., LTD.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
SciTE4AutoIt3 14.801.2025.0 (HKLM-x32\...\SciTE4AutoIt3) (Version: 14.801.2025.0 - Jos van der Zande)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Support Center (HKLM\...\{711DE117-767F-48A8-9864-66C525B9539F}) (Version: 2.1.1223 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
True Image WD Edition (HKLM-x32\...\{85CB1512-2D4A-4469-AC21-6B111D169CEB}) (Version: 16.0.5962 - Acronis)
User Guide (HKLM-x32\...\{1AF4E383-CB84-4759-850E-FA584635905A}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoipStunt (HKLM-x32\...\VoipStunt_is1) (Version: 4.13 build 737 - Finarea S.A. Switzerland)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{B74717F4-9E4D-4FEF-B234-97EC2ADACFD8}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{E0223E66-5682-4F65-9F5D-A2AB7C593323}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{f8b1c3bb-688a-4421-a45e-a22dd15f22ee}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
XNote Stopwatch (HKLM-x32\...\XNote Stopwatch) (Version: 1.66 - dnSoft Research Group)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3671931335-1126879999-2394397564-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Well\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3671931335-1126879999-2394397564-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Well\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

30-07-2015 18:55:17 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2013-05-20 20:39 - 00002023 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 exitpop.paltalk.com
127.0.0.1 advertising.paltalk.com
127.0.0.1 yads.zedo.com
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 udmserve.net
127.0.0.1 19.142.13/s0.2mdn.net
127.0.0.1 download.myads.com
127.0.0.1 ec.atdmt.com
127.0.0.1 dspads.sitescout.netdna-cdn.com
127.0.0.1 imagen01.247realmedia.com
127.0.0.1 choices.truste.com
127.0.0.1 cadreon.com
127.0.0.1 mcdonalds.com
127.0.0.1 dspads.sitescout.netdna-cdn.com
127.0.0.1 clickserv2.sitescout.com
127.0.0.1 ads.lfstmedia.com
127.0.0.1 content.quantserve.com
127.0.0.1 cdn.invitemedia.net
127.0.0.1 ib.adnxs.com
127.0.0.1 s0.2mdn.net
127.0.0.1 tag.admeld.com
127.0.0.1 ads.adsonar.com
127.0.0.1 media.gevalia.com
127.0.0.1 speed.pointroll.com
127.0.0.1 ad.adorika.com
127.0.0.1 media.fastclick.net
127.0.0.1 ads.adbrite.com
127.0.0.1 adserving.cpxinteractive.com
127.0.0.1 ad.doubleclick.net

There are 9 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BAE8A1-B071-408E-8E41-BA8C5204E4ED} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {0C2E1900-25BF-4D46-BA99-63FA3D533B64} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-30] (AVAST Software)
Task: {148BB49E-9F05-4E96-892A-555B6121E94B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {16A10116-A55F-40DB-A8A2-A73000529293} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {190DDF05-5615-4485-90BB-FFDAC2466F35} - System32\Tasks\{CC3C42C5-A13A-4C00-8014-75F95CFE54D5} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {2377E46E-E4C4-4A77-A6BA-50CF6682E248} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {3DDD787D-788D-42E3-8053-CCDFE166BCBA} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-07-02] (Samsung Electronics CO., LTD.)
Task: {458A1C5E-8587-441E-84E8-312DF9EFBD8D} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-06-14] (Dolby Laboratories Inc.)
Task: {53F14695-2E20-4695-A285-AF65699AB444} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2015-06-19] (Samsung Electronics CO., LTD.)
Task: {5781272D-0187-4DC1-BA82-F74217D83264} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {82F43275-372D-4086-BF08-DFE396D580A2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001Core => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
Task: {9C0B667C-6A32-426E-826F-D5616847D58B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C0E70ABA-4ADC-4E31-B44E-996D75743A46} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001UA => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
Task: {CCB6F802-0A04-4A6F-AC19-61A4B9B65A40} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {D5596368-64A5-4034-A9CE-D15E44989D6A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {E85A4125-24F2-4A54-8142-F69F6CB2DD0A} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {F41D5CB8-0162-4F58-A627-DFCD3ED6982C} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-07-01] (Samsung Electronics CO., LTD.)
Task: {F448C3B2-A612-42AB-8C7B-58C46E2A9646} - System32\Tasks\ModeShift => C:\Program Files (x86)\Samsung\ModeShift\ModeShift.exe [2013-04-25] (Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001Core.job => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001UA.job => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-06 16:31 - 2013-04-15 12:50 - 00198144 _____ () C:\WINDOWS\System32\HP1006LM.DLL
2014-11-06 16:31 - 2013-04-15 12:50 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1006PP.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-11-07 21:54 - 2005-04-22 00:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2015-07-01 20:50 - 2015-07-01 20:50 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2015-07-30 17:31 - 2015-07-30 17:31 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-30 17:31 - 2015-07-30 17:31 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-30 17:00 - 2015-07-30 17:00 - 02959360 _____ () C:\Program Files\AVAST Software\Avast\defs\15073003\algo.dll
2015-07-31 13:43 - 2015-07-31 13:43 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15073101\algo.dll
2013-04-25 09:15 - 2013-04-25 09:15 - 00017920 _____ () C:\Program Files (x86)\Samsung\ModeShift\WSABI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 01272128 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-11-07 17:14 - 2013-11-07 17:14 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2015-07-17 15:10 - 2015-07-17 15:10 - 01020928 _____ () C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-03-05 11:50 - 2015-03-05 11:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-25 19:41 - 2013-09-16 13:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-06 01:10 - 2014-03-06 01:10 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Well\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Logitech H760"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "BackupNowEZtray"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "Logitech H760 Product Registration.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\Run: => "SandboxieControl"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{8D0908B4-C0A6-4216-8978-4A3444C7C1A4}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [TCP Query User{DF6F32E1-8F15-4D6E-9522-D7FD379AFB15}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [UDP Query User{EC593F76-03E6-482A-85E2-EC860800DE0D}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{BD1AB08A-09C9-4008-9EF1-2E0D8C4A07D8}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{A522B52F-365D-4915-9281-8FA014DB0390}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{7D861602-0693-43C9-8BEE-23549BF8B19B}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{4C4EDDB9-5AF7-465E-8D77-2B863AB93F01}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{29CD4B59-66DD-47E0-9C01-12D9ECB74531}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E3DC4304-CAAA-4BA5-BE7B-1B0DE616442A}] => (Allow) LPort=1900
FirewallRules: [{6C1B83AD-9D75-4EE8-B3B2-2EEA5B2008B1}] => (Allow) LPort=2869
FirewallRules: [{36617355-9767-40F4-80A0-343ED497E7B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E4810909-9E08-4944-9349-4317240BC0C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{55086C40-6C60-4776-B84F-E19C46A36596}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{3F68F9C3-4277-41AC-9F4C-8985DD7E7DF7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{AD8286FF-D204-49F8-A9B0-783AE96617C3}C:\users\well\appdata\local\radiosure\radiosure.exe] => (Block) C:\users\well\appdata\local\radiosure\radiosure.exe
FirewallRules: [UDP Query User{337E534C-1DEF-4846-90DD-F38A16A063EB}C:\users\well\appdata\local\radiosure\radiosure.exe] => (Block) C:\users\well\appdata\local\radiosure\radiosure.exe
FirewallRules: [TCP Query User{9002FAEA-9578-43BE-8733-D5B5785FE62C}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [UDP Query User{04444AAA-D272-4434-9B6F-CA0889B5F868}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [TCP Query User{1E35576B-E5A4-4490-875C-02DE274FFDC2}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [UDP Query User{ABC627F6-4A54-4F0C-88A7-9F63DBA39076}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [{6512B074-4292-45B6-A2D9-BDAF6E8AE997}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{F7863D64-C61D-407C-8D98-4B7E7A779696}] => (Allow) LPort=54925
FirewallRules: [{8F575D0E-709A-4926-B3C8-A8C6428D82DE}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{FE9013C6-5FBA-4F8A-A87F-7CBC207C9083}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{96B7ECE7-DA12-4CDB-8891-6A8A315BEC6A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DF1D136B-750A-4463-9C55-4D4E0F47CD9C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F2B4AF0-B7C5-4AE0-A88E-9B3D7140F349}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{370406F2-B574-4D25-A1FC-8C2101742102}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBF1A2EC-A278-4394-B9B5-541DD9EA1122}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F61D6865-8843-49C5-B487-5FA0F5E533E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E39BA6C-B680-432E-8604-BCFD593E03A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5142ABC5-9430-4C27-AC68-BDDD37BBD012}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{102087B8-370D-4F07-A951-F2FD1CD8F072}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E3BEEA0D-6C18-4754-B7B7-68BAD70EC00B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{911568F1-566B-4701-8A7D-032104B2EE1C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BC555189-D3E1-4EDD-BB85-0B3463D1EE5B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{552D6BFB-8115-497F-B832-90866C781A88}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F0BD1075-5161-497B-94A6-0AC4FA466B0F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8AF6EAC6-09E7-48CB-9C50-0029B3E61882}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2015 01:43:12 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (07/31/2015 01:43:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (07/30/2015 06:54:09 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/30/2015 06:54:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/30/2015 06:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x5583ba20
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000005
Fault offset: 0x0004212f
Faulting process id: 0x1664
Faulting application start time: 0xEasySettingsCmdServer.exe0
Faulting application path: EasySettingsCmdServer.exe1
Faulting module path: EasySettingsCmdServer.exe2
Report Id: EasySettingsCmdServer.exe3
Faulting package full name: EasySettingsCmdServer.exe4
Faulting package-relative application ID: EasySettingsCmdServer.exe5

Error: (07/30/2015 05:14:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/30/2015 05:14:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/30/2015 04:59:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x5583ba20
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000005
Fault offset: 0x000491af
Faulting process id: 0x1874
Faulting application start time: 0xEasySettingsCmdServer.exe0
Faulting application path: EasySettingsCmdServer.exe1
Faulting module path: EasySettingsCmdServer.exe2
Report Id: EasySettingsCmdServer.exe3
Faulting package full name: EasySettingsCmdServer.exe4
Faulting package-relative application ID: EasySettingsCmdServer.exe5

Error: (07/30/2015 04:53:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/30/2015 04:53:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)


System errors:
=============
Error: (07/30/2015 06:03:08 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.

The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x2000000000024. The name of the file is "<unable to determine file name>".

Error: (07/30/2015 05:38:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F319F1B8-7587-4146-AF9C-0D6D77819BF1}

Error: (07/30/2015 11:57:52 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/30/2015 11:57:22 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/30/2015 11:46:01 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Malwarebytes Anti-Exploit Service service hung on starting.

Error: (07/27/2015 04:45:54 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/27/2015 04:45:24 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/26/2015 10:54:10 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/26/2015 10:53:40 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/26/2015 10:34:46 AM) (Source: DCOM) (EventID: 10010) (User: UrimAndThummim)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office:
=========================
Error: (07/31/2015 01:43:12 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (07/31/2015 01:43:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (07/30/2015 06:54:09 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\The parameter is incorrect. (0x80070057)

Error: (07/30/2015 06:54:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (07/30/2015 06:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EasySettingsCmdServer.exe0.0.0.05583ba20ntdll.dll6.3.9600.17736550f42c2c00000050004212f166401d0cb1919b5e070C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exeC:\WINDOWS\SYSTEM32\ntdll.dll5ab5aea4-370c-11e5-82d8-50b7c37841b3

Error: (07/30/2015 05:14:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\The parameter is incorrect. (0x80070057)

Error: (07/30/2015 05:14:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (07/30/2015 04:59:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: EasySettingsCmdServer.exe0.0.0.05583ba20ntdll.dll6.3.9600.17736550f42c2c0000005000491af187401d0cb0aa5239612C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exeC:\WINDOWS\SYSTEM32\ntdll.dlle5de5346-36fd-11e5-82d6-50b7c37841b3

Error: (07/30/2015 04:53:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\The parameter is incorrect. (0x80070057)

Error: (07/30/2015 04:53:37 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)


CodeIntegrity:
===================================
Date: 2015-07-21 13:12:42.266
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:41.984
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:41.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:41.375
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:36.265
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:35.952
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:26.967
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:26.639
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:26.248
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:25.848
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 16342.2 MB
Available physical RAM: 12249.58 MB
Total Virtual: 32726.2 MB
Available Virtual: 28410.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.63 GB) (Free:102.7 GB) NTFS
Drive d: (2ndHDD) (Fixed) (Total:465.76 GB) (Free:391.3 GB) NTFS
Drive e: (PLAYDISC) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 267D4F5E)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 92CDA70E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of log ============================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

redtarget.gif
How do you actually know that your debit card had been compromised?

redtarget.gif
Uninstall following unwanted program:

Expresso


redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
I looked in my online banking and saw entries that I didn't recognize authorizing any payment for and then talked to the bank and found that multiple entries were fraudulent. This has happened repeatedly since I switched from Bank of America online banking to a local credit union with relatively robust online banking, but not of the caliber (probably) of BoA.

RogueKiller V10.9.4.0 [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : FoolForGod [Administrator]
Started from : C:\Users\Well\Desktop\RogueKiller.exe
Mode : Delete -- Date : 07/31/2015 19:07:43

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3671931335-1126879999-2394397564-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.wikipedia.org/ -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3671931335-1126879999-2394397564-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.wikipedia.org/ -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3671931335-1126879999-2394397564-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3671931335-1126879999-2394397564-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 39 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 exitpop.paltalk.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 advertising.paltalk.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 yads.zedo.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bannerfarm.ace.advertising.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 udmserve.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 19.142.13/s0.2mdn.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 download.myads.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ec.atdmt.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 dspads.sitescout.netdna-cdn.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 imagen01.247realmedia.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 choices.truste.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 cadreon.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mcdonalds.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 dspads.sitescout.netdna-cdn.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 clickserv2.sitescout.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.lfstmedia.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 content.quantserve.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 cdn.invitemedia.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ib.adnxs.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 s0.2mdn.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 tag.admeld.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.adsonar.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 media.gevalia.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 speed.pointroll.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.adorika.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 media.fastclick.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.adbrite.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adserving.cpxinteractive.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.doubleclick.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.yimg.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 oasads.whitepages.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 spe.atdmt.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 interclick.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.yieldmanager.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.traficmp.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 servedby.advertising.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 cdn.adnxs.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 secure-assets.rubiconproject.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 pagead2.googlesyndication.com

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] s31w66m4.default : user_pref("browser.startup.homepage", "http://www.weather.com/forecast/agr...ail.google.com/mail/&hl=en&service=mail&scc=1"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 Series +++++
--- User ---
[MBR] 1043900b2c13af8e21c4414b407fb085
[BSP] 8e86378d8ee03bd7e8b851f1b3b29016 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1026048 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1640448 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1902592 | Size: 237193 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 487675904 | Size: 350 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk SSD i100 16GB +++++
--- User ---
[MBR] cb89ca7e5c69e6dcde9cd2d1c077de22
[BSP] 0a9420da5d388cf72c9f5653515471d4 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 2048 | Size: 15271 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Hitachi HTS727550A9E364 +++++
--- User ---
[MBR] 759561b4254b004a8e7a846b272795f2
[BSP] b088a46def4a7fb33a4406b5af6fd4c2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476939 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/31/2015
Scan Time: 7:10 PM
Logfile: MBAMreport.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.31.07
Rootkit Database: v2015.07.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: FoolForGod

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398684
Time Elapsed: 7 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

# AdwCleaner v4.208 - Logfile created 31/07/2015 at 19:22:34
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : FoolForGod - URIMANDTHUMMIM
# Running from : C:\Users\Well\Desktop\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Well\AppData\Local\slimware utilities inc
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\SlimWare Utilities Inc
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)

[s31w66m4.default\prefs.js] - Line Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(getaudiofiledocume...*hxxp://(www.)*digg.com/(.{5}.{6})$hxxp:[...]

*************************

AdwCleaner[R0].txt - [1857 bytes] - [25/01/2015 14:31:48]
AdwCleaner[R1].txt - [1466 bytes] - [31/07/2015 19:21:31]
AdwCleaner[S0].txt - [1806 bytes] - [25/01/2015 16:05:04]
AdwCleaner[S1].txt - [1345 bytes] - [31/07/2015 19:22:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1404 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 8.1 x64
Ran by FoolForGod on Fri 07/31/2015 at 19:24:20.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers



~~~ FireFox

Successfully deleted the following from C:\Users\Well\AppData\Roaming\mozilla\firefox\profiles\s31w66m4.default\prefs.js

user_pref(extensions.addonfox.addit.localInstallItems, { \software\: {\r\n \3682\:{\r\n \id\:\3682\,\r\n \type\: \XPI\,\r\n \url\: \\,\r\n \xpi euid\:
user_pref(extensions.lastpass.bd0b78c94beb04fcc19f935b06ceede80481c894cab2577ffbd1170200c43420.searchforsiteswithinaddressbar, true);
user_pref(extensions.lastpass.searchforsiteswithinaddressbar, true);





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/31/2015 at 19:31:36.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Not much there...

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
FRST.txt (part 1):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by FoolForGod (administrator) on URIMANDTHUMMIM (31-07-2015 19:46:50)
Running from C:\Users\Well\Downloads
Loaded Profiles: FoolForGod (Available Profiles: FoolForGod)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-22] (cyberlink)
HKLM-x32\...\Run: [Logitech H760] => C:\Program Files (x86)\Logitech\H760\H760.exe [275800 2010-07-09] (Logitech)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-30] (AVAST Software)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-05-01] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6382144 2014-03-06] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [1294840 2013-11-07] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\Run: [Google Update] => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-09-13] (Google Inc.)
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-01-05]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-06-19]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-06-19]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Well\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech H760 Product Registration.lnk [2013-05-20]
ShortcutTarget: Logitech H760 Product Registration.lnk -> C:\Program Files (x86)\Logitech\H760\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Well\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-01-10]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Well\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk [2013-05-20]
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wikipedia.org/
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3671931335-1126879999-2394397564-1001 -> {F365336B-33BA-49D5-8E2A-5A7139EAF55C} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-30] (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-19] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-30] (AVAST Software)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-19] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-06-19] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-06-19] (LastPass)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2015-07-02] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2015-07-02] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7570D282-AB4A-47DD-8838-12505FB358B5}: [NameServer] 75.75.75.75,75.75.76.76
Tcpip\..\Interfaces\{7570D282-AB4A-47DD-8838-12505FB358B5}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B1434F19-BBF6-4681-8B3B-BB0CE53F9714}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxp://www.weather.com/forecast/agricultur...ail.google.com/mail/&hl=en&service=mail&scc=1
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-19] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-06-19] (LastPass)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3671931335-1126879999-2394397564-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Well\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3671931335-1126879999-2394397564-1001: @talk.google.com/O1DPlugin -> C:\Users\Well\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3671931335-1126879999-2394397564-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Well\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3671931335-1126879999-2394397564-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Well\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Well\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Well\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Xmarks - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\foxmarks@kei.com [2015-05-29]
FF Extension: LastPass - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\support@lastpass.com [2015-07-19]
FF Extension: IE Tab - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2015-05-29]
FF Extension: Disconnect - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\2.0@disconnect.me.xpi [2015-07-31]
FF Extension: Ghostery - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\firefox@ghostery.com.xpi [2014-01-14]
FF Extension: Lightbeam - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-06-16]
FF Extension: DuckDuckGo Plus - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2015-06-16]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2013-05-24]
FF Extension: NoScript - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-06-16]
FF Extension: Adblock Plus - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-17]
FF Extension: BetterPrivacy - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-05-20]
FF Extension: Tab Mix Plus - C:\Users\Well\AppData\Roaming\Mozilla\Firefox\Profiles\s31w66m4.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-10-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-20]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-05]

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AESMFilters; C:\Windows\system32\AESMSr64.exe [103112 2015-04-21] (Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-21] (Avast Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-22] (CyberLink)
S2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3025248 2015-07-07] (Samsung Electronics CO., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-05-01] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-05-01] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-30] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-02] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [33488 2013-09-06] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3351520 2014-07-02] (Intel Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-30] (AVAST Software)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-11-01] (Windows (R) 2003 DDK 3790 provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-01-08] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\drivers\tib_mounter.sys [248648 2015-07-19] (Acronis International GmbH)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-31] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-21] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 SBIOSIO; \??\C:\Users\Well\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FRST.txt (part 2):

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 19:31 - 2015-07-31 19:31 - 00001195 _____ C:\Users\Well\Desktop\JRT.txt
2015-07-31 19:23 - 2015-07-31 19:24 - 00001484 _____ C:\Users\Well\Desktop\AdwCleaner[S1].txt
2015-07-31 19:20 - 2015-07-31 19:20 - 00001049 _____ C:\Users\Well\Desktop\MBAMreport.txt
2015-07-31 19:09 - 2015-07-31 19:09 - 00012024 _____ C:\Users\Well\Desktop\RKreport.txt
2015-07-31 19:02 - 2015-07-31 19:02 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-07-31 19:02 - 2015-07-31 19:02 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-31 18:59 - 2015-07-31 18:58 - 02248704 _____ C:\Users\Well\Desktop\adwcleaner_4.208.exe
2015-07-31 18:59 - 2015-07-31 18:58 - 01798176 _____ (Malwarebytes Corporation) C:\Users\Well\Desktop\JRT.exe
2015-07-31 18:58 - 2015-07-31 18:58 - 02248704 _____ C:\Users\Well\Downloads\adwcleaner_4.208.exe
2015-07-31 18:58 - 2015-07-31 18:58 - 01798176 _____ (Malwarebytes Corporation) C:\Users\Well\Downloads\JRT.exe
2015-07-31 18:33 - 2015-07-31 18:33 - 18718280 _____ C:\Users\Well\Desktop\RogueKiller.exe
2015-07-31 18:32 - 2015-07-31 18:33 - 18718280 _____ C:\Users\Well\Downloads\RogueKiller.exe
2015-07-31 13:54 - 2015-07-31 13:54 - 00045445 _____ C:\Users\Well\Downloads\Addition.txt
2015-07-31 13:53 - 2015-07-31 19:46 - 00026687 _____ C:\Users\Well\Downloads\FRST.txt
2015-07-31 13:53 - 2015-07-31 19:46 - 00000000 ____D C:\FRST
2015-07-31 13:53 - 2015-07-31 13:53 - 02168832 _____ (Farbar) C:\Users\Well\Downloads\FRST64.exe
2015-07-30 18:43 - 2015-07-31 19:23 - 00001262 _____ C:\WINDOWS\PFRO.log
2015-07-30 18:43 - 2015-07-31 19:23 - 00000231 _____ C:\WINDOWS\setupact.log
2015-07-30 18:43 - 2015-07-30 18:43 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-30 17:40 - 2015-07-30 17:41 - 00014236 _____ C:\Users\Well\Documents\cc_20150730_174056.reg
2015-07-30 17:39 - 2015-07-30 17:40 - 06609608 _____ (Piriform Ltd) C:\Users\Well\Downloads\ccsetup508.exe
2015-07-30 17:31 - 2015-07-30 17:31 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-07-30 17:31 - 2015-07-30 17:31 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-30 16:49 - 2015-07-30 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-07-30 16:41 - 2015-07-25 09:34 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-30 16:41 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-30 16:41 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-07-30 16:41 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-07-30 16:41 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-07-30 16:41 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-07-30 16:41 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-07-30 16:41 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-07-30 16:41 - 2015-06-09 18:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-07-30 16:41 - 2015-06-09 18:39 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-07-30 16:41 - 2015-06-09 18:38 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-30 16:41 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-27 21:01 - 2015-07-27 21:01 - 10191296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 08979792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 08864960 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 08007856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 07482080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 01213224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00471352 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00151968 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00143088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00130104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00117640 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00112400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00110352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-07-27 21:01 - 2015-07-27 21:01 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 47794200 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 39723544 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 30760984 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 27544600 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 25308696 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 22327312 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 21633560 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-07-27 20:58 - 2015-07-27 20:58 - 15725592 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 14310936 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 01196072 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 01070632 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 01004072 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00935448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00935448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00874520 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00807456 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00673816 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-07-27 20:58 - 2015-07-27 20:58 - 00451096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00375832 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00243736 _____ C:\WINDOWS\system32\clinfo.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00213528 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00199704 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00198672 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00168984 _____ C:\WINDOWS\system32\atieah64.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00165400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00152600 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00150552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00143384 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00132120 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00111640 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00111128 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00097816 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00089624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00083992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00078360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00078360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00073752 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00071192 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00068120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00064536 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00060952 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00059928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-07-27 20:58 - 2015-07-27 20:58 - 00059416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00057880 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00052248 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00048152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00038424 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-07-27 20:58 - 2015-07-27 20:58 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-07-26 17:44 - 2015-07-26 17:44 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-07-26 17:44 - 2015-07-26 17:44 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-07-26 17:44 - 2015-07-26 17:44 - 00737410 _____ C:\WINDOWS\system32\atiicdxx.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00322868 _____ C:\WINDOWS\system32\ativvaxy_vi.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00321200 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00255808 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00250884 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00249088 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00234420 _____ C:\WINDOWS\system32\ativvaxy_cik.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00232752 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00169152 _____ C:\WINDOWS\system32\ativce03.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2015-07-26 17:44 - 2015-07-26 17:44 - 00047664 _____ C:\WINDOWS\system32\kapp_ci.sbin
2015-07-26 17:44 - 2015-07-26 17:44 - 00043408 _____ C:\WINDOWS\system32\kapp_si.sbin
2015-07-26 17:43 - 2015-07-26 17:43 - 00833798 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-07-26 17:43 - 2015-07-26 17:43 - 00660912 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-07-26 17:43 - 2015-07-26 17:43 - 00660912 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-07-26 17:43 - 2015-07-26 17:43 - 00167456 _____ C:\WINDOWS\system32\amde31a.dat
2015-07-21 13:10 - 2015-07-30 17:31 - 00115152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2015-07-20 14:18 - 2015-07-14 10:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-20 14:18 - 2015-07-14 10:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-20 14:18 - 2015-07-14 10:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-20 14:18 - 2015-07-14 10:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-19 20:05 - 2015-07-19 20:05 - 00248648 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib_mounter.sys
2015-07-18 18:53 - 2015-07-18 18:53 - 00003434 _____ C:\WINDOWS\System32\Tasks\Settings
2015-07-18 18:52 - 2015-07-18 18:52 - 00002044 _____ C:\Users\Public\Desktop\Samsung Settings.lnk
2015-07-18 18:51 - 2015-07-18 18:51 - 00002998 _____ C:\WINDOWS\System32\Tasks\SUPatchForW10Up
2015-07-18 18:48 - 2015-07-18 18:51 - 00001910 _____ C:\Users\Public\Desktop\Samsung Update.lnk
2015-07-15 19:50 - 2015-07-15 19:50 - 00000000 ____D C:\Users\Well\AppData\Local\Windows Live
2015-07-15 13:48 - 2015-07-09 15:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 13:48 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 13:48 - 2015-07-09 12:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 13:48 - 2015-07-09 11:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 13:48 - 2015-07-09 11:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 13:48 - 2015-07-09 11:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 13:48 - 2015-07-09 11:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 13:48 - 2015-07-09 11:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 13:48 - 2015-07-09 11:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 13:48 - 2015-07-09 11:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 13:48 - 2015-07-09 11:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 13:48 - 2015-07-09 11:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 13:48 - 2015-07-09 11:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 11:40 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 11:40 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 11:40 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 11:40 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 11:40 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 11:40 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 11:40 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 11:40 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 11:40 - 2015-07-01 18:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 11:40 - 2015-07-01 17:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 11:40 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 11:40 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 11:40 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 11:40 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 11:40 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 11:40 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 11:40 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 11:40 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 11:40 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 11:40 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 11:40 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 11:40 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 11:40 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 11:40 - 2015-06-24 22:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 11:40 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 11:40 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 11:40 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 11:40 - 2015-06-15 18:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 11:40 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-15 18:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 11:40 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 11:40 - 2015-06-15 18:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 11:40 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 11:40 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 11:40 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 11:40 - 2015-06-15 17:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 11:40 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 11:40 - 2015-06-15 17:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 11:40 - 2015-06-15 17:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 11:40 - 2015-06-15 17:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 11:40 - 2015-06-15 17:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 11:40 - 2015-06-15 17:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 11:40 - 2015-06-15 17:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 11:40 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 11:40 - 2015-06-15 17:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 11:40 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 11:40 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 11:40 - 2015-06-15 17:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 11:40 - 2015-06-15 17:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 11:40 - 2015-06-15 16:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 11:40 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 11:40 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 11:40 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 11:40 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 11:40 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 11:40 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 11:40 - 2015-06-15 16:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 11:40 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 11:40 - 2015-06-15 16:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 11:40 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 11:40 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 11:40 - 2015-06-15 16:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 11:40 - 2015-06-15 16:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 11:40 - 2015-06-15 16:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 11:40 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 11:40 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 11:40 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 11:40 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 11:40 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 11:40 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-09 22:15 - 2015-06-29 18:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-09 22:15 - 2015-06-29 11:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-09 22:15 - 2015-06-29 11:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-09 22:15 - 2015-06-29 11:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-09 22:15 - 2015-06-29 11:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-09 22:15 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-09 22:15 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-09 22:15 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-09 22:15 - 2015-06-26 19:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-09 22:15 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-08 14:37 - 2015-07-08 14:37 - 00010209 _____ C:\Users\Well\Downloads\Detailed Product Information.txt
2015-07-08 14:04 - 2015-07-08 14:04 - 00001725 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-08 14:04 - 2015-07-08 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-08 14:04 - 2015-07-08 14:04 - 00000000 ____D C:\Program Files\iTunes
2015-07-08 14:04 - 2015-07-08 14:04 - 00000000 ____D C:\Program Files\iPod
2015-07-08 14:04 - 2015-07-08 14:04 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-02 15:40 - 2015-07-02 15:40 - 00002165 _____ C:\Users\Well\Downloads\payment-history.csv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 19:34 - 2015-06-01 11:39 - 01639441 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-31 19:28 - 2013-11-14 03:28 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-31 19:26 - 2014-03-03 15:03 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2015-07-31 19:23 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-31 19:22 - 2015-01-25 14:31 - 00000000 ____D C:\AdwCleaner
2015-07-31 19:10 - 2014-07-01 13:44 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-31 19:02 - 2015-06-20 23:42 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-31 19:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-31 19:01 - 2014-11-07 21:31 - 00015818 _____ C:\WINDOWS\BRRBCOM.INI
2015-07-31 18:57 - 2013-05-20 20:20 - 00000000 ____D C:\Users\Public\Documents\Dave Spiritual
2015-07-31 18:56 - 2014-07-10 23:19 - 00000000 ____D C:\Users\Well\Documents\Physical
2015-07-31 18:48 - 2014-09-13 17:17 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001UA.job
2015-07-31 18:41 - 2013-05-18 13:21 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3671931335-1126879999-2394397564-1001
2015-07-31 13:47 - 2014-03-13 00:15 - 00003970 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BCAA8818-6C5F-415D-BBD2-9A7BB05224AA}
2015-07-30 18:43 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
2015-07-30 17:40 - 2014-10-09 21:00 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-30 17:40 - 2013-05-23 23:00 - 00000000 ____D C:\Users\Well\AppData\Roaming\TeamViewer
2015-07-30 17:40 - 2013-05-20 12:45 - 00000796 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-30 17:40 - 2013-05-20 12:45 - 00000000 ____D C:\Program Files\CCleaner
2015-07-30 17:36 - 2014-07-01 13:43 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-30 17:36 - 2014-07-01 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-30 17:36 - 2014-07-01 13:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-30 17:31 - 2014-04-18 00:20 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-30 17:31 - 2013-12-28 03:37 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-30 17:31 - 2013-12-20 15:36 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-30 17:31 - 2013-11-08 19:08 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-07-30 17:31 - 2013-05-20 00:38 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-30 17:31 - 2013-05-20 00:37 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-30 17:31 - 2013-05-20 00:37 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-30 17:31 - 2013-05-20 00:37 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-30 17:31 - 2013-05-20 00:37 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-30 16:49 - 2014-01-24 18:55 - 00000000 ____D C:\AMD
2015-07-30 16:49 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-30 14:13 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-30 11:56 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-30 11:44 - 2015-06-20 23:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-07-27 21:01 - 2013-12-22 03:23 - 12062080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-07-27 21:01 - 2013-12-22 03:23 - 01467312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-07-27 21:01 - 2013-12-22 03:23 - 00162272 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-07-27 20:58 - 2015-05-18 16:04 - 00681496 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-07-27 20:58 - 2015-05-18 16:04 - 00255512 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-07-27 20:58 - 2014-11-20 22:09 - 01256472 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-07-27 15:08 - 2015-06-20 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-07-27 10:48 - 2014-09-13 17:17 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001Core.job
2015-07-26 18:36 - 2015-04-15 11:34 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-26 15:45 - 2014-02-02 01:10 - 00000000 ____D C:\Users\Public\Documents\Dave Spiritual Other
2015-07-26 10:06 - 2013-05-21 09:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-22 21:11 - 2013-05-20 13:42 - 00000000 ____D C:\Users\Well\AppData\Roaming\vlc
2015-07-22 21:00 - 2015-06-20 14:56 - 00000000 ____D C:\Users\Well\AppData\Roaming\LastPass
2015-07-21 13:45 - 2014-11-03 17:28 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-07-21 13:45 - 2014-11-03 17:28 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-07-21 13:08 - 2013-08-22 10:44 - 00423528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-20 11:07 - 2015-04-18 12:29 - 00001067 _____ C:\Users\Well\Desktop\Notepad++.lnk
2015-07-18 19:16 - 2013-05-20 14:29 - 00004105 _____ C:\setup.log
2015-07-18 19:08 - 2014-01-26 17:02 - 00080457 _____ C:\Users\Well\Desktop\Confessing Order.xlsx
2015-07-18 19:08 - 2013-05-20 15:11 - 00000000 ____D C:\Users\Well\Documents\Samsung
2015-07-18 18:52 - 2012-09-25 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-07-18 18:52 - 2012-09-25 05:13 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-07-18 18:51 - 2012-09-25 05:28 - 00000000 ____D C:\ProgramData\SAMSUNG
2015-07-16 21:09 - 2014-09-30 00:15 - 00001975 _____ C:\Users\Well\Documents\Movies.txt
2015-07-16 10:43 - 2014-09-13 17:17 - 00003902 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001UA
2015-07-16 10:43 - 2014-09-13 17:17 - 00003522 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001Core
2015-07-15 19:04 - 2014-03-03 15:03 - 00000000 ____D C:\ProgramData\Western Digital
2015-07-15 19:04 - 2014-03-03 15:03 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2015-07-15 19:04 - 2014-03-03 15:03 - 00000000 ____D C:\Program Files (x86)\Western Digital
2015-07-15 19:04 - 2013-05-20 12:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-15 18:29 - 2015-05-09 16:04 - 00000000 ____D C:\Users\Well\AppData\Roaming\Apple Computer
2015-07-15 15:17 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-15 15:03 - 2015-06-26 16:03 - 00001726 _____ C:\WINDOWS\Sandboxie.ini
2015-07-15 13:53 - 2013-05-20 12:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 13:51 - 2013-08-15 09:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 13:48 - 2015-04-15 11:34 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-15 11:47 - 2014-12-10 18:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 11:46 - 2014-12-25 12:58 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 17:59 - 2014-06-27 13:09 - 00000000 ____D C:\Users\Well\AppData\Local\Adobe
2015-07-13 17:10 - 2013-08-22 11:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 17:10 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 22:16 - 2015-04-15 17:38 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-09 22:16 - 2015-03-10 23:00 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-09 21:27 - 2014-12-02 22:07 - 00000000 __SHD C:\Users\Well\AppData\Local\EmieBrowserModeList
2015-07-09 21:27 - 2014-06-14 13:38 - 00000000 __SHD C:\Users\Well\AppData\Local\EmieUserList
2015-07-09 21:27 - 2014-06-14 13:38 - 00000000 __SHD C:\Users\Well\AppData\Local\EmieSiteList
2015-07-09 21:18 - 2013-06-03 21:50 - 00000000 ____D C:\Users\Well\AppData\Roaming\CyberLink
2015-07-08 14:04 - 2015-05-09 16:03 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-08 14:04 - 2015-05-09 16:03 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-08 14:01 - 2013-06-01 08:26 - 00000000 ____D C:\ProgramData\Skype
2015-07-06 00:16 - 2013-05-21 15:26 - 00000000 ____D C:\Users\Public\Documents\Spiritual Tools
2015-07-05 19:27 - 2014-02-09 19:47 - 00002190 _____ C:\Users\Well\Desktop\Prob Solution Denial of Solution.txt
2015-07-04 14:37 - 2015-05-27 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-04 14:37 - 2015-05-27 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 08:43 - 2013-05-19 21:21 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-01 22:24 - 2013-05-20 13:31 - 00000000 ____D C:\Users\Well\Documents\e-Sword

==================== Files in the root of some directories =======

2014-11-07 21:47 - 2005-12-08 22:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
2015-06-19 14:53 - 2015-06-19 14:53 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-05-18 13:12 - 2013-05-19 22:11 - 0001508 _____ () C:\Users\Well\AppData\Roaming\AbsoluteReminder.xml
2013-09-06 23:27 - 2013-09-06 23:27 - 0001167 _____ () C:\Users\Well\AppData\Roaming\trace_FilterInstaller.txt
2013-09-06 23:27 - 2013-09-06 23:27 - 0000000 _____ () C:\Users\Well\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-08-30 10:07 - 2014-08-16 19:22 - 0005120 _____ () C:\Users\Well\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-13 22:31 - 2014-09-13 22:31 - 0007619 _____ () C:\Users\Well\AppData\Local\Resmon.ResmonCfg
2012-09-25 05:23 - 2012-09-25 05:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-09-25 05:47 - 2012-08-06 04:23 - 0000031 _____ () C:\ProgramData\ECReset_Partition.bat
2012-09-25 05:47 - 2012-08-06 05:34 - 1782152 _____ (Samsung Electronics) C:\ProgramData\ExpressCacheRun.exe
2013-05-20 13:09 - 2013-02-21 16:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-05-20 13:09 - 2013-01-12 23:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Files to move or delete:
====================
C:\ProgramData\ECReset_Partition.bat
C:\ProgramData\ExpressCacheRun.exe
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some files in TEMP:
====================
C:\Users\Well\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Well\AppData\Local\Temp\Quarantine.exe
C:\Users\Well\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-31 19:37

==================== End of log ============================
 
Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by FoolForGod (2015-07-31 19:47:12)
Running from C:\Users\Well\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3671931335-1126879999-2394397564-500 - Administrator - Disabled)
FoolForGod (S-1-5-21-3671931335-1126879999-2394397564-1001 - Administrator - Enabled) => C:\Users\Well
Guest (S-1-5-21-3671931335-1126879999-2394397564-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version: - )
Agent Ransack x64 (HKLM\...\{58C0AC50-8FA1-4A95-AEC6-5B2727E5CC6A}) (Version: 7.0.820.1 - Mythicsoft Ltd)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AutoIt Debugger 0.47.0 (HKLM-x32\...\AutoIt Debugger) (Version: 0.47.0 - Essential Software)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.8.0.17 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.1.7 - Canon Inc.)
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.14 - Dolby Laboratories Inc)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers)
e-Sword Macros for Word 2010 (HKLM-x32\...\{42E7C0DA-0DC2-47FF-A3AF-AF011BC5F21E}) (Version: 10.04.0000 - Rick Meyers)
e-Sword Training Demos (HKLM-x32\...\{94AF494C-9CD7-4D20-B83C-C29D1384BBA6}) (Version: 9.00.0003 - Rick Meyers)
ETDWare X64 11.7.18.2_WHQL (HKLM\...\Elantech) (Version: 11.7.18.2 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{7288D4E1-8050-4B81-B9EC-F812D17AD693}) (Version: 16.1.1.0084 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LG USB Drivers (HKLM-x32\...\LG USB Drivers) (Version: - )
Logitech H760 (HKLM\...\{55EEEF58-7B7A-421A-8188-BD62D73E1E64}) (Version: 1.0.161 - Logitech)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
ModeShift (HKLM-x32\...\{FE9EE5AB-4A44-4FFE-9D2B-250816303352}) (Version: 1.0.0 - Samsung)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.55 - NTI Corporation) Hidden
Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Paltalk Messenger 11.6 (HKLM-x32\...\Paltalk Messenger) (Version: 11.6.604.17056 - AVM Software Inc.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: - NCH Software)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
RadioSure (HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\RadioSure) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28145 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.53 - Samsung Electronics CO., LTD.) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.0.1 - Samsung Electronics)
Samsung Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Samsung Update (HKLM-x32\...\{00ABE05F-DB49-4421-AA35-833DD9A9A94D}) (Version: 2.2.12 - Samsung Electronics CO., LTD.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
SciTE4AutoIt3 14.801.2025.0 (HKLM-x32\...\SciTE4AutoIt3) (Version: 14.801.2025.0 - Jos van der Zande)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Support Center (HKLM\...\{711DE117-767F-48A8-9864-66C525B9539F}) (Version: 2.1.1223 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
True Image WD Edition (HKLM-x32\...\{85CB1512-2D4A-4469-AC21-6B111D169CEB}) (Version: 16.0.5962 - Acronis)
User Guide (HKLM-x32\...\{1AF4E383-CB84-4759-850E-FA584635905A}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoipStunt (HKLM-x32\...\VoipStunt_is1) (Version: 4.13 build 737 - Finarea S.A. Switzerland)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{B74717F4-9E4D-4FEF-B234-97EC2ADACFD8}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{E0223E66-5682-4F65-9F5D-A2AB7C593323}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{f8b1c3bb-688a-4421-a45e-a22dd15f22ee}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
XNote Stopwatch (HKLM-x32\...\XNote Stopwatch) (Version: 1.66 - dnSoft Research Group)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3671931335-1126879999-2394397564-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Well\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3671931335-1126879999-2394397564-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Well\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

30-07-2015 18:55:17 Scheduled Checkpoint
31-07-2015 19:24:25 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2013-05-20 20:39 - 00002023 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 exitpop.paltalk.com
127.0.0.1 advertising.paltalk.com
127.0.0.1 yads.zedo.com
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 udmserve.net
127.0.0.1 19.142.13/s0.2mdn.net
127.0.0.1 download.myads.com
127.0.0.1 ec.atdmt.com
127.0.0.1 dspads.sitescout.netdna-cdn.com
127.0.0.1 imagen01.247realmedia.com
127.0.0.1 choices.truste.com
127.0.0.1 cadreon.com
127.0.0.1 mcdonalds.com
127.0.0.1 dspads.sitescout.netdna-cdn.com
127.0.0.1 clickserv2.sitescout.com
127.0.0.1 ads.lfstmedia.com
127.0.0.1 content.quantserve.com
127.0.0.1 cdn.invitemedia.net
127.0.0.1 ib.adnxs.com
127.0.0.1 s0.2mdn.net
127.0.0.1 tag.admeld.com
127.0.0.1 ads.adsonar.com
127.0.0.1 media.gevalia.com
127.0.0.1 speed.pointroll.com
127.0.0.1 ad.adorika.com
127.0.0.1 media.fastclick.net
127.0.0.1 ads.adbrite.com
127.0.0.1 adserving.cpxinteractive.com
127.0.0.1 ad.doubleclick.net

There are 9 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BAE8A1-B071-408E-8E41-BA8C5204E4ED} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {0C2E1900-25BF-4D46-BA99-63FA3D533B64} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-30] (AVAST Software)
Task: {148BB49E-9F05-4E96-892A-555B6121E94B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {16A10116-A55F-40DB-A8A2-A73000529293} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {190DDF05-5615-4485-90BB-FFDAC2466F35} - System32\Tasks\{CC3C42C5-A13A-4C00-8014-75F95CFE54D5} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {2377E46E-E4C4-4A77-A6BA-50CF6682E248} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {3DDD787D-788D-42E3-8053-CCDFE166BCBA} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-07-02] (Samsung Electronics CO., LTD.)
Task: {458A1C5E-8587-441E-84E8-312DF9EFBD8D} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-06-14] (Dolby Laboratories Inc.)
Task: {53F14695-2E20-4695-A285-AF65699AB444} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2015-06-19] (Samsung Electronics CO., LTD.)
Task: {82F43275-372D-4086-BF08-DFE396D580A2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001Core => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
Task: {9C0B667C-6A32-426E-826F-D5616847D58B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {BEF52434-D1A2-404F-A0F4-FF75CFDEC36E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {C0E70ABA-4ADC-4E31-B44E-996D75743A46} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001UA => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe [2014-09-13] (Google Inc.)
Task: {CCB6F802-0A04-4A6F-AC19-61A4B9B65A40} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {D5596368-64A5-4034-A9CE-D15E44989D6A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {E85A4125-24F2-4A54-8142-F69F6CB2DD0A} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {F41D5CB8-0162-4F58-A627-DFCD3ED6982C} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-07-01] (Samsung Electronics CO., LTD.)
Task: {F448C3B2-A612-42AB-8C7B-58C46E2A9646} - System32\Tasks\ModeShift => C:\Program Files (x86)\Samsung\ModeShift\ModeShift.exe [2013-04-25] (Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001Core.job => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3671931335-1126879999-2394397564-1001UA.job => C:\Users\Well\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-06 16:31 - 2013-04-15 12:50 - 00198144 _____ () C:\WINDOWS\System32\HP1006LM.DLL
2014-11-06 16:31 - 2013-04-15 12:50 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1006PP.dll
2014-11-07 21:54 - 2005-04-22 00:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2015-04-15 16:13 - 2015-04-15 16:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-30 17:31 - 2015-07-30 17:31 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-30 17:31 - 2015-07-30 17:31 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-31 18:59 - 2015-07-31 18:59 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15073103\algo.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 01272128 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2015-03-05 11:50 - 2015-03-05 11:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-25 19:41 - 2013-09-16 13:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-03-06 01:10 - 2014-03-06 01:10 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Well\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Logitech H760"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run32: => "BackupNowEZtray"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "Logitech H760 Product Registration.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\...\StartupApproved\Run: => "SandboxieControl"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{8D0908B4-C0A6-4216-8978-4A3444C7C1A4}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [TCP Query User{DF6F32E1-8F15-4D6E-9522-D7FD379AFB15}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [UDP Query User{EC593F76-03E6-482A-85E2-EC860800DE0D}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{BD1AB08A-09C9-4008-9EF1-2E0D8C4A07D8}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{A522B52F-365D-4915-9281-8FA014DB0390}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{7D861602-0693-43C9-8BEE-23549BF8B19B}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{4C4EDDB9-5AF7-465E-8D77-2B863AB93F01}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{29CD4B59-66DD-47E0-9C01-12D9ECB74531}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E3DC4304-CAAA-4BA5-BE7B-1B0DE616442A}] => (Allow) LPort=1900
FirewallRules: [{6C1B83AD-9D75-4EE8-B3B2-2EEA5B2008B1}] => (Allow) LPort=2869
FirewallRules: [{36617355-9767-40F4-80A0-343ED497E7B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E4810909-9E08-4944-9349-4317240BC0C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{55086C40-6C60-4776-B84F-E19C46A36596}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{3F68F9C3-4277-41AC-9F4C-8985DD7E7DF7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{AD8286FF-D204-49F8-A9B0-783AE96617C3}C:\users\well\appdata\local\radiosure\radiosure.exe] => (Block) C:\users\well\appdata\local\radiosure\radiosure.exe
FirewallRules: [UDP Query User{337E534C-1DEF-4846-90DD-F38A16A063EB}C:\users\well\appdata\local\radiosure\radiosure.exe] => (Block) C:\users\well\appdata\local\radiosure\radiosure.exe
FirewallRules: [TCP Query User{9002FAEA-9578-43BE-8733-D5B5785FE62C}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [UDP Query User{04444AAA-D272-4434-9B6F-CA0889B5F868}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe
FirewallRules: [TCP Query User{1E35576B-E5A4-4490-875C-02DE274FFDC2}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [UDP Query User{ABC627F6-4A54-4F0C-88A7-9F63DBA39076}C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe] => (Allow) C:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe
FirewallRules: [{6512B074-4292-45B6-A2D9-BDAF6E8AE997}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE
FirewallRules: [{F7863D64-C61D-407C-8D98-4B7E7A779696}] => (Allow) LPort=54925
FirewallRules: [{8F575D0E-709A-4926-B3C8-A8C6428D82DE}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{FE9013C6-5FBA-4F8A-A87F-7CBC207C9083}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{96B7ECE7-DA12-4CDB-8891-6A8A315BEC6A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DF1D136B-750A-4463-9C55-4D4E0F47CD9C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F2B4AF0-B7C5-4AE0-A88E-9B3D7140F349}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{370406F2-B574-4D25-A1FC-8C2101742102}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EBF1A2EC-A278-4394-B9B5-541DD9EA1122}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F61D6865-8843-49C5-B487-5FA0F5E533E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6E39BA6C-B680-432E-8604-BCFD593E03A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5142ABC5-9430-4C27-AC68-BDDD37BBD012}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{102087B8-370D-4F07-A951-F2FD1CD8F072}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E3BEEA0D-6C18-4754-B7B7-68BAD70EC00B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{911568F1-566B-4701-8A7D-032104B2EE1C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BC555189-D3E1-4EDD-BB85-0B3463D1EE5B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{552D6BFB-8115-497F-B832-90866C781A88}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F0BD1075-5161-497B-94A6-0AC4FA466B0F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8AF6EAC6-09E7-48CB-9C50-0029B3E61882}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2015 07:37:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/31/2015 07:37:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/31/2015 07:23:23 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/31/2015 07:22:36 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler4

Error: (07/31/2015 07:22:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DeviceAssociationService, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000374
Fault offset: 0x00000000000f0f20
Faulting process id: 0x4ec
Faulting application start time: 0xsvchost.exe_DeviceAssociationService0
Faulting application path: svchost.exe_DeviceAssociationService1
Faulting module path: svchost.exe_DeviceAssociationService2
Report Id: svchost.exe_DeviceAssociationService3
Faulting package full name: svchost.exe_DeviceAssociationService4
Faulting package-relative application ID: svchost.exe_DeviceAssociationService5

Error: (07/31/2015 04:07:14 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/31/2015 04:07:13 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/31/2015 02:32:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250

Error: (07/31/2015 02:32:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250

Error: (07/31/2015 02:32:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/31/2015 07:43:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bluetooth Device Monitor service.

Error: (07/31/2015 07:42:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bluetooth Device Monitor service.

Error: (07/31/2015 07:38:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bluetooth Device Monitor service.

Error: (07/31/2015 07:37:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bluetooth Device Monitor service.

Error: (07/31/2015 07:26:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/31/2015 07:26:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Sync Agent Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/31/2015 07:26:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/31/2015 07:26:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (07/31/2015 07:26:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/31/2015 07:26:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Centrino® Wireless Bluetooth® + High Speed Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (07/31/2015 07:37:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\The parameter is incorrect. (0x80070057)

Error: (07/31/2015 07:37:17 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (07/31/2015 07:23:23 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (07/31/2015 07:22:36 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler4

Error: (07/31/2015 07:22:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DeviceAssociationService6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c000037400000000000f0f204ec01d0cbb85620228eC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll067c51e2-37db-11e5-82da-50b7c37841b3

Error: (07/31/2015 04:07:14 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{2b332f6d-6f79-4cf3-b1e2-d1b9126e30a9}\The parameter is incorrect. (0x80070057)

Error: (07/31/2015 04:07:13 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (07/31/2015 02:32:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250

Error: (07/31/2015 02:32:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250

Error: (07/31/2015 02:32:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity:
===================================
Date: 2015-07-21 13:12:42.266
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:41.984
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:41.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:41.375
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:36.265
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:35.952
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:26.967
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:26.639
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:26.248
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-21 13:12:25.848
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16342.2 MB
Available physical RAM: 13657.35 MB
Total Virtual: 32726.2 MB
Available Virtual: 29683.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.63 GB) (Free:102.58 GB) NTFS
Drive d: (2ndHDD) (Fixed) (Total:465.76 GB) (Free:391.3 GB) NTFS
Drive e: (PLAYDISC) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 267D4F5E)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 92CDA70E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    2.1 KB · Views: 3
Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by FoolForGod (2015-07-31 20:32:07) Run:1
Running from C:\Users\Well\Desktop
Loaded Profiles: FoolForGod (Available Profiles: FoolForGod)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-3671931335-1126879999-2394397564-1001 -> {F365336B-33BA-49D5-8E2A-5A7139EAF55C} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File
S3 SBIOSIO; \??\C:\Users\Well\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
2014-11-07 21:47 - 2005-12-08 22:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
2015-06-19 14:53 - 2015-06-19 14:53 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-05-18 13:12 - 2013-05-19 22:11 - 0001508 _____ () C:\Users\Well\AppData\Roaming\AbsoluteReminder.xml
2013-09-06 23:27 - 2013-09-06 23:27 - 0001167 _____ () C:\Users\Well\AppData\Roaming\trace_FilterInstaller.txt
2013-09-06 23:27 - 2013-09-06 23:27 - 0000000 _____ () C:\Users\Well\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-08-30 10:07 - 2014-08-16 19:22 - 0005120 _____ () C:\Users\Well\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-13 22:31 - 2014-09-13 22:31 - 0007619 _____ () C:\Users\Well\AppData\Local\Resmon.ResmonCfg
2012-09-25 05:23 - 2012-09-25 05:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-09-25 05:47 - 2012-08-06 04:23 - 0000031 _____ () C:\ProgramData\ECReset_Partition.bat
2012-09-25 05:47 - 2012-08-06 05:34 - 1782152 _____ (Samsung Electronics) C:\ProgramData\ExpressCacheRun.exe
2013-05-20 13:09 - 2013-02-21 16:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-05-20 13:09 - 2013-01-12 23:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
C:\ProgramData\ECReset_Partition.bat
C:\ProgramData\ExpressCacheRun.exe
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
C:\Users\Well\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Well\AppData\Local\Temp\Quarantine.exe
C:\Users\Well\AppData\Local\Temp\sqlite3.dll

*****************

"HKU\S-1-5-21-3671931335-1126879999-2394397564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F365336B-33BA-49D5-8E2A-5A7139EAF55C}" => key removed successfully
HKCR\CLSID\{F365336B-33BA-49D5-8E2A-5A7139EAF55C} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
"HKCR\PROTOCOLS\Handler\gopher" => key removed successfully
HKCR\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b} => key not found.
"HKCR\PROTOCOLS\Filter\deflate" => key removed successfully
HKCR\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
"HKCR\PROTOCOLS\Filter\gzip" => key removed successfully
HKCR\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
"HKCR\PROTOCOLS\Filter\lzdhtml" => key removed successfully
HKCR\CLSID\{8f6b0360-b80d-11d0-a9b3-006097942311} => key not found.
SBIOSIO => service removed successfully
C:\Program Files (x86)\BRINST.INI => moved successfully.
C:\Program Files (x86)\Common Files\lpuninstall.exe => moved successfully.
C:\Users\Well\AppData\Roaming\AbsoluteReminder.xml => moved successfully.
C:\Users\Well\AppData\Roaming\trace_FilterInstaller.txt => moved successfully.
C:\Users\Well\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt => moved successfully.
C:\Users\Well\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
C:\Users\Well\AppData\Local\Resmon.ResmonCfg => moved successfully.
C:\ProgramData\DP45977C.lfl => moved successfully.
C:\ProgramData\ECReset_Partition.bat => moved successfully.
C:\ProgramData\ExpressCacheRun.exe => moved successfully.
C:\ProgramData\MakeMarkerFile.exe => moved successfully.
C:\ProgramData\MakeMarkerFile.xml => moved successfully.
"C:\ProgramData\ECReset_Partition.bat" => File/Folder not found.
"C:\ProgramData\ExpressCacheRun.exe" => File/Folder not found.
"C:\ProgramData\MakeMarkerFile.exe" => File/Folder not found.
C:\Users\EasySurvey\EasySurvey.exe => moved successfully.
C:\Users\Well\AppData\Local\Temp\dllnt_dump.dll => moved successfully.
C:\Users\Well\AppData\Local\Temp\Quarantine.exe => moved successfully.
C:\Users\Well\AppData\Local\Temp\sqlite3.dll => moved successfully.

==== End of Fixlog 20:32:07 ====
 
As far as I can tell I highly doubt your computer is involved in those debit card issues.
For that to happen you'd have to have some trojans or rootkits.
None of the found.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
I just realized that I forgot to stop my protection software before running the junkware removal tool in your earlier directions :(

what should I do to rectify that?
 
I keep getting this error when trying to run the Sophos tool:

"'C:\Users\Well\AppData\Local\Temp\RarSFX0' is not accessible"

What am I doing wrong? I did not see a "run" button, but there is an "Install" button, but I never clicked anything.
 
Run this instead of Sophos...

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
I didn't know whether or not to have it search for PUPs, but here's the results with that elected:

C:\Program Files (x86)\NCH Software\Debut\debut.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Debut\debutsetup_v1.82.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\prism.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Prism\prismsetup_v1.95.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Switch\switch.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.47.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Well\Documents\NCH Software Licenses\debutsetup_v1.82.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Well\Documents\NCH Software Licenses\switchsetup_v4.47.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined

sorry about that :(
 
Last edited:
Results of screen317's Security Check version 1.006
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 80
Java version 32-bit out of Date!
Adobe Flash Player 18.0.0.209
Adobe Reader XI
Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 26-07-2015
Ran by FoolForGod (administrator) on 31-07-2015 at 21:10:12
Running from "C:\Users\Well\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

I didn't know whether or not to have it search for PUPs, but here's the results with that elected:

C:\Program Files (x86)\NCH Software\Debut\debut.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Debut\debutsetup_v1.82.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\prism.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Prism\prismsetup_v1.95.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\NCH Software\Switch\switch.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.47.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Well\Documents\NCH Software Licenses\debutsetup_v1.82.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
C:\Users\Well\Documents\NCH Software Licenses\switchsetup_v4.47.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted - quarantined
 
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=======================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
My computer seems to be running well at the moment, but I don't know if I'll see more trouble with the fraud

THANK YOU!!!

I had a question about filehippo tool and also ninite.com's updater tool: would you be so kind as to give me your opinion on the saftey of these tools to not pose a threat themselves? I know you're somewhat endorsing the use of file hippo's tool, obviously, but is there any more you can tell me about that one as well as anything you know about ninite's similar tool? they are both recommended by several sites including howtogeek.com, which seems to have knowledgeable authors (at least more than me :) ); I humbly ask for your advice regarding these tools since they seem attractive to me, but I'm a bit wary of them as I have heard mixed reports; I've been using Avast's software updater tool for awhile now and it seems to be relatively trustworthy

THANK YOU for any and all further advice and help!!!

sincerely!

Dave
 
You must log in or register to reply here.

Similar threads

midian182
New information-stealing malware is being spread by fake pirate sites
Replies
3
Views
636
mbk34
M
midian182
Google removes 25 apps from its Play Store that were stealing Facebook credentials
Replies
7
Views
2K
Angga B
A
midian182
Popular VPN site cloned to spread malware
Replies
7
Views
1K
slamscaper
slamscaper

Latest posts

Back