Solved Scan result of Farbar Recovery Scan Windows Web Access updater has stopped working popup

2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-12-09 17:55 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-12-09 17:55 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-12-09 17:55 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-12-09 17:55 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-12-09 17:55 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-12-09 17:55 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-12-09 17:55 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-12-09 17:55 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-12-09 17:55 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-12-09 17:55 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-12-09 17:55 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-12-09 17:55 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-12-09 17:55 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-12-09 17:55 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-12-09 17:55 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-12-09 17:55 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-12-09 17:55 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-12-09 17:55 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-12-09 17:55 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-12-09 17:55 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-12-09 17:55 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-12-09 17:55 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-12-09 17:55 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-12-09 17:54 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-12-09 17:54 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-12-09 17:54 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-12-09 17:54 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-12-09 17:54 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-12-09 17:54 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-12-09 17:54 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-12-09 17:54 - 2015-07-04 13:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-12-09 17:54 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-12-09 17:54 - 2015-06-17 12:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-12-09 17:54 - 2015-06-17 12:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-12-09 17:54 - 2015-06-03 15:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-12-09 17:54 - 2015-06-03 15:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-12-09 17:52 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-09 17:52 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-09 17:52 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-12-09 17:52 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-12-09 17:52 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-12-09 17:52 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-12-09 17:52 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-12-09 17:52 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-12-09 17:52 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-12-09 17:52 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-12-09 17:51 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-12-09 17:51 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 17:51 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 17:51 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-12-09 17:51 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 17:51 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-12-09 17:51 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-12-09 17:51 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-12-09 17:51 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-12-09 17:51 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-12-09 17:51 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-12-09 17:51 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-12-09 17:51 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-12-09 17:50 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-12-09 17:50 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-12-09 17:50 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-12-09 17:50 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-12-09 17:50 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-12-09 17:50 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-12-09 17:49 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-12-09 17:49 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-12-09 17:49 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-12-09 17:49 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-12-09 17:49 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-12-09 17:49 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-12-09 17:49 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-12-09 17:49 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-12-09 17:49 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-12-09 17:49 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-12-09 17:49 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-12-09 17:49 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-12-09 17:49 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-09 17:49 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-12-09 17:49 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-09 17:47 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-12-09 17:47 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-12-09 17:47 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-12-09 17:47 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-12-09 17:47 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-12-09 17:47 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-12-09 17:47 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-12-09 17:47 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-12-09 17:47 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 17:47 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-12-09 17:47 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-12-09 17:04 - 2015-12-10 16:48 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-09 17:03 - 2015-12-09 17:20 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-09 17:03 - 2015-12-09 17:03 - 00000864 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-12-09 17:03 - 2015-12-09 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-12-09 17:03 - 2015-12-09 17:03 - 00000000 ____D C:\Program Files\RogueKiller
2015-12-09 16:36 - 2015-12-09 16:36 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-09 16:35 - 2015-12-09 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SpringFiles
2015-12-09 16:30 - 2015-12-09 16:30 - 00000000 ____D C:\Users\laingg\AppData\Local\CEF
2015-12-09 16:29 - 2015-12-09 16:30 - 00000000 ____D C:\Program Files (x86)\winwebuse
2015-12-07 07:23 - 2015-12-07 08:06 - 00032768 _____ C:\Users\laingg\Desktop\Card Summary.xls
2015-12-05 18:39 - 2015-12-05 18:39 - 00000030 _____ C:\Users\laingg\Desktop\Movies.txt
2015-12-04 11:36 - 2015-12-04 11:36 - 00228553 _____ C:\Users\laingg\Desktop\Pridoc Cancel.pdf
2015-12-02 15:41 - 2015-12-02 15:51 - 00000000 ____D C:\Hold
2015-12-02 15:28 - 2015-12-11 11:34 - 00000000 ____D C:\Users\laingg\AppData\LocalLow\uTorrent
2015-12-02 10:46 - 2015-12-09 16:52 - 00001093 _____ C:\Users\laingg\Desktop\Directory Lister.lnk
2015-12-02 10:46 - 2015-12-02 10:46 - 03617576 _____ (KRKSoft ) C:\Users\laingg\Downloads\directorylister2.exe
2015-12-02 10:46 - 2015-12-02 10:46 - 00000000 ____D C:\Users\laingg\AppData\Roaming\KRKsoft
2015-12-02 10:46 - 2015-12-02 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Directory Lister
2015-12-02 10:46 - 2015-12-02 10:46 - 00000000 ____D C:\Program Files (x86)\Directory Lister
2015-12-02 10:36 - 2015-12-02 10:36 - 00249227 _____ C:\Users\laingg\Downloads\dtlm.zip
2015-12-01 11:26 - 2015-12-01 11:26 - 00104276 _____ C:\Users\laingg\Desktop\Form 433d IRS Installment Plan.pdf
2015-11-30 14:35 - 2015-11-30 14:35 - 00069534 _____ C:\Users\laingg\Downloads\Invoice #433180 for George & Fran Laing.pdf
2015-11-17 12:21 - 2015-11-17 12:21 - 00000159 _____ C:\Users\laingg\Desktop\Trigger Program solution for 2 BW systems.txt
2015-11-16 13:35 - 2015-11-16 13:35 - 00055372 _____ C:\Users\laingg\Downloads\Estimate # 432527 for George & Fran Laing.pdf
2015-11-16 13:35 - 2015-11-16 13:35 - 00055372 _____ C:\Users\laingg\Downloads\Estimate # 432527 for George & Fran Laing (1).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 11:40 - 2015-02-28 16:26 - 00000000 ____D C:\Users\laingg\AppData\Local\CrashDumps
2015-12-11 11:40 - 2009-07-14 00:13 - 00785858 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-11 11:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-11 11:39 - 2015-04-03 16:02 - 00000000 ____D C:\Users\laingg\AppData\Roaming\uTorrent
2015-12-11 11:34 - 2015-06-29 08:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 11:34 - 2015-02-28 17:30 - 00000000 ___RD C:\Users\laingg\Dropbox
2015-12-11 11:34 - 2015-02-28 17:20 - 00000000 ____D C:\Users\laingg\AppData\Roaming\Dropbox
2015-12-11 11:34 - 2015-02-17 14:11 - 00000000 ____D C:\Windows\system32\Empirum
2015-12-11 11:33 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-11 11:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2015-12-11 11:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-11 11:30 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-12-11 11:18 - 2009-07-13 23:45 - 00021792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-11 11:18 - 2009-07-13 23:45 - 00021792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-11 11:08 - 2015-06-29 07:57 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653UA.job
2015-12-11 10:58 - 2015-08-22 09:55 - 00000434 _____ C:\Windows\Tasks\FaxArchive_CN41BFW0V705KC.job
2015-12-11 10:52 - 2015-02-18 09:16 - 00000000 ____D C:\Users\laingg\Tracing
2015-12-11 10:44 - 2015-06-29 08:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 09:46 - 2015-02-28 16:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-11 08:07 - 2015-02-18 09:18 - 00000000 ____D C:\Users\laingg\AppData\Local\Deployment
2015-12-11 08:07 - 2015-02-18 09:18 - 00000000 ____D C:\Users\laingg\AppData\Local\Apps\2.0
2015-12-10 19:08 - 2015-06-29 07:57 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653Core.job
2015-12-10 18:08 - 2015-03-04 10:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-10 15:47 - 2015-02-17 05:17 - 00000464 _____ C:\Windows\system32\config\netlogon.ftl
2015-12-10 15:41 - 2009-07-14 00:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-10 15:03 - 2015-02-17 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2015-12-10 15:03 - 2015-02-17 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2015-12-10 10:17 - 2015-02-18 11:02 - 00000000 __SHD C:\Users\laingg\AppData\Local\EmieUserList
2015-12-10 10:17 - 2015-02-18 11:02 - 00000000 __SHD C:\Users\laingg\AppData\Local\EmieSiteList
2015-12-10 10:17 - 2015-02-18 11:02 - 00000000 __SHD C:\Users\laingg\AppData\Local\EmieBrowserModeList
2015-12-10 03:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2015-12-10 00:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-09 23:22 - 2009-07-13 23:45 - 00412376 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 20:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-09 18:11 - 2015-02-17 14:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 18:10 - 2015-02-17 15:37 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 17:56 - 2009-07-13 21:34 - 00000580 _____ C:\Windows\win.ini
2015-12-09 17:48 - 2015-02-17 14:48 - 00000000 ____D C:\Program Files\Microsoft Lync
2015-12-09 16:53 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-09 16:52 - 2015-09-27 13:13 - 00001149 _____ C:\Users\Public\Desktop\Rosetta Stone.lnk
2015-12-09 16:52 - 2015-07-29 11:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-12-09 16:52 - 2015-07-29 11:17 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-12-09 16:52 - 2015-07-29 11:17 - 00002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-12-09 16:52 - 2015-07-29 11:17 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2015-12-09 16:52 - 2015-07-29 10:55 - 00002566 _____ C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-12-09 16:52 - 2015-06-29 08:16 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-09 16:52 - 2015-06-04 05:59 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-09 16:52 - 2015-06-04 05:59 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-09 16:52 - 2015-03-19 08:51 - 00001146 _____ C:\Users\laingg\Desktop\SAP Logon.lnk
2015-12-09 16:52 - 2015-03-04 10:06 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-09 16:52 - 2015-02-28 17:09 - 00000983 _____ C:\Users\Public\Desktop\Winamp.lnk
2015-12-09 16:52 - 2015-02-28 16:47 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-12-09 16:52 - 2015-02-28 15:44 - 00002711 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-12-09 16:52 - 2015-02-27 16:43 - 00001274 _____ C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad.lnk
2015-12-09 16:52 - 2015-02-27 14:34 - 00001268 _____ C:\Users\laingg\Desktop\Notepad.lnk
2015-12-09 16:52 - 2015-02-27 13:43 - 00002158 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2015-12-09 16:52 - 2015-02-27 13:43 - 00000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-12-09 16:52 - 2015-02-18 09:28 - 00003011 _____ C:\Users\laingg\Desktop\Microsoft Outlook 2010.lnk
2015-12-09 16:52 - 2015-02-18 09:28 - 00002575 _____ C:\Users\laingg\Desktop\Microsoft Lync 2010.lnk
2015-12-09 16:52 - 2015-02-18 09:18 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Dellcall Help Information.lnk
2015-12-09 16:52 - 2015-02-18 09:16 - 00001423 _____ C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-09 16:52 - 2015-02-18 09:16 - 00000859 _____ C:\Users\laingg\Desktop\Downloads.lnk
2015-12-09 16:52 - 2015-02-17 14:57 - 00001753 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2015-12-09 16:52 - 2015-02-17 14:57 - 00001747 _____ C:\Users\Public\Desktop\Eraser.lnk
2015-12-09 16:52 - 2015-02-17 14:57 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-12-09 16:52 - 2015-02-17 14:47 - 00001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Activate Matrix42 Empirum via Pulse.lnk
2015-12-09 16:52 - 2015-02-17 14:40 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-12-09 16:52 - 2015-02-17 14:40 - 00002050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2015-12-09 16:52 - 2015-02-17 14:40 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-12-09 16:52 - 2015-02-17 14:38 - 00002054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switchable Graphics.lnk
2015-12-09 16:52 - 2015-02-17 14:16 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-12-09 16:52 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-12-09 16:52 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-09 16:52 - 2009-07-13 23:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-12-09 16:52 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-12-09 16:52 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-12-09 16:52 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-12-09 16:51 - 2015-02-18 09:16 - 00000000 ____D C:\Users\laingg
2015-12-09 16:51 - 2015-02-17 14:39 - 00000000 ____D C:\Windows\{CAC1E444-ECC4-4FF8-B328-5E547FD608F8}
2015-12-09 16:48 - 2015-03-31 15:10 - 00000000 ____D C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2015-12-09 16:28 - 2015-02-18 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-08 19:46 - 2015-02-28 16:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 19:46 - 2015-02-17 15:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 19:46 - 2015-02-17 15:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-04 08:39 - 2015-06-29 08:16 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 08:39 - 2015-06-29 08:16 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 14:49 - 2015-02-17 14:49 - 00000000 ____D C:\Bitlocker
2015-12-02 10:44 - 2015-06-04 15:14 - 00000000 ____D C:\Program Files (x86)\ChilliTorrent
2015-12-02 10:18 - 2015-04-23 16:10 - 00011248 _____ C:\Users\laingg\Desktop\2015 Billable Hours.xlsx
2015-11-19 12:04 - 2015-03-04 10:44 - 00000000 ____D C:\Users\laingg\Documents\Meine empfangenen Dateien

==================== Files in the root of some directories =======

2015-02-27 13:41 - 2015-02-27 13:41 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-10 00:08

==================== End of FRST.txt ============================
 
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by laingg (2015-12-11 11:41:02)
Running from C:\Users\laingg\Downloads
Windows 7 Enterprise Service Pack 1 (X64) (2015-02-17 10:18:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3997167818-2217542986-3996327632-500 - Administrator - Enabled)
Guest (S-1-5-21-3997167818-2217542986-3996327632-501 - Limited - Disabled)
install (S-1-5-21-3997167818-2217542986-3996327632-1000 - Administrator - Enabled) => C:\Users\install

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\Igor Pavlov 7-Zip 9.20) (Version: 9.20 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov) Hidden
Active Directory Mapping Tool 1.1.8 (HKLM\...\msg Active Directory Mapping Tool 1.1.8) (Version: 1.1.8 - msg)
AD Mapper Notify (x32 Version: 1.1.8 - msg services ag) Hidden
AD Password Checker 1.0 (HKLM\...\msg AD Password Checker 1.0) (Version: 1.0 - msg)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.13 - Adobe Systems)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C49F01A6-1151-BE59-8BD2-107CD8AC3088}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Anywhere Appshare (HKLM-x32\...\{A318D343-D601-4463-B872-0A3B27DDA5A9}) (Version: 6.5.1 - Anywhere Conference)
Bios_Settings 2.0 (HKLM\...\msa Bios_Settings 2.0) (Version: 2.0 - msa)
Bitlocker 1.0 (HKLM\...\msa Bitlocker 1.0) (Version: 1.0 - msa)
Catalyst AMD HD8790M 8.0.911 (HKLM\...\AMD Catalyst AMD HD8790M 8.0.911) (Version: 8.0.911 - AMD)
Citrix Receiver 3.4.0.29585 (HKLM-x32\...\Citrix Citrix Receiver 3.4.0.29585) (Version: 3.4.0.29585 - Citrix)
Clickfree Easy Image (HKLM-x32\...\Clickfree Easy Image) (Version: - Storage Appliance Corp.)
Default Settings 2.0 (HKLM\...\msa Default Settings 2.0) (Version: 2.0 - msa)
Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.1.0 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Directory Lister v2.02 (HKLM-x32\...\Directory Lister Pro_is1) (Version: 2.02 - KRKSoft)
Dropbox (HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Empirum Agent 15.1 (HKLM\...\Matrix42 Empirum Agent 15.1) (Version: 15.1 - Matrix42)
Endpoint Protection 12.1.2015.2015 (HKLM\...\Symantec Endpoint Protection 12.1.2015.2015) (Version: 12.1.2015.2015 - Symantec)
Engineering Client Viewer 7.0 (HKLM-x32\...\SAP_Engineering Client Viewer 7.0) (Version: - SAP AG)
Eraser 6.0.10.2620 (Version: 6.0.2620 - The Eraser Project) Hidden
Eraser 6.0.2620 (HKLM\...\The Eraser Project Eraser 6.0.2620) (Version: 6.0.2620 - The Eraser Project)
Erste Schritte 2.0 (HKLM\...\msa Erste Schritte 2.0) (Version: 2.0 - msa)
Flash Player 12.0.0.38 (HKLM\...\Adobe Flash Player 12.0.0.38) (Version: 12.0.0.38 - Adobe)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HDX RealTime Media Engine 1.4.100 (HKLM-x32\...\Citrix HDX RealTime Media Engine 1.4.100) (Version: 1.4.100 - Citrix)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Internet Explorer KB2964358 1.0 (HKLM\...\Microsoft Internet Explorer KB2964358 1.0) (Version: 1.0 - Microsoft)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 1.7.0.51 (HKLM\...\Oracle Java 1.7.0.51) (Version: 1.7.0.51 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 6 Update 10 1.6.0.100 (HKLM\...\Oracle Java SE Development Kit 6 Update 10 1.6.0.100) (Version: 1.6.0.100 - Oracle)
Junos Pulse 5.1.2.54585 (Version: 5.1.2.54585 - Juniper Networks) Hidden
Kee Pass 2.25 (HKLM\...\Dominik Reichl Kee Pass 2.25) (Version: 2.25 - Dominik Reichl)
KeePass Password Safe 2.25 (x32 Version: 2.25 - Dominik Reichl) Hidden
Lotus Notes 8.5.3 (Basic) (x32 Version: 8.53.11258 - IBM) Hidden
Lotus Notes 8.53.11287 (HKLM\...\IBM Lotus Notes 8.53.11287) (Version: 8.53.11287 - IBM)
lync2010mui (x32 Version: 1.0.0 - <no manufacturer>) Hidden
lync2010mui 4.0.7577.0 (HKLM\...\Microsoft lync2010mui 4.0.7577.0) (Version: 4.0.7577.0 - Microsoft)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{58A013B1-1613-4978-881A-FCA43710C84A}) (Version: 4.0.7577.4478 - Microsoft Corporation)
Microsoft Lync 2010, MUI (HKLM-x32\...\{CEECF731-3F08-4210-8073-7E87F58C01D3}) (Version: 4.0.7577.0 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)
Microsoft Online Services-Anmelde-Assistent (HKLM\...\{5D62CA9E-C68A-4BED-A1E9-7D38D9DDC2DB}) (Version: 7.250.4122.0 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MSG Outlook Addin 1.0.35 (x32 Version: 1.0.35 - msg services ag) Hidden
msg.PrintClient (x32 Version: 1.0.0.0 - msg services ag) Hidden
msgCommonPlugin (HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\5C03B70F466253CDBE2696AC65AE0F78CA3C5F94) (Version: 1.0.0.35 - msg services ag)
Office 2010 SP2 14.2 (HKLM-x32\...\Microsoft Office 2010 SP2 14.2) (Version: 14.2 - Microsoft)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.52.22600 - pdfforge GmbH)
PDF Architect 3 Create Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
PDFCreator 1.7.2 (HKLM\...\GNU PDFCreator 1.7.2) (Version: 1.7.2 - GNU)
PM2Client 15.1 (HKLM\...\matrix42 PM2Client) (Version: 15.1 - matrix42)
Power Manager 1.1.0 (HKLM\...\Dell Power Manager 1.1.0) (Version: 1.1.0 - Dell)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PrintClient 1.0.0.0 (HKLM-x32\...\msg PrintClient 1.0.0.0) (Version: 1.0.0.0 - msg)
PROSetWireless Software for Bluetooth Technology 3.1.1306.340 (HKLM\...\Intel PROSetWireless Software for Bluetooth Technology 3.1.1306.340) (Version: 3.1.1306.340 - Intel)
Prosis 2.3.3 (HKLM\...\msg Prosis 2.3.3) (Version: 2.3.3 - msg)
Prosis2 (HKLM-x32\...\{A14581CC-D6D9-4986-855B-C77AD2360895}) (Version: 2.3.3 - )
Pulse Config 2015.06.23 (HKLM\...\Juniper Networks Pulse Config 2015.06.23) (Version: 2015.06.23 - Juniper Networks)
Pulse Secure (Version: 5.1.54585 - Pulse Secure, LLC) Hidden
Pulse Secure 5.1 (HKLM-x32\...\Pulse Secure 5.1) (Version: 5.1.54585 - Pulse Secure, LLC)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Reader 11.0.06 (HKLM\...\Adobe Reader 11.0.06) (Version: 11.0.06 - Adobe)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.30 - SAP AG)
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 3 - SAP AG)
SAPgui 7.30.08 (HKLM-x32\...\SAP SAPgui 7.30.08) (Version: 7.30.08 - SAP)
SAPlogon_Verteilung 2.0 (HKLM-x32\...\msg SAPlogon_Verteilung 2.0) (Version: 2.0 - msg)
SAPSetup Automatic Workstation Update Service (HKLM-x32\...\SAP_WUS) (Version: - SAP AG)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
Security Patch KB3079904 1.0 (HKLM\...\Microsoft Security Patch KB3079904 1.0) (Version: 1.0 - Microsoft)
Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sierra Wireless AirCard Watcher (HKLM-x32\...\{87AE66E1-F431-4683-A98F-CAB9AE0FBA97}) (Version: 6.0.3830.8201 - Sierra Wireless Inc.)
Sierra Wireless Dell Driver Package (HKLM-x32\...\SWIDellDrvInstaller) (Version: 3.8.1309.3948 - Sierra Wireless Inc.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Slingplayer for Chrome Installer (x32 Version: 0.0.0.74 - Sling Media) Hidden
SlingplayerForChrome (HKLM-x32\...\{b94752f2-074a-4cc1-ad3b-cedc52319351}) (Version: 0.0.0.74 - Sling Media)
SnagIt 9 (HKLM-x32\...\{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}) (Version: 9.0.0 - TechSmith Corporation)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)
ST Microelectronics Accelerometer Free Fall Protection 3.0 (HKLM\...\Dell ST Microelectronics Accelerometer Free Fall Protection 3.0) (Version: 3.0 - Dell)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Symantec Endpoint Protection (Version: 12.1.2015.2015 - Symantec Corporation) Hidden
UserToLocalAdmin 1.0 (Version: 1.0 - msa) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}) (Version: 2.15.1003 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}) (Version: 2.15.1001 - Samsung Electronics Co., Ltd.)
Visio Viewer 2010 14.0.4763.1000 (HKLM-x32\...\Microsoft Visio Viewer 2010 14.0.4763.1000) (Version: 14.0.4763.1000 - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Webcam Central 1.40.54 (HKLM\...\Dell Webcam Central 1.40.54) (Version: 1.40.54 - Dell)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Window Web Access (HKLM-x32\...\Window Web Access) (Version: 1.41 - Grayscale LLC)
Wireless 5570 HSPA 13.8.1050 (HKLM\...\Dell Wireless 5570 HSPA 13.8.1050) (Version: 13.8.1050 - Dell)
WLAN Settings 1.0 (HKLM\...\msa WLAN Settings 1.0) (Version: 1.0 - msa)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Restore Points =========================

22-11-2015 00:00:01 Scheduled Checkpoint
30-11-2015 00:00:00 Scheduled Checkpoint
08-12-2015 00:00:00 Scheduled Checkpoint
09-12-2015 17:47:26 Windows Update
10-12-2015 17:28:43 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-12-11 11:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0567AE72-DC3D-404E-9126-9BAB0BF60786} - System32\Tasks\HP AR Program Upload - 8c73b8e1c1f140c18696e094c5dd7c6acc424af37d74400f9af602fe520cfcb5 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {0FFA8840-3200-4510-AF47-846CB5DDB6EF} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
Task: {13B6C879-E20E-4D4F-A62B-56BBE59E1142} - \Tempo Runner coz32host -> No File <==== ATTENTION
Task: {3AA06B3A-9CB1-4257-BFB5-C6C1D7DDF4D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29] (Google Inc.)
Task: {3F3130C4-DD78-4C20-BBE2-502A94E0F83E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {4F8853D9-F5F0-495E-B305-1D66886D45DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {5DAA432B-3A36-4FAD-A4DE-EA0B786ADB76} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653Core => C:\Users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.)
Task: {6BF0611F-CC8C-40F0-9106-DACDB03EA670} - System32\Tasks\FaxArchive_CN41BFW0V705KC => C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6EB94A7A-E93C-4507-9C6E-61DDDC386434} - System32\Tasks\{E98045C8-CAAA-48A4-AEAD-21AC912D03DC} => pcalua.exe -a C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {74C5B51B-A749-4104-9163-D23E05A79FB8} - System32\Tasks\laingg DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-04-01] (Seagate Technology LLC)
Task: {7993F5E9-ED3A-456D-B855-8B8A8852E285} - System32\Tasks\{72563B30-98AE-4341-A122-46AD4F56D3D6} => C:\Program Files (x86)\Microsoft Lync\communicator.exe [2015-07-21] (Microsoft Corporation)
Task: {8F2705DD-3524-4FB1-8922-6BB10A9FC065} - \amiupdaterExi -> No File <==== ATTENTION
Task: {AAE694C3-46FA-4C68-9AFE-8115A7E38738} - System32\Tasks\{7881F97E-AF70-4BFE-B3C5-4949B5E69540} => C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe [2015-12-02] (BitTorrent Inc.)
Task: {CBB4EF96-F64B-4237-A635-0A38488BCF73} - System32\Tasks\{8C5D43F8-FEFB-4C3E-88EA-DC33E27867C2} => C:\Program Files (x86)\Microsoft Lync\communicator.exe [2015-07-21] (Microsoft Corporation)
Task: {D74E13E2-7332-41C7-AE75-D7240BFA0A50} - \amiupdaterExd -> No File <==== ATTENTION
Task: {DAE17A6B-CF26-4953-B5B4-888431FDE4B6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653UA => C:\Users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.)
Task: {DF0D8E7C-9604-4E81-B1F8-BD35FCD801C4} - \Tempo Runner cozahost -> No File <==== ATTENTION
Task: {F2899D84-B357-46D7-8284-F491F96C5430} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F4D785E3-50A5-4496-B62B-8D5E976DEC87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653Core.job => C:\Users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653UA.job => C:\Users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FaxArchive_CN41BFW0V705KC.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-02-17 12:31 - 2013-05-16 17:15 - 00149504 _____ () C:\Windows\system32\Empirum\zlib1.dll
2015-07-12 08:01 - 2013-11-28 10:34 - 00233120 ____R () C:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe
2015-07-12 08:01 - 2013-11-28 10:34 - 00158536 ____R () C:\programdata\Clickfree\FullImagingBackup\VssClientDll.dll
2013-09-04 18:17 - 2013-09-04 18:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 09:23 - 2010-10-20 09:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-12-10 20:36 - 2015-10-30 19:59 - 00034768 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00022848 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00023352 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00042296 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-10 20:36 - 2015-10-30 19:59 - 00116688 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-10 20:36 - 2015-10-30 19:59 - 00093640 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-10 20:36 - 2015-10-30 19:59 - 00018376 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00019760 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00105928 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-10 20:36 - 2015-10-30 19:59 - 00392144 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-10 20:36 - 2015-12-08 16:36 - 00381752 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-10 20:36 - 2015-10-30 19:59 - 00692688 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00020816 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00109520 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 01737032 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00020808 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00020800 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00021840 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00038696 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00024528 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00020936 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00114640 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00021320 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00124880 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00030160 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00043472 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00175560 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00028616 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00048592 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00024392 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00036296 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-10 20:36 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00117056 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00023376 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-10 20:36 - 2015-10-30 19:59 - 00134608 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-10 20:36 - 2015-10-30 19:59 - 00134088 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00240584 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00020280 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00052024 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00021304 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00350152 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00084792 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-10 20:36 - 2015-12-08 16:36 - 01826608 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-10 20:36 - 2015-10-30 20:00 - 00083912 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 03891504 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 01950000 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00519984 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00133936 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00225080 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00207672 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00024904 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00486704 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-10 20:36 - 2015-12-08 16:36 - 00357680 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 16:45 - 2015-10-30 20:01 - 00019920 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 16:45 - 2015-10-30 20:00 - 00786904 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 22:09 - 2015-10-30 20:00 - 00063448 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 16:45 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2013-05-02 08:21 - 2013-05-02 08:21 - 00254280 _____ () C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
2015-12-06 04:42 - 2015-12-06 04:42 - 53432832 _____ () C:\Program Files (x86)\WinWebUse\libcef.dll
2015-01-14 05:55 - 2015-01-14 05:55 - 00386560 _____ () C:\Program Files (x86)\WinWebUse\log4cplusU.dll
2015-12-06 04:42 - 2015-12-06 04:42 - 01976832 _____ () C:\Program Files (x86)\WinWebUse\libglesv2.dll
2015-12-06 04:42 - 2015-12-06 04:42 - 00075264 _____ () C:\Program Files (x86)\WinWebUse\libegl.dll
2015-11-06 23:36 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files (x86)\WinWebUse\plugins\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\msg-gillardon.de -> msg-gillardon.de
IE trusted site: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\msg-global.com -> msg-global.com
IE trusted site: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\msg.ag -> int.root.msg.ag
IE trusted site: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\msg.de -> hxxps://citrix.msg.de
IE trusted site: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\prevo.ch -> prevo.ch
 
==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3E6DF53C-D5DF-4846-8E57-58A65D6690F7}] => (Allow) LPort=10043
FirewallRules: [{CFB74DF5-E566-4E12-BF33-5284232EC1E7}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
FirewallRules: [{710897CC-A4C6-49B1-B9B4-20D4E8A60388}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
FirewallRules: [{0984F1ED-5D20-463E-8138-D5908DA287DE}] => (Allow) LPort=10043
FirewallRules: [{7C04B5EA-BD72-460A-96E9-D512B55DC6A6}] => (Allow) LPort=10043
FirewallRules: [{928352C6-00FB-4C3B-A9B8-BA7598382B6F}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
FirewallRules: [{BE5F98E8-8E39-4127-BAB4-712BE17A3F10}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
FirewallRules: [{2F9239C7-82A8-4AFB-A4E3-133FB78BDC6C}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
FirewallRules: [{26329B09-1A53-418A-9E76-E8AC8B9496D4}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
FirewallRules: [{B6D5CE18-DBC2-420C-8257-6FF6F89E2E67}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{B5755D43-B240-4BC6-983F-BA9B54D003B6}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
FirewallRules: [{2D1663DD-E033-4C4A-B7A1-C954BEB33048}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe
FirewallRules: [{6FD8A489-4F8C-470B-B53D-533B1F5AC942}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
FirewallRules: [{BD1D12A8-7DE8-4740-900E-C8753B962303}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
FirewallRules: [{57A7C3AC-4FB2-4A77-9812-4D48A4BEDBFC}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe
FirewallRules: [{BD0DB9E1-7A0A-441F-B3DD-DDD4FA9CE2B6}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe
FirewallRules: [{73020ACE-0178-44E9-A530-7677B5659DBA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E9E35FB8-46C8-49CE-8E4A-7266E885D198}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{6C56213F-A7C2-4AD7-92DC-AA269134C871}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{AF0159DD-D8C2-412B-83DB-0B9DD32BD045}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{D0F2EC4D-D1E2-4D1E-B127-539AABD5AEE9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{9F11B4E6-80F5-49E4-8AA8-0CAEE67A8697}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{6C16D081-D39A-4890-8FC5-74AADE833883}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{23C264A6-45CE-4BB2-802F-EFFDA091F31B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{029B4804-DE4A-4B4C-BCE3-8E2CE722E34D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{D2882720-7EC6-43E6-AF40-00FF60663EE3}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [UDP Query User{C6084D87-D1F6-4C47-B57D-1E31E3B480D8}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [{4AB03917-8DBB-4F8C-BD65-A1998B865AFD}] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [{CEDE3A8B-62FE-4FAB-8A03-8F4E8069A19F}] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [TCP Query User{7AA9CAF8-D2F0-4308-A712-69E22AC05C62}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [UDP Query User{AF75898C-B980-4769-AC5A-62AC9FA628CF}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
FirewallRules: [{E2D91926-949E-42F7-B880-471BF5B6DE6F}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{13488B63-960E-40DD-9EC3-A75E33507113}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{E7F0AF4A-214F-4E51-8536-19B813646EBB}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{729b1b77-9b4f-40dd-8ce8-0bf0c5c40a93}] => (Allow) C:\ProgramData\micron\1.1.0.29\cozaghost.exe
FirewallRules: [{03A7D5D0-B25B-48F6-8EDE-17DFF126B90E}] => (Allow) C:\ProgramData\micron\1.1.0.29\cozaghost.exe
FirewallRules: [{72E7DFD4-9F12-4925-BD71-012883255B55}] => (Allow) C:\ProgramData\micron\1.1.0.29\cozaghost.exe
FirewallRules: [{89743051-6705-4426-84A6-716BB60342B5}] => (Allow) C:\ProgramData\micron\1.1.0.29\cozaghost.exe
FirewallRules: [{8131FDF6-E2B0-48F1-AF0B-1A54934BE5BE}] => (Allow) C:\ProgramData\micron\1.1.0.29\cozaghost.exe
FirewallRules: [{C6E8072A-A099-4F6E-A0F0-86560B00082F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{AFFD7CE7-E987-4B55-9DFB-862A29C08EDA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FF790EFE-84DF-41D2-9EEA-B3143BA1A531}] => (Allow) C:\Users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1024F303-11DA-487D-A435-4B3E3A42401C}] => (Allow) C:\Users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{B0DBDC12-C523-479A-9A8C-8D61F83DFEBE}C:\users\laingg\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\laingg\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AEF56AF4-363F-4972-A57B-8EF5385861EF}C:\users\laingg\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\laingg\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2DCB9A15-E000-4B5C-8E37-E7B20C481394}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D04DD28C-9B92-4995-B748-959D10E6DE67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6A483581-A6D3-400D-A625-EEA4F29D2671}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe
FirewallRules: [UDP Query User{EF2C2B9E-126D-423C-AD94-3200CB0B70C5}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe
FirewallRules: [TCP Query User{3BD7617A-CFD3-4D82-B078-682929A0AB3B}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{08119E84-BA15-47BE-8E29-8D8CD8E50655}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{9543D086-A913-48FE-B377-9E8167271492}] => (Allow) LPort=8888
FirewallRules: [{B063C6D8-8ED3-4713-9FD1-DF8863C48474}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0D4A2F76-D101-457A-A8E3-E7E01081DB7B}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1E93B6E8-F7CD-40BB-80B1-DD2341C43C0C}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ABF52209-F528-4395-BA59-0627B8DE06C0}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{923B969D-B85C-4625-8FC5-3F18F08451E3}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9500C1BB-A4EF-4E6F-970F-7136A1613B89}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F01654D8-1616-4969-A188-92FCA543E03A}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
FirewallRules: [UDP Query User{4534CC69-18D2-4777-8DF5-EC3D39FEAB2B}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
FirewallRules: [TCP Query User{A7C3847F-68AF-40D7-9813-9A3F82D44DAC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{59049620-FB53-43D5-8189-F5404840DC23}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{EE2F6E71-672B-4166-B9B5-14F64FA60D02}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{20DB9DCD-DCDC-478B-8316-9EF383352D39}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{5D089AFF-9639-40A7-9DC8-EBE8EA306189}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{26BEA993-D9B6-4481-BA73-55C2D933D5A0}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{1201EEFC-7302-41C6-9DA2-CA25F89B2C26}] => (Allow) C:\Program Files (x86)\Directory Lister\DirListerPro.exe
FirewallRules: [{A774874C-4683-42C9-BC03-AB50EDA10F22}] => (Allow) C:\Program Files (x86)\Directory Lister\DirListerPro.exe
FirewallRules: [{0723FC0B-EE26-482E-84E3-70D6CAABD5BB}] => (Allow) C:\Program Files (x86)\Directory Lister\DirListerPro.exe
FirewallRules: [{6521F98B-CC39-4EF6-BE34-25A69963EE88}] => (Allow) C:\Program Files (x86)\Directory Lister\DirListerPro.exe
FirewallRules: [{0F37E277-CB45-48CB-A491-601217FF8598}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2EAA3F8C-491C-4D42-8F10-28B753683177}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
FirewallRules: [{56C81F7D-D158-4A8E-9964-AED229F6CB53}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳⹟硥e
FirewallRules: [{C6AE9824-F3FC-465A-9D34-E8DEEF43F893}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{2AC2573F-F5D8-49DE-ADCF-A0FD53F94532}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{F674266E-9524-44EE-93A4-C439FAFA9983}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{14A8C7BD-13D3-4BC9-A534-23CDC9C32AC7}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{6EE1F9AB-03F7-4AF1-950E-C940319BF557}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{5ECA8B64-9C59-477C-9B2B-3E5F32C841F4}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{2CCC6A67-DF26-4802-8A9F-D876406833A4}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{52CA165F-C35B-488E-9590-237215B8B6A8}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2015 11:40:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x2818
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3

Error: (12/11/2015 11:34:17 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: INT\laingg0x8007003aThe specified server cannot perform the requested operation.

Error: (12/11/2015 11:33:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2015 11:27:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2015 11:27:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (12/11/2015 11:27:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (12/11/2015 11:27:45 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (12/11/2015 11:22:26 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: INT\laingg0x8007003aThe specified server cannot perform the requested operation.

Error: (12/11/2015 11:21:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2015 11:15:38 AM) (Source: AutoEnrollment) (EventID: 6) (User: )
Description: INT\laingg0x8007003aThe specified server cannot perform the requested operation.


System errors:
=============
Error: (12/11/2015 11:36:30 AM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (12/11/2015 11:34:13 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: INT)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/11/2015 11:33:57 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/11/2015 11:33:54 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain INT due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (12/11/2015 11:33:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (12/11/2015 11:32:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/11/2015 11:32:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/11/2015 11:32:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/11/2015 11:32:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/11/2015 11:32:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
Date: 2015-12-11 11:30:35.782
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\New_Version\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-11 11:30:35.751
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\New_Version\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-11 08:01:51.965
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-11 08:01:51.949
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-11 08:01:51.918
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-11 08:01:51.903
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-10 15:36:45.005
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-10 15:36:44.990
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4610M CPU @ 3.00GHz
Percentage of memory in use: 25%
Total physical RAM: 16289.18 MB
Available physical RAM: 12151.25 MB
Total Virtual: 32576.56 MB
Available Virtual: 28141.9 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:230.37 GB) (Free:142.13 GB) NTFS
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:2569.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 54ADA4EE)
Partition 1: (Not Active) - (Size=230.4 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.8 GB) - (Type=0C)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    950 bytes · Views: 4
Hi Ran the fix and as it completed the problem popup came so issue still persists fix it result
Fix result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by laingg (2015-12-11 14:32:42) Run:1
Running from C:\Users\laingg\Downloads
Loaded Profiles: laingg (Available Profiles: laingg & install)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 catchme; \??\C:\New_Version\catchme.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S3 JNPRNA; system32\DRIVERS\jnprna6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-02-27 13:41 - 2015-02-27 13:41 - 0000057 _____ () C:\ProgramData\Ament.ini
Task: {13B6C879-E20E-4D4F-A62B-56BBE59E1142} - \Tempo Runner coz32host -> No File <==== ATTENTION
Task: {8F2705DD-3524-4FB1-8922-6BB10A9FC065} - \amiupdaterExi -> No File <==== ATTENTION
Task: {D74E13E2-7332-41C7-AE75-D7240BFA0A50} - \amiupdaterExd -> No File <==== ATTENTION
Task: {DF0D8E7C-9604-4E81-B1F8-BD35FCD801C4} - \Tempo Runner cozahost -> No File <==== ATTENTION

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
catchme => service removed successfully
dcdbas => service removed successfully
JNPRNA => service removed successfully
VGPU => service removed successfully
C:\ProgramData\Ament.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13B6C879-E20E-4D4F-A62B-56BBE59E1142}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13B6C879-E20E-4D4F-A62B-56BBE59E1142}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tempo Runner coz32host => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F2705DD-3524-4FB1-8922-6BB10A9FC065}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F2705DD-3524-4FB1-8922-6BB10A9FC065}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExi => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D74E13E2-7332-41C7-AE75-D7240BFA0A50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D74E13E2-7332-41C7-AE75-D7240BFA0A50}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF0D8E7C-9604-4E81-B1F8-BD35FCD801C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF0D8E7C-9604-4E81-B1F8-BD35FCD801C4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tempo Runner cozahost => key not found.

==== End of Fixlog 14:32:43 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Security check log
Results of screen317's Security Check version 1.009
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java(TM) SE Development Kit 6 Update 10
Java version 32-bit out of Date!
Adobe Flash Player 20.0.0.235
Adobe Reader XI
Mozilla Firefox 38.0.5 Firefox out of Date!
Google Chrome (47.0.2526.73)
Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE
Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner log
Farbar Service Scanner Version: 10-06-2014
Ran by laingg (administrator) on 11-12-2015 at 17:03:44
Running from "C:\Users\laingg\Downloads"
Microsoft Windows 7 Enterprise Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Ran TFC 386 mb cleaned no restart required, ran the Sophos virus scanner and no threats were found. However during the scan the Windows Web Access updater has stopped working popup came up at least 5 times so the issue is still persisting.
Thanks so far
 
redtarget.gif
As for that error I suggest new topic in Windows forum.

Here...

redtarget.gif
Update Firefox to the current version.

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

======================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
5K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
7K
Broni
Broni
G
Window Web Access updater has stopped working popup
Replies
2
Views
3K
GLaing
G

Latest posts

Back